Jump to content

Random popup


Recommended Posts

Keep getting this random popup from news.11.today.com. Scanned nod32, adaware and MBAM. MBAM picked up a few items which i removed, however the popup still appears. MY HJT log is below.

Thanks

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:37:02 AM, on 26/05/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\Energy Management\utility.exe

C:\Program Files\Lenovo\Energy Management\Energy Management.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\VeriFaceIII\PManage.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\LooknStop\looknstop.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\QSTART.SYS\config\DVMExportService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

C:\PROGRA~1\HUAWEI~1\HUAWEI~1\3 USB Modem.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe

O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\LooknStop\looknstop.exe" -auto

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251514927730

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251514897245

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E1B2DD2-C64F-4389-AA9F-DD97CA777446}: NameServer = 217.171.135.1 217.171.132.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: PicNotify - C:\WINDOWS\SYSTEM32\PicNotify.dll

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--

End of file - 9200 bytes

Link to post
Share on other sites

Hi gt88,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

    [*]Please post the contents of these 2 Notepad files in your next reply.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

Link to post
Share on other sites

Like GT88, I am also having this problem. I have ran OTL and RK Unhooker. NotL RKU detects a parasite inside itself when run and recommends removing it!!! I haven't run this yet.

Logs below. I would be grateful for any help.

____________________________________________________________

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:02:52, on 27/05/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

C:\Program Files\Labtec\Mouse\V3.0\moffice.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE

D:\Program Files\WinZip Pro\WZQKPICK.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\ATKKBService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\cidaemon.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Documents and Settings\Administrator\Desktop\OTL.exe

D:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home/?ai=13054

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2

R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ladklq.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll

O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll

O4 - HKLM\..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~2\Help\SMARTB~3\BTHelpNotifier.exe

O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe

O4 - HKLM\..\RunOnce: [uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe

O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip Pro\WZQKPICK.EXE

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Update Service (gupdate1ca3b719fe19692) (gupdate1ca3b719fe19692) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - D:\Inprise\vbroker\bin\oad.exe

O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - D:\Inprise\vbroker\bin\osagent.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 7657 bytes

_________________________________________________________

OTL.txt file:

OTL logfile created on: 27/05/2010 20:06:18 - Run 2

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 201.25 Gb Free Space | 86.42% Space Free | Partition Type: NTFS

Drive D: | 465.76 Gb Total Space | 317.34 Gb Free Space | 68.13% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PAUL

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Program Files\WinZip Pro\WZQKPICK.EXE (WinZip Computing, S.L.)

PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\Labtec\Mouse\V3.0\moffice.exe ()

PRC - C:\Program Files\Labtec\Mouse\V3.0\mouse32a.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()

PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)

PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Labtec\Mouse\V3.0\mouDL32A.dll ()

MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ACDaemon) -- File not found

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)

SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)

SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)

SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)

SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (YPCService) -- C:\WINDOWS\system32\YPcservice.exe (Yahoo! Inc.)

SRV - (osagent) -- D:\Inprise\vbroker\bin\osagent.exe ()

SRV - (oad) -- D:\Inprise\vbroker\bin\oad.exe ()

========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)

DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)

DRV - (Video3D) -- C:\WINDOWS\system32\drivers\Video3D32.sys (ASUSTeK COMPUTER INC.)

DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)

DRV - (PhilCap) -- C:\WINDOWS\system32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)

DRV - (RTL8169) -- C:\WINDOWS\system32\drivers\Rtlh86.sys (Realtek Corporation)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys (ATI Research Inc.)

DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)

DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)

DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)

DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)

DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home/?ai=13054

IE - HKU\S-1-5-21-448539723-162531612-1801674531-500\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-448539723-162531612-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-448539723-162531612-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;2

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.7

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 5

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - prefs.js..network.proxy.http: "222.68.207.11"

FF - prefs.js..network.proxy.http_port: 80

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/21 12:33:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Program Files\Real\browserrecord\firefox\ext [2009/09/22 11:46:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/05/27 15:52:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/05/27 16:08:46 | 000,000,000 | ---D | M]

[2009/07/29 13:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/05/27 17:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions

[2010/05/26 18:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2)

[2010/05/26 18:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(3)

[2010/05/26 22:05:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(4)

[2010/05/08 12:33:56 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2009/08/15 13:39:48 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010/04/14 19:15:52 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

[2010/04/28 11:12:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/03/27 13:24:13 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/05/27 16:08:41 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2009/11/03 16:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2010/04/25 14:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\firefox@tvunetworks.com

[2010/03/14 13:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\piclens@cooliris.com

O1 HOSTS File: ([2008/04/14 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-448539723-162531612-1801674531-500\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-448539723-162531612-1801674531-500\..\Toolbar\WebBrowser: (Webs Credits) - {D09588AA-5560-4240-B2F2-774D78D7E917} - Reg Error: Value error. File not found

O3 - HKU\S-1-5-21-448539723-162531612-1801674531-500\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)

O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe ()

O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\BT Home Hub\Help\SmartBridge\BTHelpNotifier.exe (Motive)

O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()

O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)

