gt88 Posted May 26, 2010 ID:256587 Share Posted May 26, 2010 Keep getting this random popup from news.11.today.com. Scanned nod32, adaware and MBAM. MBAM picked up a few items which i removed, however the popup still appears. MY HJT log is below.ThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:37:02 AM, on 26/05/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Lenovo\Energy Management\utility.exeC:\Program Files\Lenovo\Energy Management\Energy Management.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeC:\Program Files\Lenovo\VeriFaceIII\PManage.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\LooknStop\looknstop.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\QSTART.SYS\config\DVMExportService.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LimeWire\LimeWire.exeC:\Program Files\Eset\nod32krn.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exec:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exec:\program files\lenovo\system update\suservice.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\PROGRA~1\HUAWEI~1\HUAWEI~1\3 USB Modem.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBRO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exeO4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exeO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeO4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exeO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\LooknStop\looknstop.exe" -autoO4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeO4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251514927730O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251514897245O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0E1B2DD2-C64F-4389-AA9F-DD97CA777446}: NameServer = 217.171.135.1 217.171.132.1O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: PicNotify - C:\WINDOWS\SYSTEM32\PicNotify.dllO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeO23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exeO23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeO23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe--End of file - 9200 bytes Link to post Share on other sites More sharing options...
deltalima Posted May 26, 2010 ID:256589 Share Posted May 26, 2010 Hi gt88,Welcome to the forum.My nickname is deltalima and I will be helping you with your computer problems.The logs can take some time to research, so please be patient with me.Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.Please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The fixes are specific to your problem and should only be used for this issue on this machine.Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one. It's often worth reading through these instructions and printing them for ease of reference.If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.Please reply to this thread. Do not start a new topic.Download and run OTLDownload OTL by Old Timer and save it to your Desktop.Double click on OTL.exe to run it.Under Output, ensure that Minimal Output is selected.Under Extra Registry section, select Use SafeList.Click the Scan All Users checkbox.Click on Run Scan at the top left hand corner.When done, two Notepad files will open.OTL.txt <-- Will be openedExtras.txt <-- Will be minimized[*]Please post the contents of these 2 Notepad files in your next reply.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here. Link to post Share on other sites More sharing options...
Begbie Posted May 27, 2010 ID:257513 Share Posted May 27, 2010 Like GT88, I am also having this problem. I have ran OTL and RK Unhooker. NotL RKU detects a parasite inside itself when run and recommends removing it!!! I haven't run this yet.Logs below. I would be grateful for any help.____________________________________________________________HJT Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:02:52, on 27/05/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeC:\Program Files\Labtec\Mouse\V3.0\moffice.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXED:\Program Files\WinZip Pro\WZQKPICK.EXEC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\WINDOWS\ATKKBService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgemc.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\cidaemon.exeD:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Windows NT\Accessories\WORDPAD.EXEC:\Documents and Settings\Administrator\Desktop\OTL.exeD:\Program Files\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home/?ai=13054R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dllF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ladklq.exe,O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\rpbrowserrecordplugin.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dllO3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dllO4 - HKLM\..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -HO4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeO4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exeO4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exeO4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exeO4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~2\Help\SMARTB~3\BTHelpNotifier.exeO4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exeO4 - HKLM\..\RunOnce: [uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarpO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exeO4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exeO4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip Pro\WZQKPICK.EXEO8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exeO9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dllO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exeO23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Google Update Service (gupdate1ca3b719fe19692) (gupdate1ca3b719fe19692) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - D:\Inprise\vbroker\bin\oad.exeO23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - D:\Inprise\vbroker\bin\osagent.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 7657 bytes_________________________________________________________OTL.txt file:OTL logfile created on: 27/05/2010 20:06:18 - Run 2OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 232.88 Gb Total Space | 201.25 Gb Free Space | 86.42% Space Free | Partition Type: NTFSDrive D: | 465.76 Gb Total Space | 317.34 Gb Free Space | 68.13% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: PAULCurrent User Name: AdministratorLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal========== Processes (SafeList) ==========PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)PRC - D:\Program Files\WinZip Pro\WZQKPICK.EXE (WinZip Computing, S.L.)PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)PRC - C:\Program Files\Labtec\Mouse\V3.0\moffice.exe ()PRC - C:\Program Files\Labtec\Mouse\V3.0\mouse32a.exe ()PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)========== Modules (SafeList) ==========MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)MOD - C:\Program Files\Labtec\Mouse\V3.0\mouDL32A.dll ()MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (ACDaemon) -- File not foundSRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)SRV - (YPCService) -- C:\WINDOWS\system32\YPcservice.exe (Yahoo! Inc.)SRV - (osagent) -- D:\Inprise\vbroker\bin\osagent.exe ()SRV - (oad) -- D:\Inprise\vbroker\bin\oad.exe ()========== Driver Services (SafeList) ==========DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)DRV - (Video3D) -- C:\WINDOWS\system32\drivers\Video3D32.sys (ASUSTeK COMPUTER INC.)DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)DRV - (PhilCap) -- C:\WINDOWS\system32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)DRV - (RTL8169) -- C:\WINDOWS\system32\drivers\Rtlh86.sys (Realtek Corporation)DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys (ATI Research Inc.)DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.htmlIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home/?ai=13054IE - HKU\S-1-5-21-448539723-162531612-1801674531-500\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)IE - HKU\S-1-5-21-448539723-162531612-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-448539723-162531612-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;2========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.7FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2FF - prefs.js..extensions.enabledItems: 5FF - prefs.js..extensions.enabledItems: 2FF - prefs.js..extensions.enabledItems: 2FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63FF - prefs.js..network.proxy.http: "222.68.207.11"FF - prefs.js..network.proxy.http_port: 80FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/21 12:33:29 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Program Files\Real\browserrecord\firefox\ext [2009/09/22 11:46:27 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/05/27 15:52:58 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/05/27 16:08:46 | 000,000,000 | ---D | M][2009/07/29 13:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions[2010/05/27 17:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions[2010/05/26 18:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2)[2010/05/26 18:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(3)[2010/05/26 22:05:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(4)[2010/05/08 12:33:56 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}[2009/08/15 13:39:48 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}[2010/04/14 19:15:52 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}[2010/04/28 11:12:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}[2010/03/27 13:24:13 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}[2010/05/27 16:08:41 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}[2009/11/03 16:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\en-GB@dictionaries.addons.mozilla.org[2010/04/25 14:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\firefox@tvunetworks.com[2010/03/14 13:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1uv2gowj.default\extensions\piclens@cooliris.comO1 HOSTS File: ([2008/04/14 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)O3 - HKU\S-1-5-21-448539723-162531612-1801674531-500\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)O3 - HKU\S-1-5-21-448539723-162531612-1801674531-500\..