Jump to content

Northerntinker

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello. My machine has been behaving a little strangely lately, not yet showing what I would consider obvious signs of an infection, but hinting towards it. I have attached the logs requested along with a Malwarebytes Ant-Malware (Premium) error message that has twice appeared. The first time it appeared I managed to get the anti-rootkit facility to start working again, but there have since been a few occasions when the machine wouldn't boot properly. Today was one of those days, and on the fourth attempt it booted to Windows and then I received the anti-rootkit error message again. Many thanks for any assitance in advance. Best, M. Addition.txt FRST.txt
  2. ComboFix 10-09-17.04 - Polly 19/09/2010 10:08:35.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.329 [GMT 1:00] Running from: c:\documents and settings\Polly\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\3S14R3CC.exe c:\documents and settings\All Users\Documents\Server\admin.txt c:\documents and settings\All Users\Documents\Server\server.dat c:\documents and settings\Polly\Application Data\Amgyyx c:\documents and settings\Polly\Application Data\Amgyyx\wiyz.tmp c:\documents and settings\Polly\Application Data\Amgyyx\wiyz.zis c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe c:\program files\Common Files\Ahead\Lib\NeroCheck.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe c:\program files\iTunes\iTunesHelper.exe c:\program files\Java\jre6\bin\jusched.exe c:\program files\Microsoft Office\Office12\GrooveMonitor.exe c:\program files\QuickTime\QTTask.exe c:\windows\Fonts\5O6RtO.com c:\windows\system32\spool\prtprocs\w32x86\9oCE93kU9.dll c:\windows\system32\spool\prtprocs\w32x86\KUOC1s.dll c:\windows\system32\spool\prtprocs\w32x86\MYWS3eI9.dll c:\windows\system32\spool\prtprocs\w32x86\SKUO5.dll c:\windows\Tasks\At1.job c:\windows\Tasks\At12.job <pre> c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe ---^> c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe c:\program files\Common Files\Ahead\Lib\NeroCheck .exe ---^> c:\program files\Common Files\Ahead\Lib\NeroCheck.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe ---^> c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe c:\program files\iTunes\iTunesHelper .exe ---^> c:\program files\iTunes\iTunesHelper.exe c:\program files\Java\jre6\bin\jusched .exe ---^> c:\program files\Java\jre6\bin\jusched.exe c:\program files\Microsoft Office\Office12\GrooveMonitor .exe ---^> c:\program files\Microsoft Office\Office12\GrooveMonitor.exe c:\program files\QuickTime\QTTask .exe ---^> c:\program files\QuickTime\QTTask.exe </pre> . Infected copy of c:\windows\system32\drivers\intelide.sys was found and disinfected Restored copy from - Kitty had a snack Infected copy of c:\windows\system32\winlogon.exe was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe . ((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 ))))))))))))))))))))))))))))))) . 2010-09-16 20:04 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-16 20:04 . 2010-09-16 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-16 20:04 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-12 19:43 . 2010-09-12 19:43 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-09-12 19:32 . 2010-09-12 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro 2010-09-10 10:34 . 2010-09-16 18:29 -------- d-----w- c:\documents and settings\Polly\Local Settings\Application Data\ydwveidvk 2010-09-10 10:33 . 2010-09-16 18:29 -------- d-----w- c:\documents and settings\Polly\Application Data\093D8D2F02F0D850AFA6A6AF7E1366EB . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-19 09:18 . 2010-06-28 17:03 -------- d-----w- c:\program files\iTunes 2010-09-19 09:18 . 2010-06-28 17:00 -------- d-----w- c:\program files\QuickTime 2010-09-19 08:52 . 2010-09-16 17:51 112 ----a-w- c:\documents and settings\All Users\Application Data\t6GF0d2.dat 2010-09-16 19:59 . 2008-04-05 15:52 -------- d-----w- c:\program files\uTorrent 2010-09-16 18:29 . 2009-10-18 04:13 -------- d-----w- c:\documents and settings\Polly\Application Data\Arad 2010-09-16 18:29 . 2008-12-05 14:39 -------- d-----w- c:\documents and settings\Polly\Application Data\Ovac 2010-09-12 19:27 . 2010-07-26 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-09-10 10:45 . 2008-04-05 14:51 36763 ----a-w- c:\windows\system32\nvModes.dat 2010-09-10 10:16 . 2008-07-21 02:05 -------- d-----w- c:\documents and settings\Polly\Application Data\Luhizu 2010-07-27 10:03 . 2008-08-17 09:09 -------- d-----w- c:\program files\Google 2010-07-27 09:00 . 2009-06-22 19:21 -------- d-----w- c:\program files\Alwil Software 2010-06-28 16:53 . 2010-06-28 16:53 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-28 16:51 . 2010-06-28 16:51 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe 2010-06-27 17:47 . 2010-06-27 17:47 282624 ----a-w- c:\documents and settings\Polly\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll 2010-06-27 17:47 . 2010-06-27 17:47 655360 ----a-w- c:\documents and settings\Polly\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll 2010-06-27 17:47 . 2010-06-27 17:47 208896 ----a-w- c:\documents and settings\Polly\Application Data\Spotify\Gracenote\gnsdk_dsp.dll 2008-04-05 15:49 . 2008-04-05 15:49 604 ---ha-w- c:\program files\STLL Notifier 2009-09-03 18:37 . 2009-09-03 18:37 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2009-09-03 18:58 . 2009-09-03 18:58 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-06 7118848] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Polly\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-26 561213] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2005-10-07 13:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-06-15 15:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 05:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2005-07-06 18:52 1519616 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wltrysvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\QNAP\\Finder\\Finder.