O4 - HKLM..\RunOnce: [uninstall Adobe Download Manager] File not found

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe (Motive Communications, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = D:\Program Files\WinZip Pro\WZQKPICK.EXE (WinZip Computing, S.L.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O15 - HKU\S-1-5-21-448539723-162531612-1801674531-500\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\ladklq.exe) - C:\WINDOWS\System32\ladklq.exe File not found

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/07/29 11:43:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/27 19:19:26 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/05/27 16:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2010/05/27 16:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit

[2010/05/27 16:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\myBabylon_English

[2010/05/27 16:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\myBabylon_English

[2010/05/27 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\NOS

[2010/05/27 16:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2010/05/27 15:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/05/27 15:36:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2010/05/27 15:32:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files

[2010/05/27 15:31:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache

[2010/05/27 15:29:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpctrs.dll

[2010/05/27 15:29:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snprfdll.dll

[2010/05/27 15:29:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fcachdll.dll

[2010/05/27 15:29:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regtrace.exe

[2010/05/27 15:29:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiisex.dll

[2010/05/27 15:29:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aspperf.dll

[2010/05/27 15:29:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3svapi.dll

[2010/05/27 15:29:25 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ctrs.dll

[2010/05/27 15:29:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisreset.exe

[2010/05/27 15:29:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wamregps.dll

[2010/05/27 15:29:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftpsapi2.dll

[2010/05/27 15:29:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisrstap.dll

[2010/05/27 15:29:23 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\convlog.exe

[2010/05/27 15:29:23 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsloc.dll

[2010/05/27 15:29:23 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoctrs.dll

[2010/05/27 15:29:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admxprox.dll

[2010/05/27 15:29:23 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismui.dll

[2010/05/27 15:29:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll

[2010/05/27 15:29:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll

[2010/05/27 15:29:17 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiis.dll

[2010/05/27 15:29:17 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisext.dll

[2010/05/27 15:29:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismap.dll

[2010/05/27 15:29:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\exstrace.dll

[2010/05/27 15:29:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoadmn.dll

[2010/05/27 15:29:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisRtl.dll

[2010/05/27 15:29:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admwprox.dll

[2010/05/27 15:29:13 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lpdsvc.dll

[2010/05/27 15:29:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lprmon.dll

[2010/05/27 15:29:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\staxmem.dll

[2010/05/27 15:29:09 | 000,000,000 | ---D | C] -- C:\Inetpub

[2010/05/27 15:27:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntagnt.dll

[2010/05/27 15:27:54 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntwin.exe

[2010/05/27 15:27:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe

[2010/05/27 15:27:54 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntcmd.exe

[2010/05/27 15:27:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmpmib.dll

[2010/05/27 15:27:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hostmib.dll

[2010/05/27 15:27:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmmib2.dll

[2010/05/27 13:51:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\7A9B63233F5E4A2E939E8A1F4F6A0CA8.TMP

[2010/05/27 11:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Motive

[2010/05/26 22:32:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2010/05/26 22:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Motive(4)

[2010/05/26 21:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Motive(4)(2)

[2010/05/26 16:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Motive(3)

[2010/05/25 20:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Motive(2)

[2010/05/25 14:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ippycyxlp

[2010/05/22 18:02:32 | 000,000,000 | ---D | C] -- C:\FSiLinks

[2010/05/22 18:00:05 | 000,000,000 | ---D | C] -- C:\FSi

[2010/05/19 17:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/05/19 17:47:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/19 17:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/19 17:47:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/18 14:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\manky

[2010/05/16 12:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer

[2010/05/16 00:03:44 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/05/14 12:50:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\usewrw

[2010/05/13 22:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DVDVideoSoft

[2010/05/13 22:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft

[2010/05/04 01:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer

[2010/05/04 01:33:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010/05/04 00:20:50 | 000,000,000 | ---D | C] -- C:\Microgaming

[2010/04/30 12:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/04/29 14:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/27 19:20:08 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

[2010/05/27 19:19:37 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE

[2010/05/27 19:19:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat

[2010/05/27 19:19:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/05/27 19:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/05/27 18:00:27 | 060,433,047 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/05/27 16:37:10 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk

[2010/05/27 16:18:35 | 000,073,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/05/27 15:52:58 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/05/27 15:38:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/05/27 15:38:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/27 15:37:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/27 15:36:29 | 006,139,904 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat

[2010/05/27 15:36:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010/05/27 15:32:36 | 000,570,256 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/05/27 15:32:36 | 000,476,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/05/27 15:32:36 | 000,083,406 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/05/27 13:29:48 | 000,000,579 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/05/27 13:29:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/05/26 23:13:59 | 000,000,243 | -HS- | M] () -- C:\boot.ini

[2010/05/26 22:58:06 | 000,265,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/05/26 22:36:39 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI

[2010/05/26 22:29:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/05/26 22:23:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/05/26 20:20:10 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\limited connectivity.rtf

[2010/05/26 16:23:14 | 000,253,740 | ---- | M] () -- C:\firewall.jpg

[2010/05/26 12:35:17 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin

[2010/05/25 12:45:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/25 12:35:30 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db

[2010/05/23 15:18:33 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WebpageIcons.db

[2010/05/22 01:39:00 | 000,406,318 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\btv.zip

[2010/05/22 01:37:16 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UKTV.zip

[2010/05/21 21:20:52 | 000,041,914 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\flags.jpg