\Toolbar\WebBrowser: (Webs Credits) - {D09588AA-5560-4240-B2F2-774D78D7E917} - Reg Error: Value error. File not foundO3 - HKU\S-1-5-21-448539723-162531612-1801674531-500\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe ()O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\BT Home Hub\Help\SmartBridge\BTHelpNotifier.exe (Motive)O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)O4 - HKLM..\RunOnce: [uninstall Adobe Download Manager] File not foundO4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe (Motive Communications, Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = D:\Program Files\WinZip Pro\WZQKPICK.EXE (WinZip Computing, S.L.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1O7 - HKU\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)O15 - HKU\S-1-5-21-448539723-162531612-1801674531-500\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\ladklq.exe) - C:\WINDOWS\System32\ladklq.exe File not foundO20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/07/29 11:43:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\E\Shell - "" = AutoRunO33 - MountPoints2\E\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not foundO34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2010/05/27 19:19:26 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe[2010/05/27 16:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit[2010/05/27 16:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit[2010/05/27 16:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\myBabylon_English[2010/05/27 16:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\myBabylon_English[2010/05/27 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\NOS[2010/05/27 16:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS[2010/05/27 15:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe[2010/05/27 15:36:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent[2010/05/27 15:32:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files[2010/05/27 15:31:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache[2010/05/27 15:29:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpctrs.dll[2010/05/27 15:29:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snprfdll.dll[2010/05/27 15:29:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fcachdll.dll[2010/05/27 15:29:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regtrace.exe[2010/05/27 15:29:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiisex.dll[2010/05/27 15:29:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aspperf.dll[2010/05/27 15:29:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3svapi.dll[2010/05/27 15:29:25 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ctrs.dll[2010/05/27 15:29:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisreset.exe[2010/05/27 15:29:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wamregps.dll[2010/05/27 15:29:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftpsapi2.dll[2010/05/27 15:29:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisrstap.dll[2010/05/27 15:29:23 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\convlog.exe[2010/05/27 15:29:23 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsloc.dll[2010/05/27 15:29:23 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoctrs.dll[2010/05/27 15:29:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admxprox.dll[2010/05/27 15:29:23 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismui.dll[2010/05/27 15:29:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll[2010/05/27 15:29:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll[2010/05/27 15:29:17 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiis.dll[2010/05/27 15:29:17 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisext.dll[2010/05/27 15:29:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismap.dll[2010/05/27 15:29:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\exstrace.dll[2010/05/27 15:29:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoadmn.dll[2010/05/27 15:29:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisRtl.dll[2010/05/27 15:29:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admwprox.dll[2010/05/27 15:29:13 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lpdsvc.dll[2010/05/27 15:29:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lprmon.dll[2010/05/27 15:29:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\staxmem.dll[2010/05/27 15:29:09 | 000,000,000 | ---D | C] -- C:\Inetpub[2010/05/27 15:27:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntagnt.dll[2010/05/27 15:27:54 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntwin.exe[2010/05/27 15:27:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe[2010/05/27 15:27:54 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntcmd.exe[2010/05/27 15:27:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmpmib.dll[2010/05/27 15:27:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hostmib.dll[2010/05/27 15:27:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmmib2.dll[2010/05/27 13:51:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\7A9B63233F5E4A2E939E8A1F4F6A0CA8.TMP[2010/05/27 11:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Motive[2010/05/26 22:32:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel[2010/05/26 22:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Motive(4)[2010/05/26 21:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Motive(4)(2)[2010/05/26 16:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Motive(3)[2010/05/25 20:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Motive(2)[2010/05/25 14:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ippycyxlp[2010/05/22 18:02:32 | 000,000,000 | ---D | C] -- C:\FSiLinks[2010/05/22 18:00:05 | 000,000,000 | ---D | C] -- C:\FSi[2010/05/19 17:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes[2010/05/19 17:47:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/05/19 17:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2010/05/19 17:47:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/05/18 14:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\manky[2010/05/16 12:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer[2010/05/16 00:03:44 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys[2010/05/14 12:50:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\usewrw[2010/05/13 22:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DVDVideoSoft[2010/05/13 22:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft[2010/05/04 01:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer[2010/05/04 01:33:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8[2010/05/04 00:20:50 | 000,000,000 | ---D | C] -- C:\Microgaming[2010/04/30 12:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun[2010/04/29 14:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\*.tmp files -> C:\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/05/27 19:20:08 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI[2010/05/27 19:19:37 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE[2010/05/27 19:19:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat[2010/05/27 19:19:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe[2010/05/27 19:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2010/05/27 18:00:27 | 060,433,047 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm[2010/05/27 16:37:10 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk[2010/05/27 16:18:35 | 000,073,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT[2010/05/27 15:52:58 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2010/05/27 15:38:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2010/05/27 15:38:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/05/27 15:37:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/05/27 15:36:29 | 006,139,904 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat[2010/05/27 15:36:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini[2010/05/27 15:32:36 | 000,570,256 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010/05/27 15:32:36 | 000,476,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010/05/27 15:32:36 | 000,083,406 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010/05/27 13:29:48 | 000,000,579 | ---- | M] () -- C:\WINDOWS\win.ini[2010/05/27 13:29:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2010/05/26 23:13:59 | 000,000,243 | -HS- | M] () -- C:\boot.ini[2010/05/26 22:58:06 | 000,265,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2010/05/26 22:36:39 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI[2010/05/26 22:29:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job[2010/05/26 22:23:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2010/05/26 20:20:10 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\limited connectivity.rtf[2010/05/26 16:23:14 | 000,253,740 | ---- | M] () -- C:\firewall.jpg[2010/05/26 12:35:17 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin[2010/05/25 12:45:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/05/25 12:35:30 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db[2010/05/23 15:18:33 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WebpageIcons.db[2010/05/22 01:39:00 | 000,406,318 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\btv.zip[2010/05/22 01:37:16 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UKTV.zip[2010/05/21 21:20:52 | 000,041,914 