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Steinberg\\WaveLab 6\\WaveLab.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [09/05/2010 12:25 11264] S3 L6PODLV;PODxt Live Service;c:\windows\system32\Drivers\L6PODLV.sys --> c:\windows\system32\Drivers\L6PODLV.sys [?] S3 Normandy;Normandy SR2; [x] . Contents of the 'Scheduled Tasks' folder 2010-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Polly\Application Data\Mozilla\Firefox\Profiles\8iiclskv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk FF - component: c:\documents and settings\Polly\Application Data\Mozilla\Firefox\Profiles\8iiclskv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-4oD - c:\program files\Kontiki\KHost.exe MSConfigStartUp-maswenrxco - c:\docume~1\Polly\LOCALS~1\Temp\maswenrxco.tmp MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe MSConfigStartUp-onwesxcmra - c:\docume~1\Polly\LOCALS~1\Temp\onwesxcmra.tmp MSConfigStartUp-OTGV1DNWQQ - c:\windows\Htugea.exe MSConfigStartUp-wmgjkgqn - c:\documents and settings\Polly\Local Settings\Application Data\ydwveidvk\tvbkubxuqiw.exe MSConfigStartUp-YXE7DXCQ37 - c:\docume~1\Polly\LOCALS~1\Temp\Hcu.exe MSConfigStartUp-{0C1E9254-519D-796B-1A03-0DF955D4ECFD} - c:\documents and settings\Polly\Application Data\Arad\byam.exe MSConfigStartUp-{1C4EF019-B344-7EF9-4F97-72AF892CA965} - c:\documents and settings\Polly\Application Data\Ovac\ifog.exe AddRemove-Sibelius 4 - c:\progra~1\SIBELI~1\SIBELI~1\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-19 10:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(820) c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(4064) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Dell\Bluetooth Software\bin\btwdins.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\progra~1\Dell\BLUETO~1\BTSTAC~1.EXE c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-09-19 10:25:29 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-19 09:25 Pre-Run: 2,461,306,880 bytes free Post-Run: 2,497,630,208 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 6EE6B6C733C7AF2587743D2FB03B6373
  3. That empty post was made from the infected laptop. I then ran the scans but couldn't post the results from the same machine and have had to do it from another computer. Logs as follows: OTL logfile created on: 19/09/2010 08:17:54 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Polly\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 511.00 Mb Total Physical Memory | 341.00 Mb Available Physical Memory | 67.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29.29 Gb Total Space | 2.42 Gb Free Space | 8.26% Space Free | Partition Type: NTFS Drive D: | 26.60 Gb Total Space | 17.75 Gb Free Space | 66.73% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1.87 Gb Total Space | 1.85 Gb Free Space | 99.16% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARLY Current User Name: Polly Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/09/19 08:14:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Polly\Desktop\OTL.exe PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010/09/19 08:14:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Polly\Desktop\OTL.exe MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2004/04/26 17:02:14 | 000,163,840 | ---- | M] (WIDCOMM, Inc.) [Auto | Stopped] -- C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe -- (btwdins) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\L6PODLV.sys -- (L6PODLV) DRV - [2005/11/02 13:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2005/07/06 19:52:00 | 003,208,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV) DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM) DRV - [2004/04/26 16:31:56 | 001,239,338 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2004/04/26 16:15:16 | 000,053,336 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2003/09/26 10:41:10 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2002/04/17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-343818398-152049171-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-343818398-152049171-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-343818398-152049171-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-343818398-152049171-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-343818398-152049171-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-343818398-152049171-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk" FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 16:18:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 10:11:20 | 000,000,000 | ---D | M] [2008/08/30 14:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Polly\Application Data\Mozilla\Extensions [2010/09/10 11:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Polly\Application Data\Mozilla\Firefox\Profiles\8iiclskv.default\extensions [2010/01/25 18:18:19 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\Polly\Application Data\Mozilla\Firefox\Profiles\8iiclskv.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2009/09/09 15:37:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Polly\Application Data\Mozilla\Firefox\Profiles\8iiclskv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/01/25 18:18:25 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Polly\Application Data\Mozilla\Firefox\Profiles\8iiclskv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2008/04/19 20:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Polly\Application Data\Mozilla\Firefox\Profiles\8iiclskv.default\extensions\en-GB@dictionaries.addons.mozilla.org [2010/09/10 11:22:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/09/03 19:37:30 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll [2009/09/03 19:58:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll [2010/01/22 15:55:17 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/01/22 15:55:18 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/01/22 15:55:18 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/01/22 15:55:18 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009/12/24 20:41:22 | 000,000,963 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe () O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe () O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKU\S-1-5-21-343818398-152049171-854245398-1004..