[2010/05/21 00:00:10 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sweepstake.zip

[2010/05/19 17:47:20 | 000,000,588 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/16 00:03:41 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/05/15 22:15:24 | 000,425,984 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb

[2010/05/15 22:15:24 | 000,275,456 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

[2010/05/15 22:07:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job

[2010/05/11 01:03:03 | 000,002,640 | ---- | M] () -- C:\WINDOWS\System32\settings.aaw

[2010/05/11 01:03:03 | 000,000,960 | ---- | M] () -- C:\WINDOWS\System32\history.aaw

[2010/05/09 22:53:54 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Zattoo.lnk

[2010/05/04 01:37:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk

[2010/05/01 14:55:15 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SopCast.lnk

[2010/04/30 12:44:41 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/04/29 22:13:37 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/27 19:19:38 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE

[2010/05/27 16:37:10 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk

[2010/05/27 15:52:58 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/05/27 15:29:36 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2010/05/27 15:29:36 | 000,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h

[2010/05/27 15:29:35 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2010/05/27 15:29:35 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h

[2010/05/27 15:29:25 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2010/05/27 15:29:25 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2010/05/27 15:29:25 | 000,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h

[2010/05/27 15:29:25 | 000,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h

[2010/05/27 15:29:23 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2010/05/27 15:29:23 | 000,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h

[2010/05/27 15:27:58 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib

[2010/05/27 15:27:58 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib

[2010/05/27 15:27:58 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib

[2010/05/27 15:27:57 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib

[2010/05/27 15:27:57 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib

[2010/05/27 15:27:57 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib

[2010/05/27 15:27:57 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib

[2010/05/27 15:27:57 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib

[2010/05/27 15:27:57 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib

[2010/05/27 15:27:57 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib

[2010/05/27 15:27:57 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib

[2010/05/27 15:27:56 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib

[2010/05/27 15:27:56 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib

[2010/05/27 15:27:56 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib

[2010/05/27 15:27:56 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib

[2010/05/27 15:27:56 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib

[2010/05/27 15:27:56 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib

[2010/05/27 15:27:56 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib

[2010/05/27 15:27:55 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib

[2010/05/27 15:27:55 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib

[2010/05/26 23:58:58 | 006,139,904 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat

[2010/05/26 21:02:52 | 000,015,975 | ---- | C] () -- C:\Documents and Settings\Administrator\log.txt

[2010/05/26 20:20:10 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\limited connectivity.rtf

[2010/05/26 19:27:13 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

[2010/05/26 19:27:13 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

[2010/05/26 16:23:14 | 000,253,740 | ---- | C] () -- C:\firewall.jpg

[2010/05/22 01:38:59 | 000,406,318 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\btv.zip

[2010/05/22 01:37:16 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UKTV.zip

[2010/05/21 21:20:52 | 000,041,914 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\flags.jpg

[2010/05/21 00:00:10 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sweepstake.zip

[2010/05/19 17:47:20 | 000,000,588 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/16 00:08:05 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/05/04 01:38:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk

[2010/04/30 12:44:41 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/04/30 12:44:41 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/04/13 16:39:35 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL

[2010/04/13 16:39:35 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL

[2010/04/13 16:39:35 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL

[2010/02/18 20:27:10 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys

[2010/01/01 13:09:45 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini

[2009/11/20 16:41:20 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\qtmlClient.dll

[2009/11/20 16:41:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini

[2009/11/15 15:38:43 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009/10/20 01:13:42 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009/08/21 13:56:11 | 000,005,440 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/08/05 18:08:29 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll

[2009/07/29 21:07:30 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009/07/29 19:55:57 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2009/07/29 19:55:57 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2009/07/29 19:55:52 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2009/07/29 19:55:52 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2009/07/29 19:37:44 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2009/07/29 19:13:26 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini

[2009/07/29 19:13:25 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll

[2009/07/29 19:13:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll

[2009/07/29 19:13:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll

[2009/07/29 19:13:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll

[2009/07/29 19:13:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll

[2009/07/29 19:13:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll

[2009/07/29 19:13:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll

[2009/07/29 19:13:24 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll

[2009/07/29 18:22:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2009/07/29 13:07:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2009/07/29 11:58:14 | 000,020,257 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/07/29 11:58:03 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/07/29 11:58:01 | 000,021,582 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/07/29 11:57:52 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/07/17 18:03:47 | 000,009,760 | ---- | C] () -- C:\WINDOWS\System32\716xCoInstaller.dll

[2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008/12/23 16:33:18 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2008/04/14 11:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll

[2007/01/26 03:04:12 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL

[2007/01/26 03:04:12 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL

[2006/06/07 16:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2004/10/11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL

[2003/09/23 13:40:34 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll

[2003/08/07 15:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

______________________________________________________________

Extras.txt:

OTL Extras logfile created on: 27/05/2010 20:06:18 - Run 2

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 201.25 Gb Free Space | 86.42% Space Free | Partition Type: NTFS

Drive D: | 465.76 Gb Total Space | 317.34 Gb Free Space | 68.13% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PAUL

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Yahoo!\browser\ybrowser.exe (Yahoo!, Inc.)