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\flags.jpg[2010/05/21 00:00:10 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sweepstake.zip[2010/05/19 17:47:20 | 000,000,588 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/05/16 00:03:41 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys[2010/05/15 22:15:24 | 000,425,984 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb[2010/05/15 22:15:24 | 000,275,456 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb[2010/05/15 22:07:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job[2010/05/11 01:03:03 | 000,002,640 | ---- | M] () -- C:\WINDOWS\System32\settings.aaw[2010/05/11 01:03:03 | 000,000,960 | ---- | M] () -- C:\WINDOWS\System32\history.aaw[2010/05/09 22:53:54 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Zattoo.lnk[2010/05/04 01:37:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk[2010/05/01 14:55:15 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SopCast.lnk[2010/04/30 12:44:41 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat[2010/04/29 22:13:37 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\*.tmp files -> C:\*.tmp -> ]========== Files Created - No Company Name ==========[2010/05/27 19:19:38 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE[2010/05/27 16:37:10 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk[2010/05/27 15:52:58 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2010/05/27 15:29:36 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini[2010/05/27 15:29:36 | 000,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h[2010/05/27 15:29:35 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini[2010/05/27 15:29:35 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h[2010/05/27 15:29:25 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini[2010/05/27 15:29:25 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini[2010/05/27 15:29:25 | 000,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h[2010/05/27 15:29:25 | 000,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h[2010/05/27 15:29:23 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini[2010/05/27 15:29:23 | 000,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h[2010/05/27 15:27:58 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib[2010/05/27 15:27:58 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib[2010/05/27 15:27:58 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib[2010/05/27 15:27:57 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib[2010/05/27 15:27:57 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib[2010/05/27 15:27:57 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib[2010/05/27 15:27:57 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib[2010/05/27 15:27:57 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib[2010/05/27 15:27:57 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib[2010/05/27 15:27:57 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib[2010/05/27 15:27:57 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib[2010/05/27 15:27:56 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib[2010/05/27 15:27:56 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib[2010/05/27 15:27:56 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib[2010/05/27 15:27:56 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib[2010/05/27 15:27:56 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib[2010/05/27 15:27:56 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib[2010/05/27 15:27:56 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib[2010/05/27 15:27:55 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib[2010/05/27 15:27:55 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib[2010/05/26 23:58:58 | 006,139,904 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat[2010/05/26 21:02:52 | 000,015,975 | ---- | C] () -- C:\Documents and Settings\Administrator\log.txt[2010/05/26 20:20:10 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\limited connectivity.rtf[2010/05/26 19:27:13 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk[2010/05/26 19:27:13 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk[2010/05/26 16:23:14 | 000,253,740 | ---- | C] () -- C:\firewall.jpg[2010/05/22 01:38:59 | 000,406,318 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\btv.zip[2010/05/22 01:37:16 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UKTV.zip[2010/05/21 21:20:52 | 000,041,914 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\flags.jpg[2010/05/21 00:00:10 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sweepstake.zip[2010/05/19 17:47:20 | 000,000,588 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/05/16 00:08:05 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job[2010/05/04 01:38:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk[2010/04/30 12:44:41 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2010/04/30 12:44:41 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat[2010/04/13 16:39:35 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL[2010/04/13 16:39:35 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL[2010/04/13 16:39:35 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL[2010/02/18 20:27:10 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys[2010/01/01 13:09:45 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini[2009/11/20 16:41:20 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\qtmlClient.dll[2009/11/20 16:41:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini[2009/11/15 15:38:43 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI[2009/10/20 01:13:42 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys[2009/08/21 13:56:11 | 000,005,440 | ---- | C] () -- C:\WINDOWS\cdplayer.ini[2009/08/05 18:08:29 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll[2009/07/29 21:07:30 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys[2009/07/29 19:55:57 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll[2009/07/29 19:55:57 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys[2009/07/29 19:55:52 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys[2009/07/29 19:55:52 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys[2009/07/29 19:37:44 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI[2009/07/29 19:13:26 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini[2009/07/29 19:13:25 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll[2009/07/29 19:13:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll[2009/07/29 19:13:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll[2009/07/29 19:13:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll[2009/07/29 19:13:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll[2009/07/29 19:13:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll[2009/07/29 19:13:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll[2009/07/29 19:13:24 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll[2009/07/29 18:22:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll[2009/07/29 13:07:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll[2009/07/29 11:58:14 | 000,020,257 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini[2009/07/29 11:58:03 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys[2009/07/29 11:58:01 | 000,021,582 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini[2009/07/29 11:57:52 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS[2009/07/17 18:03:47 | 000,009,760 | ---- | C] () -- C:\WINDOWS\System32\716xCoInstaller.dll[2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2008/12/23 16:33:18 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll[2008/04/14 11:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll[2007/01/26 03:04:12 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL[2007/01/26 03:04:12 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL[2006/06/07 16:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest[2004/10/11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL[2003/09/23 13:40:34 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll[2003/08/07 15:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll========== Alternate Data Streams ==========@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1< End of report >______________________________________________________________Extras.txt:OTL Extras logfile created on: 27/05/2010 20:06:18 - Run 2OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrator\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 232.88 Gb Total Space | 201.25 Gb Free Space | 86.42% Space Free | Partition Type: NTFSDrive D: | 465.76 Gb Total Space | 317.34 Gb Free Space | 68.13% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: PAULCurrent User Name: AdministratorLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html [@ = htmlfile] -- C:\Program Files\Yahoo!\browser\ybrowser.exe (Yahoo!, Inc.)[HKEY_USERS\S-1-5-21-448539723-162531612-1801674531-500\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 (Yahoo!, Inc.)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 0"DisableUnicastResponsesToMulticastBroadcast" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0"DisableNotifications" = 0"DisableUnicastResponsesToMulticastBroadcast" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server Web Server"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found"D:\Program Files\spotify.exe" = D:\Program Files\spotify.exe:*:Enabled:Spotify -- (Spotify AB)"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)"D:\Program Files\Sopcast\SopCast.exe" = D:\Program Files\Sopcast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled: Link to post Share on other sites More sharing options...
deltalima Posted May 27, 2010 ID:257517 Share Posted May 27, 2010 BegbieYou must open your own topic, it is not possible to work on two computers in the same thread. Link to post Share on other sites More sharing options...