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Dell\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.) O4 - Startup: C:\Documents and Settings\Polly\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Polly\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-343818398-152049171-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1207411054058 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1207411162765 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Polly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Polly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/05 15:11:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/09/19 08:14:50 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Polly\Desktop\OTL.exe [2010/09/16 21:04:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/09/16 21:04:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/09/16 21:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/09/16 19:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Polly\Desktop\New Folder [2010/09/16 18:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/09/16 18:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/09/12 20:33:49 | 057,554,555 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\TTi_HE_Download_32bit.exe [2010/09/12 20:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro [2010/09/12 20:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\TTi_HE_Download_32bit [2010/09/10 11:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Polly\Local Settings\Application Data\ydwveidvk [2010/09/10 11:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Polly\Application Data\093D8D2F02F0D850AFA6A6AF7E1366EB [2010/09/10 11:32:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server [2010/08/23 10:32:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Polly\Recent [2010/07/27 11:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google [2010/07/26 19:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2010/07/26 18:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp [2010/07/26 18:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/07/05 23:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Polly\Application Data\Malwarebytes [2010/07/05 23:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/06/28 18:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/06/28 18:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/06/28 18:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/06/28 18:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/06/28 17:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/09/19 08:15:10 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Polly\Desktop\RKUnhookerLE.EXE [2010/09/19 08:14:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Polly\Desktop\OTL.exe [2010/09/19 08:11:46 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/09/19 08:11:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/09/16 23:20:34 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Polly\NTUSER.DAT [2010/09/16 23:20:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Polly\ntuser.ini [2010/09/16 23:20:31 | 004,768,656 | -H-- | M] () -- C:\Documents and Settings\Polly\Local Settings\Application Data\IconCache.db [2010/09/16 22:34:22 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Polly\Desktop\dds.scr [2010/09/16 21:10:23 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Polly\Desktop\eod7bgcq.exe [2010/09/16 21:09:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Polly\defogger_reenable [2010/09/16 21:09:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Polly\Desktop\Defogger.exe [2010/09/16 21:04:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/16 18:52:45 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\t6GF0d2.dat [2010/09/16 18:52:42 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3S14R3CC.exe [2010/09/12 22:09:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/09/12 21:59:41 | 000,036,763 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2010/09/12 21:59:16 | 000,030,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/09/12 20:43:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/09/12 20:35:36 | 057,554,555 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\TTi_HE_Download_32bit.exe [2010/09/12 20:27:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/09/10 11:45:56 | 000,036,763 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2010/08/05 13:57:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/07/27 13:53:59 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Polly\Desktop\Copy of Cocktails.xls [2010/07/19 19:50:08 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Polly\Desktop\challenging behaviour.doc [2010/06/28 18:05:21 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/09/19 08:15:09 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Polly\Desktop\RKUnhookerLE.EXE [2010/09/16 22:34:19 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Polly\Desktop\dds.scr [2010/09/16 21:10:22 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Polly\Desktop\eod7bgcq.exe [2010/09/16 21:09:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Polly\defogger_reenable [2010/09/16 21:09:50 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Polly\Desktop\Defogger.exe [2010/09/16 21:04:19 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/16 18:52:43 | 000,072,706 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3S14R3CC.exe [2010/09/16 18:51:56 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\t6GF0d2.dat [2010/09/16 18:51:06 | 000,035,328 | ---- | C] () -- C:\WINDOWS\Fonts\5O6RtO.com [2010/09/12 20:43:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/07/27 13:53:58 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Polly\Desktop\Copy