[HKEY_USERS\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 (Yahoo!, Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server Web Server

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found

"D:\Program Files\spotify.exe" = D:\Program Files\spotify.exe:*:Enabled:Spotify -- (Spotify AB)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

"D:\Program Files\Sopcast\SopCast.exe" = D:\Program Files\Sopcast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)

"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

Hi deltalima,

Since my last post, things seem to be getting worse. Ive posted a new HJT log, MBAM log, OTL log, however I got an error when running RKUnHooker. The error received is:

Warning-integrity checking

Rootkit Unhooker has detected parasite inside itself!

It is recommended to remove parasite, okay?

Parasite type: Unknown remote thread

Thread ID: 2148

Priority:8

Thread start address: 0x77DF848A

Module: advapi32.dll

Then when i press ok it says: Parasite removed, continue loading

I started the scanning process but halfway through as it was scanning files a error occured with unhooker and it closed the program.

HJT Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:17:42 AM, on 28/05/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\Energy Management\utility.exe

C:\Program Files\Lenovo\Energy Management\Energy Management.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\VeriFaceIII\PManage.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\LooknStop\looknstop.exe

C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\QSTART.SYS\config\DVMExportService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\PROGRA~1\HUAWEI~1\HUAWEI~1\3 USB Modem.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe

O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\LooknStop\looknstop.exe" -auto

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251514927730

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251514897245

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E1B2DD2-C64F-4389-AA9F-DD97CA777446}: NameServer = 141.1.1.1 195.27.1.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: PicNotify - C:\WINDOWS\SYSTEM32\PicNotify.dll

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--

End of file - 9203 bytes

Link to post
Share on other sites

OTL.txt Log

OTL logfile created on: 28/05/2010 7:02:23 AM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Diana\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,014.00 Mb Total Physical Memory | 396.00 Mb Available Physical Memory | 39.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 146.62 Gb Total Space | 129.78 Gb Free Space | 88.51% Space Free | Partition Type: NTFS

Drive D: | 12.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LENOVO-D6BCD33D

Current User Name: Diana

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Diana\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)

PRC - C:\Program Files\ESET\nod32kui.exe (Eset )

PRC - C:\Program Files\ESET\nod32krn.exe (Eset )

PRC - C:\Program Files\LooknStop\looknstop.exe (Soft4Ever)

PRC - C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

PRC - C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)

PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)

PRC - C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe (Huawei Technologies)

PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Diana\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (NOD32krn) -- C:\Program Files\Eset\nod32krn.exe (Eset )

SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)

SRV - (DvmMDES) -- C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)

SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)

SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

========== Driver Services (SafeList) ==========

DRV - (AMON) -- C:\WINDOWS\system32\drivers\amon.sys (Eset )

DRV - (nod32drv) -- C:\WINDOWS\system32\drivers\nod32drv.sys ()

DRV - (SFilter) -- C:\WINDOWS\system32\drivers\lnsfw.sys ()

DRV - (lnsfw1) -- C:\WINDOWS\system32\drivers\lnsfw1.sys ()

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corp.)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (ACPIVPC) -- C:\WINDOWS\system32\drivers\AcpiVpc.sys (Lenovo Corporation)

DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)

DRV - (PMEM) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1136026159-2533065141-587483773-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

IE - HKU\S-1-5-21-1136026159-2533065141-587483773-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1136026159-2533065141-587483773-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/

IE - HKU\S-1-5-21-1136026159-2533065141-587483773-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2010/02/21 01:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diana\Application Data\Mozilla\Extensions

[2010/02/21 01:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diana\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/05/25 07:07:45 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1136026159-2533065141-587483773-1009\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)

O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)

O4 - HKLM..\Run: [Look 'n' Stop] C:\Program Files\LooknStop\looknstop.exe (Soft4Ever)

O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )

O4 - HKLM..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()

O4 - Startup: C:\Documents and Settings\Diana\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1136026159-2533065141-587483773-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1251514927730 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1251514897245 (MUWebControl Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()

O24 - Desktop WallPaper: C:\Documents and Settings\Diana\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Diana\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/07/22 05:16:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2007/03/13 04:22:30 | 000,000,112 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{0fbaa7d8-c316-11de-ae59-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{0fbaa7d8-c316-11de-ae59-000000000000}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{0fbaa7d8-c316-11de-ae59-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{43e3e858-0d9f-11df-aef7-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{43e3e858-0d9f-11df-aef7-000000000000}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{43e3e858-0d9f-11df-aef7-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{48098944-0de8-11df-94eb-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{48098944-0de8-11df-94eb-000000000000}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{48098944-0de8-11df-94eb-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{4809894d-0de8-11df-94eb-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{4809894d-0de8-11df-94eb-000000000000}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4809894d-0de8-11df-94eb-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{5d6dd898-0ea2-11df-94f5-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{5d6dd898-0ea2-11df-94f5-000000000000}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{5d6dd898-0ea2-11df-94f5-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{5f2aed7e-a73c-11de-ae49-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{5f2aed7e-a73c-11de-ae49-000000000000}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{5f2aed7e-a73c-11de-ae49-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{76cef940-2a20-11df-9545-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{76cef940-2a20-11df-9545-000000000000}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{76cef940-2a20-11df-9545-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{76cef941-2a20-11df-9545-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{76cef941-2a20-11df-9545-000000000000}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{76cef941-2a20-11df-9545-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{9ba1f2f0-a739-11de-ae48-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{9ba1f2f0-a739-11de-ae48-000000000000}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{9ba1f2f0-a739-11de-ae48-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{9ba1f2f1-a739-11de-ae48-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{9ba1f2f1-a739-11de-ae48-000000000000}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{9ba1f2f1-a739-11de-ae48-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{9ba1f2f2-a739-11de-ae48-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{9ba1f2f2-a739-11de-ae48-000000000000}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{9ba1f2f2-a739-11de-ae48-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{b7003934-0e41-11df-94ec-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{b7003934-0e41-11df-94ec-000000000000}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{b7003934-0e41-11df-94ec-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{bcd1ccbc-c259-11de-ae58-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{bcd1ccbc-c259-11de-ae58-000000000000}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{bcd1ccbc-c259-11de-ae58-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{ca5786c8-a68a-11de-ae47-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{ca5786c8-a68a-11de-ae47-000000000000}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ca5786c8-a68a-11de-ae47-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\Z\Shell - "" = AutoRun