Begbie Posted May 27, 2010 ID:257552 Share Posted May 27, 2010 BegbieYou must open your own topic, it is not possible to work on two computers in the same thread.Apologies. http://forums.malwarebytes.org/index.php?showtopic=51915 Link to post Share on other sites More sharing options...
gt88 Posted May 28, 2010 Author ID:257811 Share Posted May 28, 2010 Hi deltalima,Since my last post, things seem to be getting worse. Ive posted a new HJT log, MBAM log, OTL log, however I got an error when running RKUnHooker. The error received is:Warning-integrity checkingRootkit Unhooker has detected parasite inside itself!It is recommended to remove parasite, okay?Parasite type: Unknown remote threadThread ID: 2148Priority:8Thread start address: 0x77DF848AModule: advapi32.dllThen when i press ok it says: Parasite removed, continue loadingI started the scanning process but halfway through as it was scanning files a error occured with unhooker and it closed the program.HJT LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:17:42 AM, on 28/05/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Lenovo\Energy Management\utility.exeC:\Program Files\Lenovo\Energy Management\Energy Management.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeC:\Program Files\Lenovo\VeriFaceIII\PManage.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\LooknStop\looknstop.exeC:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\QSTART.SYS\config\DVMExportService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Eset\nod32krn.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exec:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exec:\program files\lenovo\system update\suservice.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\PROGRA~1\HUAWEI~1\HUAWEI~1\3 USB Modem.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBRO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exeO4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exeO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeO4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exeO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\LooknStop\looknstop.exe" -autoO4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeO4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251514927730O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251514897245O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0E1B2DD2-C64F-4389-AA9F-DD97CA777446}: NameServer = 141.1.1.1 195.27.1.1O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: PicNotify - C:\WINDOWS\SYSTEM32\PicNotify.dllO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeO23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exeO23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeO23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe--End of file - 9203 bytes Link to post Share on other sites More sharing options...
gt88 Posted May 28, 2010 Author ID:257813 Share Posted May 28, 2010 OTL.txt LogOTL logfile created on: 28/05/2010 7:02:23 AM - Run 1OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Diana\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy1,014.00 Mb Total Physical Memory | 396.00 Mb Available Physical Memory | 39.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 146.62 Gb Total Space | 129.78 Gb Free Space | 88.51% Space Free | Partition Type: NTFSDrive D: | 12.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: LENOVO-D6BCD33DCurrent User Name: DianaLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal========== Processes (SafeList) ==========PRC - C:\Documents and Settings\Diana\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)PRC - C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)PRC - C:\Program Files\ESET\nod32kui.exe (Eset )PRC - C:\Program Files\ESET\nod32krn.exe (Eset )PRC - C:\Program Files\LooknStop\looknstop.exe (Soft4Ever)PRC - C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)PRC - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)PRC - C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)PRC - C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe (Huawei Technologies)PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)========== Modules (SafeList) ==========MOD - C:\Documents and Settings\Diana\Desktop\OTL.exe (OldTimer Tools)MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)SRV - (NOD32krn) -- C:\Program Files\Eset\nod32krn.exe (Eset )SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)SRV - (DvmMDES) -- C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)========== Driver Services (SafeList) ==========DRV - (AMON) -- C:\WINDOWS\system32\drivers\amon.sys (Eset )DRV - (nod32drv) -- C:\WINDOWS\system32\drivers\nod32drv.sys ()DRV - (SFilter) -- C:\WINDOWS\system32\drivers\lnsfw.sys ()DRV - (lnsfw1) -- C:\WINDOWS\system32\drivers\lnsfw1.sys ()DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corp.)DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)DRV - (ACPIVPC) -- C:\WINDOWS\system32\drivers\AcpiVpc.sys (Lenovo Corporation)DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)DRV - (PMEM) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.comIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.comIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1136026159-2533065141-587483773-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBRIE - HKU\S-1-5-21-1136026159-2533065141-587483773-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\S-1-5-21-1136026159-2533065141-587483773-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/IE - HKU\S-1-5-21-1136026159-2533065141-587483773-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0[2010/02/21 01:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diana\Application Data\Mozilla\Extensions[2010/02/21 01:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diana\Application Data\Mozilla\Extensions\mozswing@mozswing.orgO1 HOSTS File: ([2010/05/25 07:07:45 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-1136026159-2533065141-587483773-1009\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)O4 - HKLM..\Run: [Look 'n' Stop] C:\Program Files\LooknStop\looknstop.exe (Soft4Ever)O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )O4 - HKLM..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()O4 - Startup: C:\Documents and Settings\Diana\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1136026159-2533065141-587483773-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1251514927730 (WUWebControl Class)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1251514897245 (MUWebControl Class)O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()O24 - Desktop WallPaper: C:\Documents and Settings\Diana\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Diana\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2008/07/22 05:16:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]O32 - AutoRun File - [2007/03/13 04:22:30 | 000,000,112 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]O33 - MountPoints2\{0fbaa7d8-c316-11de-ae59-000000000000}\Shell - "" = AutoRunO33 - MountPoints2\{0fbaa7d8-c316-11de-ae59-000000000000}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{0fbaa7d8-c316-11de-ae59-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\{43e3e858-0d9f-11df-aef7-000000000000}\Shell - "" = AutoRunO33 - MountPoints2\{43e3e858-0d9f-11df-aef7-000000000000}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{43e3e858-0d9f-11df-aef7-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\{48098944-0de8-11df-94eb-000000000000}\Shell - "" = AutoRunO33 - MountPoints2\{48098944-0de8-11df-94eb-000000000000}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{48098944-0de8-11df-94eb-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\{4809894d-0de8-11df-94eb-000000000000}\Shell - "" = AutoRunO33 - MountPoints2\{4809894d-0de8-11df-94eb-000000000000}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{4809894d-0de8-11df-94eb-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\{5d6dd898-0ea2-11df-94f5-000000000000}\Shell - "" = AutoRunO33 - MountPoints2\{5d6dd898-0ea2-11df-94f5-000000000000}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{5d6dd898-0ea2-11df-94f5-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\{5f2aed7e-a73c-11de-ae49-000000000000}\Shell - "" = AutoRunO33 - MountPoints2\{5f2aed7e-a73c-11de-ae49-000000000000}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{5f2aed7e-a73c-11de-ae49-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\{76cef940-2a20-11df-9545-000000000000}\Shell - "" = AutoRunO33 - MountPoints2\{76cef940-2a20-11df-9545-000000000000}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{76cef940-2a20-11df-9545-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\{76cef941-2a20-11df-9545-000000000000}\Shell - "" = AutoRunO33 - MountPoints2\{76cef941-2a20-11df-9545-000000000000}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{76cef941-2a20-11df-9545-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\{9ba1f2f0-a739-11de-ae48-000000000000}\Shell - "" = AutoRunO33 - MountPoints2\{9ba1f2f0-a739-11de-ae48-000000000000}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{9ba1f2f0-a739-11de-ae48-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\{9ba1f2f1-a739-11de-ae48-000000000000}\Shell - "" = AutoRunO33 - MountPoints2\{9ba1f2f1-a739-11de-ae48-000000000000}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{9ba1f2f1-a739-11de-ae48-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\{9ba1f2f2-a739-11de-ae48-000000000000}\Shell - "" = AutoRunO33 - MountPoints2\{9ba1f2f2-a739-11de-ae48-000000000000}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{9ba1f2f2-a739-11de-ae48-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\{b7003934-0e41-11df-94ec-000000000000}\Shell - "" = AutoRunO33 - MountPoints2\{b7003934-0e41-11df-94ec-000000000000}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{b7003934-0e41-11df-94ec-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\{bcd1ccbc-c259-11de-ae58-000000000000}\Shell - "" = AutoRunO33 - MountPoints2\{bcd1ccbc-c259-11de-ae58-000000000000}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{bcd1ccbc-c259-11de-ae58-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\{ca5786c8-a68a-11de-ae47-000000000000}\Shell - "" = AutoRunO33 - MountPoints2\{ca5786c8-a68a-11de-ae47-000000000000}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{ca5786c8-a68a-11de-ae47-000000000000}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\D\Shell - "" = AutoRunO33 - MountPoints2\D\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/07/04 07:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)O33 - MountPoints2\Z\Shell - "" = AutoRunO33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\setup.exe -- File not foundO34 - HKLM BootExecute: (autocheck autochk *) - File not foundO34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2010/05/28 06:53:35 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Diana\Desktop\OTL.exe[2010/05/28 05:48:28 | 000,000,000 | -H-D | C] -- C:\dvmexp[2010/05/26 08:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2010/05/25 05:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Diana\Application Data\Malwarebytes[2010/05/25 05:04:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/05/25 05:03:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2010/05/25 05:03:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/05/25 05:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2010/05/24 05:52:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\MSHRUKPDAUE[2010/05/24 05:51:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\131be87[2010/05/21 06:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe[2010/05/21 06:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun[2010/05/19 23:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia[2010/05/19 23:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe[2010/05/17 06:40:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun[2010/05/09 22:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Diana\Application Data\Help[2010/05/03 19:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Diana\My Documents\photo shoot[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/05/28 06:53:45 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Diana\Desktop\OTL.exe[2010/05/28 05:48:04 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job[2010/05/28 05:48:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/05/28 05:47:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/05/28 05:47:54 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys[2010/05/28 04:15:59 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat[2010/05/28 03:14:41 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2010/05/27 09:44:45 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Diana\NTUSER.DAT[2010/05/27 09:44:45 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Diana\ntuser.ini[2010/05/27 09:44:34 | 001,685,060 | -H-- | M] () -- C:\Documents and Settings\Diana\Local Settings\Application Data\IconCache.db[2010/05/26 08:36:50 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Diana\Desktop\HijackThis.lnk[2010/05/25 07:07:45 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2010/05/25 05:04:19 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/05/22 18:22:38 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk[2010/05/21 07:47:51 | 000,000,047 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat[2010/05/20 19:57:41 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/05/04 06:19:00 | 000,029,186 | ---- | M] () -- C:\Documents and Settings\Diana\My Documents\paddywagon insurance letter.docx[2010/05/03 04:36:12 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Diana\My Documents\lebanon ticket.doc[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2010/05/28 05:47:54 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys[2010/05/28 04:15:59 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat[2010/05/26 08:36:50 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Diana\Desktop\HijackThis.lnk[2010/05/25 05:04:19 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/05/04 06:18:59 | 000,029,186 | ---- | C] () -- C:\Documents and Settings\Diana\My Documents\paddywagon insurance letter.docx[2010/05/03 04:36:11 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Diana\My Documents\lebanon ticket.doc[2009/09/02 14:00:48 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll[2009/09/02 14:00:42 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll[2009/09/02 13:51:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2009/08/30 03:32:13 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys[2009/08/29 12:51:16 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll[2009/08/29 12:44:17 | 000,079,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\lnsfw1.sys[2009/08/29 12:44:17 | 000,058,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\lnsfw.sys[2009/08/29 12:44:17 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fwapi.dll[2009/07/03 18:54:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2009/07/03 18:25:39 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll[2009/07/03 18:25:39 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll[2009/07/03 18:25:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll[2009/07/03 18:25:38 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll[2009/07/03 18:25:38 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll[2009/07/03 18:25:38 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll[2009/07/03 18:25:38 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll[2009/07/03 18:25:38 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll[2009/07/03 18:25:38 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll[2009/07/03 18:25:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll[2009/07/03 18:25:37 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll[2009/07/03 18:25:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll[2009/07/03 18:25:36 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll[2009/07/03 18:25:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll[2009/07/03 18:25:36 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll[2009/07/03 18:25:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll[2009/07/03 18:25:34 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll[2009/07/03 18:19:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll[2009/01/17 10:55:38 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll[2008/10/29 04:17:50 | 000,012,240 | ---- | C] () -- C:\WINDOWS\System32\dvmio.sys[2008/07/22 07:08:39 | 000,005,398 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI[2005/02/18 04:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest[2005/02/18 04:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest[2001/11/15 05:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll< End of report > Link to post Share on other sites More sharing options...
gt88 Posted May 28, 2010 Author ID:257816 Share Posted May 28, 2010 Extras.txt LogOTL Extras logfile created on: 28/05/2010 7:02:23 AM - Run 1OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Diana\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy1,014.00 Mb Total Physical Memory | 396.00 Mb Available Physical Memory | 39.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 146.62 Gb Total Space | 129.78 Gb Free Space | 88.51% Space Free | Partition Type: NTFSDrive D: | 12.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: LENOVO-D6BCD33DCurrent User Name: DianaLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)"C:\Documents and Settings\All Users\Application Data\131be87\MS131b.exe" = C:\Documents and Settings\All Users\Application Data\131be87\MS131b.exe:*:Enabled:My Security Engine -- File not found========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{808E299D-B223-4B06-ACB7-68F3705D9EC6}" = Lenovo Quick Start"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype Link to post Share on other sites More sharing options...
gt88 Posted May 28, 2010 Author ID:257817 Share Posted May 28, 2010 Extras.txt LogOTL Extras logfile created on: 28/05/2010 7:02:23 AM - Run 1OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Diana\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy1,014.00 Mb Total Physical Memory | 396.00 Mb Available Physical Memory | 39.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 146.62 Gb Total Space | 129.78 Gb Free Space | 88.51% Space Free | Partition Type: NTFSDrive D: | 12.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: LENOVO-D6BCD33DCurrent User Name: DianaLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)"C:\Documents and Settings\All Users\Application Data\131be87\MS131b.exe" = C:\Documents and Settings\All Users\Application Data\131be87\MS131b.exe:*:Enabled:My Security Engine -- File not found========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{808E299D-B223-4B06-ACB7-68F3705D9EC6}" = Lenovo Quick Start"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype Link to post Share on other sites More sharing options...