of Cocktails.xls [2010/07/19 19:09:17 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Polly\Desktop\challenging behaviour.doc [2010/06/28 18:05:21 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2008/05/11 12:04:56 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2008/04/20 00:20:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/04/11 23:20:46 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Polly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/04/05 16:49:34 | 000,000,604 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\T2 [2008/04/05 16:49:34 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier [2008/04/05 16:47:03 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008/04/05 16:46:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/04/05 16:46:58 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/04/05 16:46:58 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008/04/05 15:49:35 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2008/04/05 15:49:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2004/04/26 16:53:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2010/09/12 20:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2009/12/04 19:50:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2008/08/22 23:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4 [2010/07/19 18:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki [2010/05/09 14:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle [2010/06/28 18:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/09/16 19:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Polly\Application Data\093D8D2F02F0D850AFA6A6AF7E1366EB [2010/09/12 20:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Polly\Application Data\Amgyyx [2010/09/16 19:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Polly\Application Data\Arad [2008/09/15 20:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Polly\Application Data\LimeWire [2008/12/02 19:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Polly\Application Data\Line 6 [2010/09/10 11:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Polly\Application Data\Luhizu [2010/09/16 19:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Polly\Application Data\Ovac [2010/06/27 18:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Polly\Application Data\Spotify ========== Purity Check ========== < End of report > OTL Extras logfile created on: 19/09/2010 08:17:54 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Polly\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 511.00 Mb Total Physical Memory | 341.00 Mb Available Physical Memory | 67.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29.29 Gb Total Space | 2.42 Gb Free Space | 8.26% Space Free | Partition Type: NTFS Drive D: | 26.60 Gb Total Space | 17.75 Gb Free Space | 66.73% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1.87 Gb Total Space | 1.85 Gb Free Space | 99.16% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARLY Current User Name: Polly Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-343818398-152049171-854245398-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found "C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found "C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found "C:\Program Files\QNAP\Finder\Finder.exe" = C:\Program Files\QNAP\Finder\Finder.exe:*:Enabled:Finder -- () "C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- File not found "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found "C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd) "C:\Program Files\Steinberg\WaveLab 6\WaveLab.exe" = C:\Program Files\Steinberg\WaveLab 6\WaveLab.exe:*:Disabled:WaveLab 6 -- (Steinberg Media Technologies) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13 "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller "{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{7DE1AE26-8599-4378-9F17-328B5A3984A4}" = Sibelius Scorch (Firefox, Opera, Netscape only) "{7F815C5F-D2A4-4173-B7C0-55A9D6F87E38}" = MobileMe Control Panel "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Dell Bluetooth Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe Photoshop CS4_is1" = Adobe Photoshop CS4 "Adobe Shockwave Player" = Adobe Shockwave Player "ASAPI Update" = ASAPI Update "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem "ENTERPRISE" = Microsoft Office Enterprise 2007 "FairUse Wizard 2" = FairUse Wizard 2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller "KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.0 Full "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "QNAP_FINDER" = QNAP Finder "Sibelius 4" = Sibelius 4 "Spotify" = Spotify "VLC media player" = VideoLAN VLC media player 0.8.6f "WaveLabPro" = WaveLab 6 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 04/12/2009 14:40:05 | Computer Name = MARLY | Source = Application Hang | ID = 1002 Description = Hanging application ONENOTE.EXE, version 12.0.6415.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 05/12/2009 07:04:29 | Computer Name = MARLY | Source = Application Error | ID = 1000 Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libffmpeg_plugin.dll, version 0.0.0.0, fault address 0x002f2706. Error - 05/12/2009 07:04:36 | Computer Name = MARLY | Source = Application Error | ID = 1001 Description = Fault bucket 709997748. Error - 05/12/2009 07:07:43 | Computer Name = MARLY | Source = Application Error | ID = 1000 Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libffmpeg_plugin.dll, version 0.0.0.0, fault address 0x002f2706. Error - 19/12/2009 20:11:33 | Computer Name = MARLY | Source = Application Hang | ID = 1002 Description = Hanging application vlc.exe, version 0.8.