O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/28 06:53:35 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Diana\Desktop\OTL.exe

[2010/05/28 05:48:28 | 000,000,000 | -H-D | C] -- C:\dvmexp

[2010/05/26 08:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/05/25 05:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Diana\Application Data\Malwarebytes

[2010/05/25 05:04:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/25 05:03:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/25 05:03:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/25 05:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/24 05:52:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\MSHRUKPDAUE

[2010/05/24 05:51:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\131be87

[2010/05/21 06:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/05/21 06:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/05/19 23:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/05/19 23:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/05/17 06:40:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2010/05/09 22:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Diana\Application Data\Help

[2010/05/03 19:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Diana\My Documents\photo shoot

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/28 06:53:45 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Diana\Desktop\OTL.exe

[2010/05/28 05:48:04 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010/05/28 05:48:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/28 05:47:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/28 05:47:54 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys

[2010/05/28 04:15:59 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/05/28 03:14:41 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/05/27 09:44:45 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Diana\NTUSER.DAT

[2010/05/27 09:44:45 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Diana\ntuser.ini

[2010/05/27 09:44:34 | 001,685,060 | -H-- | M] () -- C:\Documents and Settings\Diana\Local Settings\Application Data\IconCache.db

[2010/05/26 08:36:50 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Diana\Desktop\HijackThis.lnk

[2010/05/25 07:07:45 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/05/25 05:04:19 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/22 18:22:38 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/05/21 07:47:51 | 000,000,047 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat

[2010/05/20 19:57:41 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/04 06:19:00 | 000,029,186 | ---- | M] () -- C:\Documents and Settings\Diana\My Documents\paddywagon insurance letter.docx

[2010/05/03 04:36:12 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Diana\My Documents\lebanon ticket.doc

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/28 05:47:54 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys

[2010/05/28 04:15:59 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/05/26 08:36:50 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Diana\Desktop\HijackThis.lnk

[2010/05/25 05:04:19 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/04 06:18:59 | 000,029,186 | ---- | C] () -- C:\Documents and Settings\Diana\My Documents\paddywagon insurance letter.docx

[2010/05/03 04:36:11 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Diana\My Documents\lebanon ticket.doc

[2009/09/02 14:00:48 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/09/02 14:00:42 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll

[2009/09/02 13:51:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/08/30 03:32:13 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys

[2009/08/29 12:51:16 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009/08/29 12:44:17 | 000,079,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\lnsfw1.sys

[2009/08/29 12:44:17 | 000,058,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\lnsfw.sys

[2009/08/29 12:44:17 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fwapi.dll

[2009/07/03 18:54:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/07/03 18:25:39 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll

[2009/07/03 18:25:39 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll

[2009/07/03 18:25:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll

[2009/07/03 18:25:38 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll

[2009/07/03 18:25:38 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll

[2009/07/03 18:25:38 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll

[2009/07/03 18:25:38 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll

[2009/07/03 18:25:38 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll

[2009/07/03 18:25:38 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll

[2009/07/03 18:25:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll

[2009/07/03 18:25:37 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll

[2009/07/03 18:25:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll

[2009/07/03 18:25:36 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll

[2009/07/03 18:25:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll

[2009/07/03 18:25:36 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll

[2009/07/03 18:25:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll

[2009/07/03 18:25:34 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll

[2009/07/03 18:19:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009/01/17 10:55:38 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2008/10/29 04:17:50 | 000,012,240 | ---- | C] () -- C:\WINDOWS\System32\dvmio.sys

[2008/07/22 07:08:39 | 000,005,398 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/02/18 04:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005/02/18 04:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2001/11/15 05:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

< End of report >

Link to post
Share on other sites

Extras.txt Log

OTL Extras logfile created on: 28/05/2010 7:02:23 AM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Diana\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,014.00 Mb Total Physical Memory | 396.00 Mb Available Physical Memory | 39.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 146.62 Gb Total Space | 129.78 Gb Free Space | 88.51% Space Free | Partition Type: NTFS

Drive D: | 12.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LENOVO-D6BCD33D