gt88 Posted May 28, 2010 Author ID:257818 Share Posted May 28, 2010 Extras.txt LogOTL Extras logfile created on: 28/05/2010 7:02:23 AM - Run 1OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Diana\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy1,014.00 Mb Total Physical Memory | 396.00 Mb Available Physical Memory | 39.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 146.62 Gb Total Space | 129.78 Gb Free Space | 88.51% Space Free | Partition Type: NTFSDrive D: | 12.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: LENOVO-D6BCD33DCurrent User Name: DianaLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)"C:\Documents and Settings\All Users\Application Data\131be87\MS131b.exe" = C:\Documents and Settings\All Users\Application Data\131be87\MS131b.exe:*:Enabled:My Security Engine -- File not found========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{808E299D-B223-4B06-ACB7-68F3705D9EC6}" = Lenovo Quick Start"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype Link to post Share on other sites More sharing options...
deltalima Posted May 28, 2010 ID:257824 Share Posted May 28, 2010 Hi gt88,DefoggerDisable DriversPlease download DeFogger... by jpshortstuff. Save it to your desktop.Double click DeFogger.exe to run the tool. The application window will appear. Click the Disable button to disable your CD Emulation drivers. Click Yes to continue. A 'Finished!' message will appear. Click OK. Click OK when DeFogger asks to reboot the machine.Do not re-enable these drivers until otherwise instructed.IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Please download GMER Rootkit Scanner from here.Double click the .exe file. If asked to allow gmer.sys driver to load, please consentIf it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.Run Gmer again and click on the Rootkit tab.Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".Click on the "Scan" and wait for the scan to finish.Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.Note: If you have any problems, try running GMER in SAFE MODEImportant! Please do not select the "Show all" checkbox during the scan..Please post the GMER log in your next reply. Link to post Share on other sites More sharing options...
gt88 Posted May 29, 2010 Author ID:258267 Share Posted May 29, 2010 defogger_disable by jpshortstuff (23.02.10.1)Log created at 20:26 on 28/05/2010 (Diana)Checking for autostart values...HKCU\~\Run values retrieved.HKLM\~\Run values retrieved.Checking for services/drivers...-=E.O.F=-GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-05-28 22:18:55Windows 5.1.2600 Service Pack 3Running: 0qlw3quh.exe; Driver: C:\DOCUME~1\Diana\LOCALS~1\Temp\afryrpoc.sys---- User code sections - GMER 1.0.15 ----.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009F000A .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[856] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A0000A .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[856] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009E000C .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C .text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A .text C:\WINDOWS\system32\svchost.exe[1300] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E4000A .text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A .text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A .text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C ---- User IAT/EAT - GMER 1.0.15 ----IAT C:\WINDOWS\system32\winlogon.exe[896] @ C:\WINDOWS\system32\winlogon.exe [uSER32.dll!DialogBoxParamW] [1003695B] C:\WINDOWS\system32\PicNotify.dll---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )AttachedDevice \Driver\Tcpip \Device\Ip lnsfw1.sysAttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)AttachedDevice \Driver\Tcpip \Device\Tcp lnsfw1.sysAttachedDevice \Driver\Tcpip \Device\Udp lnsfw1.sysAttachedDevice \Driver\Tcpip \Device\RawIp lnsfw1.sysAttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )---- Disk sectors - GMER 1.0.15 ----Disk \Device\Harddisk0\DR0 sector 01: copy of MBR---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
deltalima Posted May 29, 2010 ID:258575 Share Posted May 29, 2010 Hi gt88,Please go to Kaspersky website and perform an online antivirus scan.Read through the requirements and privacy statement and click on Accept button.It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.When the downloads have finished, click on Settings.Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programsArchives[*]Click on My Computer under Scan.[*]Once the scan is complete, it will display the results. Click on View Scan Report.[*]You will see a list of infected items there. Click on Save Report As....[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.[*]Please post this log in your next reply. Link to post Share on other sites More sharing options...
gt88 Posted May 30, 2010 Author ID:258785 Share Posted May 30, 2010 Hi deltalima,The Kaspersky scanner doesn't seem to load. It says checking computer configuration forever and the Accept button is greyed out. The Kaspersky site says that the online scanner is unavailable which may be the reason why its not loading correctly. http://www.kaspersky.com/virusscanner Link to post Share on other sites More sharing options...
gt88 Posted May 30, 2010 Author ID:258799 Share Posted May 30, 2010 Ignore my last post. It loaded after several minutes. Will scan and post the log shortly. Link to post Share on other sites More sharing options...
gt88 Posted May 31, 2010 Author ID:259279 Share Posted May 31, 2010 I seem to be getting this error:Kaspersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later.I however have:Java Platform, Standard EditionRuntime EnvironmentVersion 6Should i uninstall java then reinstall it? Link to post Share on other sites More sharing options...
deltalima Posted May 31, 2010 ID:259484 Share Posted May 31, 2010 Hi gt88,Kaspersky Online Scanner 7.0 download and operation require Java framework version 1.5 or laterPlease update to the latest version of Java and remove all old versions then run the Kaspersky scan again. Ensure that you use the link from my previous post and not the link on the main Kaspersky website.If the scanner will still not run thenESET online scannnerPlease go Here then click on: Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install.Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.Now click on Advanced Settings and select the following:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.[*]When completed the Online Scan will begin automatically.[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first![*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.[*]Copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
gt88 Posted June 5, 2010 Author ID:262033 Share Posted June 5, 2010 Hi deltalima,I uninstalled Java then reinstalled it and still got the same error when running Kaspersky so I ran the Eset instead and this is the log:ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OKesets_scanner_update returned -1 esets_gle=12# version=7# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6211# api_version=3.0.2# EOSSerial=f2151e321673254a8f0c614238a5cbd1# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2010-06-05 12:02:38# local_time=2010-06-05 10:02:38 (+1000, AUS Eastern Standard Time)# country="Australia"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=512 16777215 100 0 859676 859676 0 0# compatibility_mode=8194 67108181 100 100 97014 24119566 0 0# scanned=64165# found=1# cleaned=0# scan_time=13085# nod_component=NOD32MOD_WINNT_ENGLISH_BASE Build:0x11081610# nod_component=NOD32MOD_WINNT_ENGLISH_INET Build:0x11081610# nod_component=NOD32MOD_WINNT_ENGLISH_STANDARD Build:0x11081610C:\Documents and Settings\Diana\Local Settings\Temporary Internet Files\Content.IE5\2CYP4BRA\newplayer[1].pdf JS/Exploit.Pdfka.OAI trojan 00000000000000000000000000000000 I Link to post Share on other sites More sharing options...
deltalima Posted June 5, 2010 ID:262234 Share Posted June 5, 2010 Hi gt88,TFCPlease download TFC to your desktop,Save any unsaved work. TFC will close all open application windows.Double-click TFC.exe to run the program.Click the Start button in the bottom left of TFCIf prompted, click "Yes" to reboot.Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.TDSSKillerDownload the file TDSSKiller.zip and save it on your desktopExtract the file tdskiller.zip, it will create a folder named tdsskiller on your desktopNext double-click the tdsskiller Folder on your desktop.Next right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.Highlight and copy the text in the codebox below."%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"Click Start, click Run... and paste the text above into the Open: line and click OK.Wait for the scan and disinfection process to be over.Open tdskiller.txt on your desktop and post the contents in your next reply Link to post Share on other sites More sharing options...