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 20/12/2009 18:51:56 | Computer Name = MARLY | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module avisplitter.ax, version 1.0.0.9, fault address 0x00023048. Error - 24/12/2009 16:32:29 | Computer Name = MARLY | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 1.9.0.3623, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 24/12/2009 16:32:29 | Computer Name = MARLY | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 1.9.0.3623, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 08/01/2010 15:46:28 | Computer Name = MARLY | Source = Application Hang | ID = 1002 Description = Hanging application Sibelius.exe, version 4.0.0.23, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 08/01/2010 15:47:54 | Computer Name = MARLY | Source = Application Hang | ID = 1002 Description = Hanging application WINWORD.EXE, version 12.0.6504.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ OSession Events ] Error - 25/09/2009 06:01:04 | Computer Name = MARLY | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 16/09/2010 15:54:58 | Computer Name = MARLY | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Fips intelppm Error - 16/09/2010 15:58:52 | Computer Name = MARLY | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} Error - 16/09/2010 15:59:11 | Computer Name = MARLY | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 16/09/2010 17:56:17 | Computer Name = MARLY | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 16/09/2010 18:11:29 | Computer Name = MARLY | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 16/09/2010 18:20:32 | Computer Name = MARLY | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 19/09/2010 03:11:27 | Computer Name = MARLY | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 19/09/2010 03:11:27 | Computer Name = MARLY | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 19/09/2010 03:12:11 | Computer Name = MARLY | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 19/09/2010 03:12:47 | Computer Name = MARLY | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Fips intelppm < End of report > "Error Loading Opening Driver" - when opening RKunhookerLE
  4. Hello Elise, thank you for responding so quickly. Logs as requested:
  5. Hi. I inherited this laptop a few months ago. It worked well until last week. Any help greatly appreciated. Usual malware situation, false Windows-like warnings on the taskbar, LAN settings changed to divert internet traffic through a proxy. So this is what I've done: * Started in safe mode, reset LAN settings * Tried to run Avira free but it wouldn't. I then uninstalled it to try to install Trend Micro. * Uninstalled Java * Tried to install trend Micro Ultimate Security (have paid for 3 licences). It would get to the point where it should finish the installation, but gace an error message. * Installed malwarebytes free (i have paid licences on my other computers) but it wouldn't update. * transferred the latest rules.ref from another computer and manually installed it. The full system scan gave the results below. I'm sure I told it to fix the issues, but it says 'no action taken'. * Other requested scans below that. * Tried to post this from the infected laptop in safe mode, but couldn't. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4629 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 16/09/2010 19:29:04 mbam-log-2010-09-16 (19-29-04).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 207819 Time elapsed: 38 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 3 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 29 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wm gjkgqn (Rogue.SecuritySuite) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{0c 1e9254-519d-796b-1a03-0df955d4ecfd} (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxe 7dxcq37 (Trojan.Downloader) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Paramete rs\Interfaces\{f2b9e7c4-01ef-4f1e-b40a-e0378aa6d187}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.235,93.188.161.235 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Paramete rs\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.235,93.188.161.235 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Paramete rs\Interfaces\{392592a4-2c3a-4e88-a9e5-c34796bc3ad1}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.235,93.188.161.235 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Paramete rs\Interfaces\{f2b9e7c4-01ef-4f1e-b40a-e0378aa6d187}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.235,93.188.161.235 -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Polly\Local Settings\Application Data\ydwveidvk\tvbkubxuqiw.exe (Rogue.SecuritySuite) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temporary Internet Files\Content.IE5\1ZDY19H2\mqupjickr[4].htm (Rogue.SecuritySuite) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\wtpvaae.exe (Rogue.SecuritySuite) -> No action taken. C:\WINDOWS\Temp\EIQG9i1qG.sys (Rootkit.Agent) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\1D.tmp (Rootkit.Dropper) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\28.tmp (Rootkit.Dropper) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\22.tmp (Rootkit.Dropper) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\21.tmp (Rootkit.Dropper) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\1E.tmp (Rootkit.Dropper) -> No action taken. C:\Documents and Settings\Polly\Application Data\Arad\byam.