Current User Name: Diana

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Documents and Settings\All Users\Application Data\131be87\MS131b.exe" = C:\Documents and Settings\All Users\Application Data\131be87\MS131b.exe:*:Enabled:My Security Engine -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{808E299D-B223-4B06-ACB7-68F3705D9EC6}" = Lenovo Quick Start

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

Extras.txt Log

OTL Extras logfile created on: 28/05/2010 7:02:23 AM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Diana\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,014.00 Mb Total Physical Memory | 396.00 Mb Available Physical Memory | 39.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 146.62 Gb Total Space | 129.78 Gb Free Space | 88.51% Space Free | Partition Type: NTFS

Drive D: | 12.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LENOVO-D6BCD33D

Current User Name: Diana

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Documents and Settings\All Users\Application Data\131be87\MS131b.exe" = C:\Documents and Settings\All Users\Application Data\131be87\MS131b.exe:*:Enabled:My Security Engine -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{808E299D-B223-4B06-ACB7-68F3705D9EC6}" = Lenovo Quick Start

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

Extras.txt Log

OTL Extras logfile created on: 28/05/2010 7:02:23 AM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Diana\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,014.00 Mb Total Physical Memory | 396.00 Mb Available Physical Memory | 39.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 146.62 Gb Total Space | 129.78 Gb Free Space | 88.51% Space Free | Partition Type: NTFS

Drive D: | 12.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LENOVO-D6BCD33D

Current User Name: Diana

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Documents and Settings\All Users\Application Data\131be87\MS131b.exe" = C:\Documents and Settings\All Users\Application Data\131be87\MS131b.exe:*:Enabled:My Security Engine -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{808E299D-B223-4B06-ACB7-68F3705D9EC6}" = Lenovo Quick Start

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

Hi gt88,

Defogger

Disable Drivers

Please download DeFogger... by jpshortstuff. Save it to your desktop.

  1. Double click DeFogger.exe to run the tool. The application window will appear.
  2. Click the Disable button to disable your CD Emulation drivers.
  3. Click Yes to continue. A 'Finished!' message will appear. Click OK.
  4. Click OK when DeFogger asks to reboot the machine.

Do not re-enable these drivers until otherwise instructed.

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Please download GMER Rootkit Scanner from here.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE

Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log in your next reply.

Link to post
Share on other sites

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 20:26 on 28/05/2010 (Diana)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-28 22:18:55

Windows 5.1.2600 Service Pack 3

Running: 0qlw3quh.exe; Driver: C:\DOCUME~1\Diana\LOCALS~1\Temp\afryrpoc.sys

---- User code sections - GMER 1.0.15 ----

.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009F000A

.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[856] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A0000A

.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[856] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009E000C

.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A

.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A

.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C

.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A

.text C:\WINDOWS\system32\svchost.exe[1300] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E4000A

.text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A

.text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A

.text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\winlogon.exe[896] @ C:\WINDOWS\system32\winlogon.exe [uSER32.dll!DialogBoxParamW] [1003695B] C:\WINDOWS\system32\PicNotify.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

AttachedDevice \Driver\Tcpip \Device\Ip lnsfw1.sys

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp lnsfw1.sys

AttachedDevice \Driver\Tcpip \Device\Udp lnsfw1.sys

AttachedDevice \Driver\Tcpip \Device\RawIp lnsfw1.sys

AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hi gt88,

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

[*]Please post this log in your next reply.

Link to post
Share on other sites

I seem to be getting this error:

Kaspersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later.

I however have:

Java Platform, Standard Edition

Runtime Environment

Version 6

Should i uninstall java then reinstall it?

Link to post
Share on other sites

Hi gt88,

Kaspersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later

Please update to the latest version of Java and remove all old versions then run the Kaspersky scan again. Ensure that you use the link from my previous post and not the link on the main Kaspersky website.

If the scanner will still not run then

ESET online scannner

  • Please go Here then click on: EOLS1.gif
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Hi deltalima,

I uninstalled Java then reinstalled it and still got the same error when running Kaspersky so I ran the Eset instead and this is the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=12

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f2151e321673254a8f0c614238a5cbd1

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-06-05 12:02:38

# local_time=2010-06-05 10:02:38 (+1000, AUS Eastern Standard Time)

# country="Australia"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 859676 859676 0 0

# compatibility_mode=8194 67108181 100 100 97014 24119566 0 0

# scanned=64165

# found=1

# cleaned=0

# scan_time=13085

# nod_component=NOD32MOD_WINNT_ENGLISH_BASE Build:0x11081610

# nod_component=NOD32MOD_WINNT_ENGLISH_INET Build:0x11081610

# nod_component=NOD32MOD_WINNT_ENGLISH_STANDARD Build:0x11081610

C:\Documents and Settings\Diana\Local Settings\Temporary Internet Files\Content.IE5\2CYP4BRA\newplayer[1].pdf JS/Exploit.Pdfka.OAI trojan 00000000000000000000000000000000 I

Link to post
Share on other sites

Hi gt88,

TFC

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

TDSSKiller

  • Download the file TDSSKiller.zip and save it on your desktop
  • Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop
  • Next double-click the tdsskiller Folder on your desktop.
  • Next right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Highlight and copy the text in the codebox below.
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"


  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • Open tdskiller.txt on your desktop and post the contents in your next reply

Link to post
Share on other sites

Hi deltalima,

Can I delete all the other programs previously used ie. OTL, RKUnhookerLE, GMER etc?

05:23:12:046 2848 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

05:23:12:046 2848 ================================================================================

05:23:12:046 2848 SystemInfo:

05:23:12:046 2848 OS Version: 5.1.2600 ServicePack: 3.0

05:23:12:046 2848 Product type: Workstation

05:23:12:062 2848 ComputerName: LENOVO-D6BCD33D

05:23:12:062 2848 UserName: Diana

05:23:12:062 2848 Windows directory: C:\WINDOWS

05:23:12:062 2848 Processor architecture: Intel x86

05:23:12:062 2848 Number of processors: 2

05:23:12:062 2848 Page size: 0x1000

05:23:12:171 2848 Boot type: Normal boot

05:23:12:171 2848 ================================================================================

05:23:22:875 2848 Initialize success

05:23:22:875 2848

05:23:22:875 2848 Scanning Services ...

05:23:23:750 2848 Raw services enum returned 342 services

05:23:23:796 2848

05:23:23:812 2848 Scanning Drivers ...

05:23:24:468 2848 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

05:23:24:515 2848 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

05:23:24:546 2848 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

05:23:24:625 2848 ACPIVPC (5508e9f55799c6551d54dfbc4a068b68) C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys

05:23:24:671 2848 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

05:23:24:734 2848 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

05:23:24:828 2848 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

05:23:24:875 2848 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

05:23:24:906 2848 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

05:23:24:937 2848 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

05:23:24:968 2848 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

05:23:25:000 2848 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

05:23:25:078 2848 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

05:23:25:109 2848 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

05:23:25:250 2848 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys

05:23:25:421 2848 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

05:23:25:515 2848 AMON (515c9cf8a21a62861d5058135f852d6a) C:\WINDOWS\system32\drivers\amon.sys

05:23:25:578 2848 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

05:23:25:640 2848 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

05:23:25:671 2848 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

05:23:25:703 2848 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

05:23:25:765 2848 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

05:23:25:828 2848 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

05:23:25:875 2848 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

05:23:25:921 2848 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

05:23:25:984 2848 b57w2k (58911390115465bf6d8048f21f48655a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

05:23:26:140 2848 BCM43XX (cc03987ee5d0f956706b40d2f91f9e4f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

05:23:26:234 2848 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

05:23:26:328 2848 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys

05:23:26:421 2848 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys

05:23:26:546 2848 BTKRNL (cf47c53d294abcb5159b02b68b37ba89) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

05:23:26:625 2848 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

05:23:26:671 2848 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys

05:23:26:734 2848 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

05:23:26:765 2848 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

05:23:26:812 2848 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

05:23:26:843 2848 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

05:23:26:875 2848 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

05:23:26:921 2848 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

05:23:26:953 2848 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

05:23:27:031 2848 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

05:23:27:062 2848 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

05:23:27:109 2848 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

05:23:27:140 2848 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

05:23:27:187 2848 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

05:23:27:250 2848 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

05:23:27:281 2848 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

05:23:27:359 2848 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

05:23:27:515 2848 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

05:23:27:562 2848 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

05:23:27:625 2848 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

05:23:27:671 2848 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

05:23:27:687 2848 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

05:23:27:734 2848 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

05:23:27:812 2848 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

05:23:27:859 2848 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

05:23:27:890 2848 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

05:23:27:921 2848 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

05:23:27:968 2848 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

05:23:27:984 2848 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

05:23:28:046 2848 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

05:23:28:078 2848 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

05:23:28:125 2848 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

05:23:28:203 2848 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

05:23:28:265 2848 hwdatacard (53f1160666435151b6fcf89d015fe620) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

05:23:28:343 2848 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

05:23:28:375 2848 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

05:23:28:437 2848 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

05:23:28:859 2848 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

05:23:29:312 2848 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

05:23:29:375 2848 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

05:23:29:734 2848 IntcAzAudAddService (42d9da46b6d1c40daab37947d8a4490b) C:\WINDOWS\system32\drivers\RtkHDAud.sys

05:23:29:937 2848 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

05:23:29:968 2848 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

05:23:30:000 2848 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

05:23:30:031 2848 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

05:23:30:062 2848 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

05:23:30:109 2848 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

05:23:30:156 2848 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

05:23:30:187 2848 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

05:23:30:265 2848 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

05:23:30:296 2848 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

05:23:30:375 2848 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

05:23:30:468 2848 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

05:23:30:578 2848 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

05:23:30:671 2848 lnsfw1 (1972d7d56b8db075312487ca8c59d5e7) C:\WINDOWS\system32\drivers\lnsfw1.sys

05:23:30:718 2848 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

05:23:30:765 2848 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

05:23:30:906 2848 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys

05:23:31:093 2848 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

05:23:31:140 2848 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

05:23:31:171 2848 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

05:23:31:203 2848 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

05:23:31:312 2848 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

05:23:31:359 2848 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

05:23:31:421 2848 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

05:23:31:484 2848 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

05:23:31:546 2848 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

05:23:31:609 2848 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

05:23:31:640 2848 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

05:23:31:687 2848 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

05:23:31:734 2848 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

05:23:31:796 2848 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

05:23:31:843 2848 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

05:23:31:875 2848 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

05:23:31:906 2848 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

05:23:31:937 2848 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

05:23:31:968 2848 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

05:23:32:000 2848 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

05:23:32:046 2848 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

05:23:32:109 2848 nod32drv (e4dd307d959f80b2c0869046d34baa36) C:\WINDOWS\system32\drivers\nod32drv.sys

05:23:32:156 2848 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

05:23:32:234 2848 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

05:23:32:312 2848 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

05:23:32:359 2848 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

05:23:32:390 2848 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

05:23:32:421 2848 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

05:23:32:453 2848 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

05:23:32:484 2848 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

05:23:32:531 2848 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

05:23:32:578 2848 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

05:23:32:609 2848 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

05:23:32:687 2848 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

05:23:32:718 2848 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

05:23:32:796 2848 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\drivers\PMEMNT.SYS

05:23:32:828 2848 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

05:23:32:890 2848 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\WINDOWS\system32\DRIVERS\psadd.sys

05:23:32:937 2848 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

05:23:32:968 2848 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

05:23:33:000 2848 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

05:23:33:046 2848 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

05:23:33:093 2848 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

05:23:33:140 2848 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

05:23:33:171 2848 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

05:23:33:218 2848 RasAcd (2d40848bb1ac9fb013b1c79b30089dc7) C:\WINDOWS\system32\DRIVERS\rasacd.sys

05:23:33:218 2848 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: 2d40848bb1ac9fb013b1c79b30089dc7, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c

05:23:33:218 2848 File "C:\WINDOWS\system32\DRIVERS\rasacd.sys" infected by TDSS rootkit ... 05:23:36:031 2848 Backup copy found, using it..

05:23:56:093 2848 will be cured on next reboot

05:23:56:265 2848 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

05:23:56:296 2848 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

05:23:56:328 2848 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

05:23:56:375 2848 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

05:23:56:468 2848 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

05:23:56:531 2848 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

05:23:56:593 2848 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

05:23:56:640 2848 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

05:23:56:750 2848 RSUSBSTOR (4290417463801d31b7c6d1adb0f8bb4c) C:\WINDOWS\system32\Drivers\RTS5121.sys

05:23:56:828 2848 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

05:23:56:937 2848 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

05:23:56:984 2848 SFilter (765907f222b72a2380500b943cc60bd6) C:\WINDOWS\system32\DRIVERS\lnsfw.sys

05:23:57:046 2848 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

05:23:57:093 2848 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

05:23:57:171 2848 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

05:23:57:234 2848 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

05:23:57:312 2848 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

05:23:57:359 2848 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

05:23:57:421 2848 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

05:23:57:453 2848 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

05:23:57:484 2848 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

05:23:57:562 2848 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

05:23:57:593 2848 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

05:23:57:625 2848 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

05:23:57:656 2848 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

05:23:57:671 2848 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

05:23:57:765 2848 SynTP (6bd4fd6c3ee76c247ecaf484cb590b72) C:\WINDOWS\system32\DRIVERS\SynTP.sys

05:23:57:921 2848 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

05:23:58:015 2848 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

05:23:58:062 2848 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

05:23:58:093 2848 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

05:23:58:140 2848 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

05:23:58:171 2848 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

05:23:58:203 2848 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

05:23:58:250 2848 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

05:23:58:312 2848 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

05:23:58:515 2848 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

05:23:58:687 2848 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

05:23:58:812 2848 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

05:23:58:875 2848 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

05:23:58:968 2848 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

05:23:59:046 2848 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

05:23:59:125 2848 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

05:23:59:375 2848 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

05:23:59:437 2848 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

05:23:59:484 2848 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

05:23:59:515 2848 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

05:23:59:578 2848 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

05:23:59:656 2848 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

05:23:59:687 2848 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

05:23:59:750 2848 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

05:23:59:796 2848 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

05:23:59:812 2848 Reboot required for cure complete..

05:24:02:687 2848 Cure on reboot scheduled successfully

05:24:02:687 2848

05:24:02:703 2848 Completed

05:24:02:703 2848

05:24:02:703 2848 Results:

05:24:02:703 2848 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

05:24:02:703 2848 File objects infected / cured / cured on reboot: 1 / 0 / 1

05:24:02:703 2848

05:24:02:718 2848 KLMD(ARK) unloaded successfully

Link to post
Share on other sites

Hi gt88,

Can I delete all the other programs previously used ie. OTL, RKUnhookerLE, GMER etc?

Not yet, we will remove them once we have confirmed the infection has been fully removed.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.

All versions numbered lower than 9.3 are vulnerable.

  • Go HERE , UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code
    :otl
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Now please run a quick scan with Malwarebytes and post the log in your next reply and also let me know how the computer is running now.

Link to post
Share on other sites

Hi deltalima,

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

File not found.

OTL by OldTimer - Version 3.2.5.0 log created on 06082010_060512

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4176

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/06/2010 6:29:52 AM

mbam-log-2010-06-08 (06-29-52).txt

Scan type: Quick scan

Objects scanned: 126898

Time elapsed: 14 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi gt88,

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure

DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Create a new, clean System Restore point which you can use in case of future system problems:

  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Secunia Software Inspector

F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office

Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

Link to post
Share on other sites

Glad we could help. ;)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.