gt88 Posted June 7, 2010 Author ID:263280 Share Posted June 7, 2010 Hi deltalima,Can I delete all the other programs previously used ie. OTL, RKUnhookerLE, GMER etc?05:23:12:046 2848 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:4805:23:12:046 2848 ================================================================================05:23:12:046 2848 SystemInfo:05:23:12:046 2848 OS Version: 5.1.2600 ServicePack: 3.005:23:12:046 2848 Product type: Workstation05:23:12:062 2848 ComputerName: LENOVO-D6BCD33D05:23:12:062 2848 UserName: Diana05:23:12:062 2848 Windows directory: C:\WINDOWS05:23:12:062 2848 Processor architecture: Intel x8605:23:12:062 2848 Number of processors: 205:23:12:062 2848 Page size: 0x100005:23:12:171 2848 Boot type: Normal boot05:23:12:171 2848 ================================================================================05:23:22:875 2848 Initialize success05:23:22:875 2848 05:23:22:875 2848 Scanning Services ...05:23:23:750 2848 Raw services enum returned 342 services05:23:23:796 2848 05:23:23:812 2848 Scanning Drivers ...05:23:24:468 2848 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS05:23:24:515 2848 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys05:23:24:546 2848 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys05:23:24:625 2848 ACPIVPC (5508e9f55799c6551d54dfbc4a068b68) C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys05:23:24:671 2848 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys05:23:24:734 2848 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys05:23:24:828 2848 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys05:23:24:875 2848 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys05:23:24:906 2848 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys05:23:24:937 2848 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys05:23:24:968 2848 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys05:23:25:000 2848 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys05:23:25:078 2848 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys05:23:25:109 2848 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys05:23:25:250 2848 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys05:23:25:421 2848 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys05:23:25:515 2848 AMON (515c9cf8a21a62861d5058135f852d6a) C:\WINDOWS\system32\drivers\amon.sys05:23:25:578 2848 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys05:23:25:640 2848 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys05:23:25:671 2848 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys05:23:25:703 2848 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys05:23:25:765 2848 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys05:23:25:828 2848 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys05:23:25:875 2848 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys05:23:25:921 2848 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys05:23:25:984 2848 b57w2k (58911390115465bf6d8048f21f48655a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys05:23:26:140 2848 BCM43XX (cc03987ee5d0f956706b40d2f91f9e4f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys05:23:26:234 2848 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys05:23:26:328 2848 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys05:23:26:421 2848 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys05:23:26:546 2848 BTKRNL (cf47c53d294abcb5159b02b68b37ba89) C:\WINDOWS\system32\DRIVERS\btkrnl.sys05:23:26:625 2848 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys05:23:26:671 2848 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys05:23:26:734 2848 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys05:23:26:765 2848 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys05:23:26:812 2848 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys05:23:26:843 2848 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys05:23:26:875 2848 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys05:23:26:921 2848 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys05:23:26:953 2848 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys05:23:27:031 2848 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys05:23:27:062 2848 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys05:23:27:109 2848 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys05:23:27:140 2848 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys05:23:27:187 2848 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys05:23:27:250 2848 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys05:23:27:281 2848 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys05:23:27:359 2848 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys05:23:27:515 2848 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys05:23:27:562 2848 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys05:23:27:625 2848 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys05:23:27:671 2848 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys05:23:27:687 2848 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys05:23:27:734 2848 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys05:23:27:812 2848 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys05:23:27:859 2848 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys05:23:27:890 2848 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys05:23:27:921 2848 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys05:23:27:968 2848 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys05:23:27:984 2848 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys05:23:28:046 2848 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys05:23:28:078 2848 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys05:23:28:125 2848 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys05:23:28:203 2848 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys05:23:28:265 2848 hwdatacard (53f1160666435151b6fcf89d015fe620) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys05:23:28:343 2848 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys05:23:28:375 2848 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys05:23:28:437 2848 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys05:23:28:859 2848 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys05:23:29:312 2848 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys05:23:29:375 2848 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys05:23:29:734 2848 IntcAzAudAddService (42d9da46b6d1c40daab37947d8a4490b) C:\WINDOWS\system32\drivers\RtkHDAud.sys05:23:29:937 2848 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys05:23:29:968 2848 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys05:23:30:000 2848 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys05:23:30:031 2848 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys05:23:30:062 2848 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys05:23:30:109 2848 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys05:23:30:156 2848 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys05:23:30:187 2848 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys05:23:30:265 2848 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys05:23:30:296 2848 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys05:23:30:375 2848 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys05:23:30:468 2848 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys05:23:30:578 2848 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys05:23:30:671 2848 lnsfw1 (1972d7d56b8db075312487ca8c59d5e7) C:\WINDOWS\system32\drivers\lnsfw1.sys05:23:30:718 2848 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys05:23:30:765 2848 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys05:23:30:906 2848 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys05:23:31:093 2848 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys05:23:31:140 2848 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys05:23:31:171 2848 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys05:23:31:203 2848 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys05:23:31:312 2848 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys05:23:31:359 2848 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys05:23:31:421 2848 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys05:23:31:484 2848 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys05:23:31:546 2848 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys05:23:31:609 2848 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys05:23:31:640 2848 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys05:23:31:687 2848 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys05:23:31:734 2848 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys05:23:31:796 2848 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys05:23:31:843 2848 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys05:23:31:875 2848 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys05:23:31:906 2848 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys05:23:31:937 2848 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys05:23:31:968 2848 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys05:23:32:000 2848 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys05:23:32:046 2848 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys05:23:32:109 2848 nod32drv (e4dd307d959f80b2c0869046d34baa36) C:\WINDOWS\system32\drivers\nod32drv.sys05:23:32:156 2848 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys05:23:32:234 2848 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys05:23:32:312 2848 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys05:23:32:359 2848 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys05:23:32:390 2848 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys05:23:32:421 2848 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys05:23:32:453 2848 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys05:23:32:484 