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\Polly\Application Data\093D8D2F02F0D850AFA6A6AF7E1366EB\mediafix70700en02.exe (Trojan.Agent.Gen) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\Hcy.exe (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\Hc0.exe (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\Hcz.exe (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\Hcu.exe (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\Hcv.exe (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\Hcx.exe (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\Hc2.exe (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\Hct.exe (Trojan.Downloader) -> No action taken. C:\WINDOWS\Htugea.exe (Trojan.Downloader) -> No action taken. C:\WINDOWS\Htugeb.exe (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\Hc1.exe (Trojan.Downloader) -> No action taken. C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temporary Internet Files\Content.IE5\1ZDY19H2\nezgb[2].htm (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Polly\Application Data\Ovac\ifog.exe (Trojan.Dropper.XGen) -> No action taken. C:\Documents and Settings\Polly\Local Settings\Temp\oswrcxamne.tmp (Trojan.Spambot) -> No action taken. C:\Documents and Settings\Polly\Application Data\Sun\Java\Deployment\cache\6.0\33\4768d721-54f38376 (Trojan.Zbot) -> No action taken. C:\Documents and Settings\Polly\Application Data\Sun\Java\Deployment\cache\6.0\33\4768d721-74df7c3d (Trojan.Zbot) -> No action taken. DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Polly at 22:34:27.78 on 16/09/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.215 [GMT 1:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Polly\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\polly\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\polly\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\dell\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/ client/wuweb_site.cab?1207411054058 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x8 6/client/muweb_site.cab?1207411162765 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\polly\applic~1\mozilla\firefox\profiles\8iiclskv.defaul t\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk FF - component: c:\documents and settings\polly\application data\mozilla\firefox\profiles\8iiclskv.default\extensions\{a7c6cf7f -112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ip c.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporaril y_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); ============= SERVICES / DRIVERS =============== R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2010-5-9 11264] S3 L6PODLV;PODxt Live Service;c:\windows\system32\drivers\l6podlv.sys --> c:\windows\system32\drivers\L6PODLV.sys [?] =============== Created Last 30 ================ 2010-09-16 20:09:55 0 ----a-w- c:\documents and settings\polly\defogger_reenable 2010-09-16 20:04:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-16 20:04:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-16 20:04:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-16 17:52:43 72706 ----a-w- c:\docume~1\alluse~1\applic~1\3S14R3CC.exe 2010-09-16 17:51:56 112 ----a-w- c:\docume~1\alluse~1\applic~1\t6GF0d2.dat 2010-09-12 19:43:08 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-09-12 19:32:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro 2010-09-10 10:33:06 0 d-----w- c:\docume~1\polly\applic~1\093D8D2F02F0D850AFA6A6AF7E1366EB ==================== Find3M ==================== 2010-09-16 17:50:53 35328 ----a-w- c:\windows\fonts\5O6RtO.com 2010-09-10 10:45:56 36763 ----a-w- c:\windows\system32\nvModes.dat 2008-04-05 15:49:34 604 ---ha-w- c:\program files\STLL Notifier 2008-12-22 03:01:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122220081223\index.dat ============= FINISH: 22:35:21.79 =============== attach.rar
  6. Thought I'd let you all know that it turns out that sharing my Firefox profile between two computers using Dropbox was what was causing mbamservice.exe CPU spikes/constant running at >80%.
  7. Much better, I haven't noticed anything amiss today
  8. What do you think Borislav? Does my system now look clean, as far as you can tell?
  9. Done. Notes about this log: 1) "->" denotes an external command being executed, and "-> (number)" indicates the return code from the previous command 2) Not all external command return codes are accurate, or useful 3) Sometimes commands return 0 (no error) even when they fail or crash 4) If an error occurs while registering an object, please send an email to: dial-a-fix@DjLizard.net and include a copy of this log DAF version: v0.60.0.24 --- System info --- OS: Microsoft Windows XP Service Pack 3 IE version: 7.0.5730.11 MPC: 76487-OEM CPU: Intel® Celeron® CPU 2.80GHz (~2790MHz) BIOS: 24/08/2004 Memory (approx): 2045MB Uptime: 8 hour(s) Current directory: C:\Documents and Settings\English City Stone\Desktop\Dial-a-fix-v0.60.0.24 --- 16/06/2010 03:10:18 -- Dial-a-fix : [v0.60.0.24] -- started 03:10:18 | Policy scan started 03:10:18 | Policy scan ended - no restrictive policies were found --- MSI --- 03:10:52 | Registered: C:\WINDOWS\system32\msi.dll --- Windows Update --- --- Registration: Windows Update/Automatic Update DLLs --- 03:11:01 | Unregistered: C:\WINDOWS\system32\msxml.dll 03:11:01 | Registered: C:\WINDOWS\system32\msxml.dll 03:11:01 | Unregistered: C:\WINDOWS\system32\msxml2.dll 03:11:01 | Registered: C:\WINDOWS\system32\msxml2.dll 03:11:04 | Unregistered: C:\WINDOWS\system32\msxml3.dll 03:11:05 | Registered: C:\WINDOWS\system32\msxml3.dll 03:11:05 | Unregistered: C:\WINDOWS\system32\msxml4.dll 03:11:05 | Registered: C:\WINDOWS\system32\msxml4.dll 03:11:05 | Unregistered: C:\WINDOWS\system32\qmgr.dll 03:11:06 | Registered: C:\WINDOWS\system32\qmgr.dll 03:11:06 | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll 03:11:06 | Registered: C:\WINDOWS\system32\qmgrprxy.dll 03:11:06 | Unregistered: C:\WINDOWS\system32\muweb.dll 03:11:06 | Registered: C:\WINDOWS\system32\muweb.dll 03:11:06 | Unregistered: C:\WINDOWS\system32\winhttp.dll 03:11:06 | Registered: C:\WINDOWS\system32\winhttp.dll 03:11:06 | Registered: C:\WINDOWS\system32\wuapi.dll 03:11:06 | Unregistered: C:\WINDOWS\system32\wuaueng.dll 03:11:07 | Registered: C:\WINDOWS\system32\wuaueng.dll 03:11:07 | Unregistered: C:\WINDOWS\system32\wuaueng1.dll 03:11:07 | Registered: C:\WINDOWS\system32\wuaueng1.dll 03:11:07 | Unregistered: C:\WINDOWS\system32\wucltui.dll 03:11:07 | Registered: C:\WINDOWS\system32\wucltui.dll 03:11:07 | Unregistered: C:\WINDOWS\system32\wups.dll 03:11:07 | Registered: C:\WINDOWS\system32\wups.dll 03:11:07 | Unregistered: C:\WINDOWS\system32\wups2.dll 03:11:07 | Registered: C:\WINDOWS\system32\wups2.dll 03:11:08 | Unregistered: C:\WINDOWS\system32\wuweb.dll 03:11:08 | Registered: C:\WINDOWS\system32\wuweb.dll 03:11:08 | Registered: C:\WINDOWS\system32\ole32.dll --- SSL/HTTPS/Cryptography --- 03:11:20 | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2' --- Registration: SSL/HTTPS/Cryptography --- 03:11:25 | Unregistered: C:\WINDOWS\system32\cryptdlg.dll 03:11:25 | Registered: C:\WINDOWS\system32\cryptdlg.dll 03:11:25 | Unregistered: C:\WINDOWS\system32\cryptui.dll 03:11:25 | Registered: C:\WINDOWS\system32\cryptui.dll 03:11:25 | Unregistered: C:\WINDOWS\system32\cryptext.dll 03:11:25 | Registered: C:\WINDOWS\system32\cryptext.dll 03:11:25 | Unregistered: C:\WINDOWS\system32\dssenh.dll 03:11:25 | Registered: C:\WINDOWS\system32\dssenh.dll 03:11:25 | Unregistered: C:\WINDOWS\system32\gpkcsp.dll 03:11:25 | Registered: C:\WINDOWS\system32\gpkcsp.dll 03:11:25 | Unregistered: C:\WINDOWS\system32\initpki.dll 03:12:01 | Registered: C:\WINDOWS\system32\initpki.dll 03:12:01 | Unregistered: C:\WINDOWS\system32\licdll.dll 03:12:01 | Registered: C:\WINDOWS\system32\licdll.dll 03:12:01 | Unregistered: C:\WINDOWS\system32\mssign32.dll 03:12:01 | Registered: C:\WINDOWS\system32\mssign32.dll 03:12:01 | Unregistered: C:\WINDOWS\system32\mssip32.dll 03:12:01 | Registered: C:\WINDOWS\system32\mssip32.dll 03:12:02 | Unregistered: C:\WINDOWS\system32\scardssp.dll 03:12:02 | Registered: C:\WINDOWS\system32\scardssp.dll 03:12:02 | Unregistered: C:\WINDOWS\system32\sccbase.dll 03:12:02 | Registered: C:\WINDOWS\system32\sccbase.dll 03:12:02 | Unregistered: C:\WINDOWS\system32\scecli.dll 03:12:03 | Registered: C:\WINDOWS\system32\scecli.dll 03:12:03 | Unregistered: C:\WINDOWS\system32\softpub.dll 03:12:03 | Registered: C:\WINDOWS\system32\softpub.dll 03:12:03 | Unregistered: C:\WINDOWS\system32\slbcsp.dll 03:12:03 | Registered: C:\WINDOWS\system32\slbcsp.dll 03:12:03 | Unregistered: C:\WINDOWS\system32\regwizc.dll 03:12:03 | Registered: C:\WINDOWS\system32\regwizc.dll 03:12:03 | Unregistered: C:\WINDOWS\system32\rsaenh.dll 03:12:03 | Registered: C:\WINDOWS\system32\rsaenh.dll 03:12:04 | Unregistered: C:\WINDOWS\system32\winhttp.dll 03:12:04 | Registered: C:\WINDOWS\system32\winhttp.dll 03:12:04 | Unregistered: C:\WINDOWS\system32\wintrust.dll 03:12:04 | Registered: C:\WINDOWS\system32\wintrust.dll --- Registration: ActiveX controls/codecs --- 03:12:04 | Registered: C:\WINDOWS\system32\acelpdec.ax 03:12:04 | Registered: C:\WINDOWS\system32\actxprxy.dll 03:12:05 | Registered: C:\WINDOWS\system32\asctrls.ocx 03:12:05 | Registered: C:\WINDOWS\system32\daxctle.ocx 03:12:05 | Registered: C:\WINDOWS\system32\hhctrl.ocx 03:12:05 | Registered: C:\WINDOWS\system32\l3codecx.ax 03:12:05 | Registered: C:\WINDOWS\system32\licmgr10.dll 03:12:05 | Registered: C:\WINDOWS\system32\mpg4ds32.ax 03:12:11 | Registered: C:\WINDOWS\system32\msdxm.ocx 03:12:12 | Registered: C:\WINDOWS\system32\proctexe.ocx 03:12:12 | Registered: C:\WINDOWS\system32\tdc.ocx 03:12:12 | Registered: C:\WINDOWS\system32\wshom.ocx --- Registration: Control Panel applets --- 03:12:15 | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl 03:12:15 | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl 03:12:15 | Registered: C:\WINDOWS\system32\nusrmgr.cpl --- Registration: Direct[X|Draw|Show|Media] --- 03:12:15 | Registered: C:\WINDOWS\system32\quartz.dll 03:12:16 | Registered: C:\WINDOWS\system32\danim.dll 03:12:16 | Registered: C:\WINDOWS\system32\dmscript.dll 03:12:17 | Registered: C:\WINDOWS\system32\dmstyle.dll 03:12:17 | Registered: C:\WINDOWS\system32\dxmasf.dll 03:12:17 | Registered: C:\WINDOWS\system32\dxtmsft.dll 03:12:17 | Registered: C:\WINDOWS\system32\dxtrans.dll 03:12:17 | Registered: C:\WINDOWS\system32\sbe.dll --- Registration: Programming cores/runtimes --- 03:12:17 | Registered: C:\WINDOWS\system32\atl.dll 03:12:17 | Registered: C:\WINDOWS\system32\corpol.dll 03:12:17 | Registered: C:\WINDOWS\system32\jscript.dll 03:12:17 | Registered: C:\WINDOWS\system32\dispex.dll 03:12:18 | Registered: C:\WINDOWS\system32\scrrun.dll 03:12:18 | Registered: C:\WINDOWS\system32\scrobj.dll 03:12:18 | Registered: C:\WINDOWS\system32\vbscript.dll 03:12:18 | Registered: C:\WINDOWS\system32\wshext.dll --- Registration: Explorer/IE/OE/shell/WMP --- 03:12:18 | Registered: C:\WINDOWS\system32\activeds.dll 03:12:18 | Registered: C:\WINDOWS\system32\audiodev.dll 03:12:19 | Registered: C:\WINDOWS\system32\browsewm.dll 03:12:19 | Registered: C:\WINDOWS\system32\cabview.dll 03:12:19 | Registered: C:\WINDOWS\system32\cdfview.dll 03:12:19 | Registered: C:\WINDOWS\system32\clbcatex.dll 03:12:19 | Registered: C:\WINDOWS\system32\clbcatq.dll 03:12:19 | Registered: C:\WINDOWS\system32\comcat.dll 03:12:19 | Registered: C:\WINDOWS\system32\cscui.dll 03:12:20 | Registered: C:\WINDOWS\system32\credui.dll 03:12:20 | Registered: C:\WINDOWS\system32\datime.dll 03:12:20 | Registered: C:\WINDOWS\system32\devmgr.dll 03:12:20 | Registered: C:\WINDOWS\system32\dfsshlex.dll 03:12:20 | Registered: C:\WINDOWS\system32\dmdlgs.dll 03:12:20 | Registered: C:\WINDOWS\system32\dmdskmgr.dll 03:12:20 | Registered: C:\WINDOWS\system32\dmloader.dll 03:12:20 | Registered: C:\WINDOWS\system32\dmocx.dll 03:12:20 | Registered: C:\WINDOWS\system32\dmview.ocx 03:12:21 | DllInstalled: C:\WINDOWS\system32\dsuiext.dll 03:12:21 | Registered: C:\WINDOWS\system32\dsuiext.dll 03:12:21 | DllInstalled: C:\WINDOWS\system32\dsquery.dll 03:12:21 | Registered: C:\WINDOWS\system32\dsquery.dll 03:12:21 | Registered: C:\WINDOWS\system32\dskquoui.dll 03:12:21 | Registered: C:\WINDOWS\system32\els.dll 03:12:21 | Registered: C:\WINDOWS\system32\es.dll 03:12:21 | Registered: C:\WINDOWS\system32\fontext.dll 03:12:22 | Registered: C:\WINDOWS\system32\hlink.dll 03:12:22 | Registered: C:\WINDOWS\system32\hnetcfg.dll 03:12:22 | Registered: C:\WINDOWS\system32\iedkcs32.dll 03:12:22 | Registered: C:\WINDOWS\system32\iepeers.dll 03:12:22 | Registered: C:\WINDOWS\system32\ils.dll 03:12:22 | Registered: C:\WINDOWS\system32\inetcfg.dll 03:12:22 | Registered: C:\WINDOWS\system32\inetcomm.dll 03:12:22 | Registered: C:\WINDOWS\system32\laprxy.dll 03:12:23 | Registered: C:\WINDOWS\system32\lmrt.dll 03:12:24 | Registered: C:\WINDOWS\system32\mlang.dll 03:12:24 | Registered: C:\WINDOWS\system32\mmcndmgr.dll 03:12:24 | Registered: C:\WINDOWS\system32\mmcshext.dll 03:12:25 | Registered: C:\WINDOWS\system32\mscoree.dll 03:12:25 | Registered: C:\WINDOWS\system32\mshtmled.dll 03:12:25 | Registered: C:\WINDOWS\system32\msoeacct.dll 03:12:25 | Registered: C:\WINDOWS\system32\msr2c.dll 03:12:25 | DllInstalled: C:\WINDOWS\system32\mydocs.dll 03:12:25 | Registered: C:\WINDOWS\system32\mydocs.dll 03:12:25 | Registered: C:\WINDOWS\system32\mstime.dll 03:12:25 | Registered: C:\WINDOWS\system32\netcfgx.dll 03:12:26 | DllInstalled: C:\WINDOWS\system32\netplwiz.dll 03:12:26 | Registered: C:\WINDOWS\system32\netplwiz.dll 03:12:26 | Registered: C:\WINDOWS\system32\netman.dll 03:12:26 | Registered: C:\WINDOWS\system32\netshell.dll 03:12:26 | Registered: C:\WINDOWS\system32\ntmsevt.dll 03:12:26 | Registered: C:\WINDOWS\system32\ntmsmgr.dll 03:12:27 | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll 03:12:27 | Registered: C:\WINDOWS\system32\ntmssvc.dll 03:12:27 | DllInstalled: C:\WINDOWS\system32\occache.dll 03:12:27 | Registered: C:\WINDOWS\system32\occache.dll 03:12:27 | Registered: C:\WINDOWS\system32\ole32.dll 03:12:27 | Registered: C:\WINDOWS\system32\oleaut32.dll 03:12:27 | Registered: C:\WINDOWS\system32\oleacc.dll 03:12:27 | Registered: C:\WINDOWS\system32\olepro32.dll 03:12:27 | DllInstalled: C:\WINDOWS\system32\photowiz.dll 03:12:27 | Registered: C:\WINDOWS\system32\photowiz.dll 03:12:27 | Registered: C:\WINDOWS\system32\remotepg.dll 03:12:27 | Registered: C:\WINDOWS\system32\rpcrt4.dll 03:12:28 | Registered: C:\WINDOWS\system32\rshx32.dll 03:12:28 | Registered: C:\WINDOWS\system32\sendmail.dll 03:12:28 | Registered: C:\WINDOWS\system32\slayerxp.dll 03:12:28 | Registered: C:\WINDOWS\system32\shell32.dll 03:12:33 | DllInstalled: C:\WINDOWS\system32\shell32.dll 03:12:34 | Registered: C:\WINDOWS\system32\shmedia.dll 03:12:34 | DllInstalled: C:\WINDOWS\system32\shimgvw.dll 03:12:34 | Registered: C:\WINDOWS\system32\shimgvw.dll 03:12:34 | DllInstalled: C:\WINDOWS\system32\shsvcs.dll 03:12:34 | Registered: C:\WINDOWS\system32\shsvcs.dll 03:12:34 | Registered: C:\WINDOWS\system32\srclient.dll 03:12:34 | Unregistered: C:\WINDOWS\system32\stobject.dll 03:12:34 | Registered: C:\WINDOWS\system32\stobject.dll 03:12:34 | Registered: C:\WINDOWS\system32\twext.dll 03:12:37 | DllInstalled: C:\WINDOWS\system32\urlmon.dll 03:12:37 | Registered: C:\WINDOWS\system32\urlmon.dll 03:12:37 | Registered: C:\WINDOWS\system32\userenv.dll 03:12:37 | Registered: C:\WINDOWS\system32\winhttp.dll 03:12:37 | DllInstalled: C:\WINDOWS\system32\wininet.dll 03:12:37 | Registered: C:\WINDOWS\system32\zipfldr.dll 03:12:37 | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll 03:12:37 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll 03:12:37 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll 03:12:37 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll 03:12:37 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll 03:12:37 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll 03:12:38 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll 03:12:38 | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll 03:12:38 | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll 03:12:38 | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll 03:12:38 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll 03:12:38 | Registered: C:\Program Files\Common Files\system\Ole DB\msdmeng.dll 03:12:39 | Registered: C:\Program Files\Common Files\system\Ole DB\msdmine.dll 03:12:39 | Registered: C:\Program Files\Common Files\system\Ole DB\msmdcb80.dll 03:12:39 | Registered: C:\Program Files\Common Files\system\Ole DB\msmdgd80.dll 03:12:39 | Registered: C:\Program Files\Common Files\system\Ole DB\msolap80.dll 03:12:40 | Registered: C:\Program Files\Common Files\system\Ole DB\msolui80.dll 03:12:40 | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll 03:12:40 | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll 03:12:40 | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll 03:12:40 | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll 03:12:40 | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll
  10. ...and browsing on the internet is now incredibly slow and clunky
  11. Something perculiar is now happening - the "My Network Places" icon on my desktop disappears and then reappears continuously as approx. 3-4 second intervals. I can't connect to my NAS/other drives on the home LAN.
  12. A0079846.SYS;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP976;BackDoor.Tdss.2459;Cured.; _________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:12:18, on 15/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nlssrv32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\English City Stone\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Documents and Settings\English City Stone\Application Data\Dropbox\bin\Dropbox.exe O4 - Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Shortcut to Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lspcoi.dll' missing O14 - IERESET.INF: START_PAGE_URL=http://gringotts/intranet/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134475511721 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190114361645 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.ropuk.com/msrdp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\nlssrv32.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing) -- End of file - 8972 bytes
  13. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17023 (vista_gdr.100222-0012) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=3afdbeeeea020e4fbf00dbcf0713849a # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-06-14 08:07:32 # local_time=2010-06-14 09:07:32 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=769 16775141 100 98 46808 212781514 43507 0 # compatibility_mode=1026 16777214 0 2 31414030 31414030 0 0 # compatibility_mode=8192 67108863 100 0 99771 99771 0 0 # scanned=190034 # found=0 # cleaned=0 # scan_time=6092
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.