2848 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys05:23:32:531 2848 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys05:23:32:578 2848 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys05:23:32:609 2848 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys05:23:32:687 2848 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys05:23:32:718 2848 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys05:23:32:796 2848 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\drivers\PMEMNT.SYS05:23:32:828 2848 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys05:23:32:890 2848 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\WINDOWS\system32\DRIVERS\psadd.sys05:23:32:937 2848 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys05:23:32:968 2848 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys05:23:33:000 2848 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys05:23:33:046 2848 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys05:23:33:093 2848 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys05:23:33:140 2848 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys05:23:33:171 2848 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys05:23:33:218 2848 RasAcd (2d40848bb1ac9fb013b1c79b30089dc7) C:\WINDOWS\system32\DRIVERS\rasacd.sys05:23:33:218 2848 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: 2d40848bb1ac9fb013b1c79b30089dc7, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c05:23:33:218 2848 File "C:\WINDOWS\system32\DRIVERS\rasacd.sys" infected by TDSS rootkit ... 05:23:36:031 2848 Backup copy found, using it..05:23:56:093 2848 will be cured on next reboot05:23:56:265 2848 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys05:23:56:296 2848 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys05:23:56:328 2848 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys05:23:56:375 2848 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys05:23:56:468 2848 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys05:23:56:531 2848 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys05:23:56:593 2848 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys05:23:56:640 2848 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys05:23:56:750 2848 RSUSBSTOR (4290417463801d31b7c6d1adb0f8bb4c) C:\WINDOWS\system32\Drivers\RTS5121.sys05:23:56:828 2848 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys05:23:56:937 2848 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys05:23:56:984 2848 SFilter (765907f222b72a2380500b943cc60bd6) C:\WINDOWS\system32\DRIVERS\lnsfw.sys05:23:57:046 2848 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys05:23:57:093 2848 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys05:23:57:171 2848 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys05:23:57:234 2848 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys05:23:57:312 2848 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys05:23:57:359 2848 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys05:23:57:421 2848 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys05:23:57:453 2848 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys05:23:57:484 2848 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys05:23:57:562 2848 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys05:23:57:593 2848 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys05:23:57:625 2848 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys05:23:57:656 2848 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys05:23:57:671 2848 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys05:23:57:765 2848 SynTP (6bd4fd6c3ee76c247ecaf484cb590b72) C:\WINDOWS\system32\DRIVERS\SynTP.sys05:23:57:921 2848 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys05:23:58:015 2848 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys05:23:58:062 2848 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys05:23:58:093 2848 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys05:23:58:140 2848 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys05:23:58:171 2848 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys05:23:58:203 2848 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys05:23:58:250 2848 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys05:23:58:312 2848 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys05:23:58:515 2848 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys05:23:58:687 2848 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys05:23:58:812 2848 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys05:23:58:875 2848 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys05:23:58:968 2848 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS05:23:59:046 2848 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys05:23:59:125 2848 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys05:23:59:375 2848 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys05:23:59:437 2848 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys05:23:59:484 2848 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys05:23:59:515 2848 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys05:23:59:578 2848 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys05:23:59:656 2848 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys05:23:59:687 2848 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys05:23:59:750 2848 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys05:23:59:796 2848 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS05:23:59:812 2848 Reboot required for cure complete..05:24:02:687 2848 Cure on reboot scheduled successfully05:24:02:687 2848 05:24:02:703 2848 Completed05:24:02:703 2848 05:24:02:703 2848 Results:05:24:02:703 2848 Registry objects infected / cured / cured on reboot: 0 / 0 / 005:24:02:703 2848 File objects infected / cured / cured on reboot: 1 / 0 / 105:24:02:703 2848 05:24:02:718 2848 KLMD(ARK) unloaded successfully Link to post Share on other sites More sharing options...
deltalima Posted June 7, 2010 ID:263293 Share Posted June 7, 2010 Hi gt88,Can I delete all the other programs previously used ie. OTL, RKUnhookerLE, GMER etc?Not yet, we will remove them once we have confirmed the infection has been fully removed.You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.All versions numbered lower than 9.3 are vulnerable.Go HERE , UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader. After it completes the Installation, close the Download Manager.Run OTL ScriptDouble-click OTL.exe to start the program.Copy and Paste the following code into the textbox. Do not include the word Code:otlO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)Then click the Run Fix button at the top.Click .OTL may ask to reboot the machine. Please do so if asked. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.Now please run a quick scan with Malwarebytes and post the log in your next reply and also let me know how the computer is running now. Link to post Share on other sites More sharing options...
gt88 Posted June 8, 2010 Author ID:263733 Share Posted June 8, 2010 Hi deltalima,========== OTL ==========Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.File not found.OTL by OldTimer - Version 3.2.5.0 log created on 06082010_060512Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4176Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187028/06/2010 6:29:52 AMmbam-log-2010-06-08 (06-29-52).txtScan type: Quick scanObjects scanned: 126898Time elapsed: 14 minute(s), 34 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
deltalima Posted June 8, 2010 ID:263879 Share Posted June 8, 2010 Hi gt88,Now that you are clean, please follow these simple steps in order to keep your computer clean and secureDeFoggerTo re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OKRemove GMERDelete the GMER icon from your desktop.Clean up with OTLDouble-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.Close all other programs apart from OTL as this step will require a rebootOn the OTL main screen, press the CleanUp! buttonSay Yes to the prompt and then allow the program to reboot your computer.Create a new, clean System Restore point which you can use in case of future system problems:Press Start >> All Programs >> Accessories >>System Tools >> System RestoreSelect Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press CloseNow remove old, infected System Restore points:Next click Start >> Run and type cleanmgr in the box and press OKEnsure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.Select the More Options tab, under System Restore press Clean up... and say Yes to the promptPress OK and Yes to confirmUpdate your AntiVirus Software and keep your other programs up-to-dateUpdate your Antivirus programs and other security products regularly to avoid new threats that could infect your system.You can use one of these sites to check if any updates are needed for your pc.Secunia Software InspectorF-secure Health CheckSecurity Updates for Windows, Internet Explorer & Microsoft OfficeWhenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.A tutorial on installing & using this product can be found here:Using SpywareBlaster to protect your computer from Spyware and MalwareUpdate all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will enhance your safetyMVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computerWinpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here: Using Winpatrol to protect your computer from malicious softwareAlso, please read this great article by Tony Klein So How Did I Get Infected In First PlaceHappy surfing and stay clean! Link to post Share on other sites More sharing options...
gt88 Posted June 10, 2010 Author ID:265009 Share Posted June 10, 2010 Thank you very much deltalima. Your help was greatly appreciated. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 10, 2010 ID:265087 Share Posted June 10, 2010 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts