Hawkflyer Posted July 6, 2010 ID:280325 Share Posted July 6, 2010 Hi,After getting rid of some infected files at the weekend i cant seem to set my homepage to anything.It just keeps going to about:blankJust wondered if its anything i should worry about.Dont have a clue about computers Link to post Share on other sites More sharing options...
Elise Posted July 7, 2010 ID:280593 Share Posted July 7, 2010 Hello , And My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. -----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the button.[*]Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)GMER log Link to post Share on other sites More sharing options...
Hawkflyer Posted July 7, 2010 Author ID:280730 Share Posted July 7, 2010 OTL logfile created on: 07/07/2010 17:52:05 - Run 2OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\colin\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy1,012.00 Mb Total Physical Memory | 398.00 Mb Available Physical Memory | 39.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File freePaging file location(s): C:\pagefile.sys 1512 3024 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 141.05 Gb Total Space | 124.64 Gb Free Space | 88.37% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: CCurrent User Name: colinLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/07/07 17:18:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\colin\Desktop\OTL.exePRC - [2010/07/04 12:07:38 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\colin\Local Settings\Temp\RtkBtMnt.exePRC - [2010/07/03 00:08:01 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exePRC - [2010/05/18 17:06:42 | 000,327,064 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exePRC - [2010/05/18 17:04:46 | 003,021,720 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exePRC - [2010/03/29 17:12:18 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exePRC - [2010/03/29 17:11:50 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exePRC - [2010/03/18 09:21:07 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2009/11/11 11:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exePRC - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exePRC - [2009/09/25 03:48:39 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exePRC - [2009/02/20 02:52:20 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exePRC - [2009/01/10 19:24:38 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exePRC - [2008/11/27 11:00:58 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exePRC - [2008/09/12 14:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exePRC - [2008/09/12 14:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exePRC - [2008/07/03 15:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exePRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2008/02/28 08:00:10 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe========== Modules (SafeList) ==========MOD - [2010/07/07 17:18:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\colin\Desktop\OTL.exeMOD - [2010/03/18 09:49:17 | 000,118,784 | ---- | M] (RealPlayer) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dllMOD - [2010/01/29 20:44:22 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dllMOD - [2010/01/29 20:44:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dllMOD - [2009/08/13 14:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dllMOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)SRV - [2010/07/03 00:08:01 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)SRV - [2010/05/18 17:06:42 | 000,327,064 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)SRV - [2010/03/29 17:16:36 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)SRV - [2010/03/29 17:12:18 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)SRV - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)SRV - [2008/11/27 11:00:58 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)SRV - [2008/09/12 14:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)DRV - [2010/07/04 22:43:06 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)DRV - [2010/03/29 17:13:44 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)DRV - [2010/03/29 17:12:00 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)DRV - [2010/03/29 17:07:30 | 000,140,216 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)DRV - [2010/01/27 18:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)DRV - [2009/10/06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)DRV - [2009/10/06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)DRV - [2009/06/03 22:05:26 | 001,570,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)DRV - [2009/02/27 09:21:52 | 000,205,360 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)DRV - [2009/02/24 04:22:48 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)DRV - [2009/02/03 07:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV - [2009/01/20 11:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2008/09/12 13:32:56 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)DRV - [2008/04/14 13:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)DRV - [2008/04/14 13:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)DRV - [2008/04/14 13:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)DRV - [2008/04/14 13:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)DRV - [2008/04/14 13:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)DRV - [2008/04/14 13:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)DRV - [2008/04/14 13:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)DRV - [2008/04/14 13:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)DRV - [2008/04/14 13:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)DRV - [2008/04/14 13:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)DRV - [2008/04/14 13:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)DRV - [2008/04/14 13:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)DRV - [2008/04/14 13:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)DRV - [2008/04/14 13:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)DRV - [2008/04/14 13:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)DRV - [2008/02/15 06:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)DRV - [2007/10/01 14:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)DRV - [2004/12/08 07:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-3364022493-1685927933-3398289191-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKU\S-1-5-21-3364022493-1685927933-3398289191-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1FF - prefs.js..network.proxy.type: 0FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/18 09:49:18 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/03 07:36:30 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/05 00:08:48 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/06/30 23:17:32 | 000,000,000 | ---D | M][2010/07/01 10:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\colin\Application Data\Mozilla\Extensions[2010/03/14 14:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\colin\Application Data\Mozilla\Extensions\mozswing@mozswing.org[2010/07/04 23:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\colin\Application Data\Mozilla\Firefox\Profiles\9lloas7f.default\extensions[2010/07/02 22:13:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\colin\Application Data\Mozilla\Firefox\Profiles\9lloas7f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/07/04 20:25:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010/06/26 08:47:04 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml[2010/06/26 08:47:04 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml[2010/06/26 08:47:04 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml[2010/06/26 08:47:04 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xmlO1 HOSTS File: ([2010/07/07 16:56:36 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not foundO3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-3364022493-1685927933-3398289191-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)O4 - HKLM..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKU\S-1-5-21-3364022493-1685927933-3398289191-1005..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not foundO4 - HKU\S-1-5-21-3364022493-1685927933-3398289191-1005..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)O4 - HKU\S-1-5-21-3364022493-1685927933-3398289191-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-3364022493-1685927933-3398289191-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O15 - HKU\S-1-5-21-3364022493-1685927933-3398289191-1005\..Trusted Domains: localhost ([]http in Local intranet)O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.1.cab (DLM Control)O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)O24 - Desktop WallPaper: C:\Documents and Settings\colin\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\colin\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/07/16 04:20:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{be23eba0-1a82-11df-971c-00265e57d8cb}\Shell\AutoRun\command - "" = D:\pccompanion\Startme.exe -- File not foundO33 - MountPoints2\{be23eba0-1a82-11df-971c-00265e57d8cb}\Shell\menu1\command - "" = D:\pccompanion\Startme.exe -- File not foundO34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2010/07/07 17:18:15 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\colin\Desktop\OTL.exe[2010/07/05 00:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe[2010/07/05 00:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer[2010/07/04 23:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS[2010/07/04 16:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump[2010/07/01 18:56:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\6D1E83602F354C848D53C614FBCA621C.TMP[2010/07/01 10:51:44 | 000,000,000 | ---D | C] -- C:\sh4ldr[2010/07/01 10:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group[2010/07/01 10:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard[2010/07/01 10:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\colin\My Documents\Downloads[2010/07/01 10:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\colin\Local Settings\Application Data\Mozilla[2010/07/01 10:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox[2010/07/01 00:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire[2010/07/01 00:55:15 | 000,000,000 | ---D | C] -- C:\Config.Msi[2010/06/30 23:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET[2010/06/30 23:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET[2010/06/30 19:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\colin\Application Data\Malwarebytes[2010/06/30 19:55:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/06/30 19:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2010/06/30 19:55:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/06/30 19:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2010/06/30 19:42:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue[2010/06/30 19:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\colin\Application Data\Uniblue[2010/06/21 10:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe[2010/06/21 10:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun[2010/06/17 23:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia[2010/06/17 23:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe[2010/06/10 23:50:42 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll[2009/07/31 00:20:26 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll[2009/07/31 00:20:23 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll[2009/07/16 13:03:08 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/07/07 17:18:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\colin\Desktop\OTL.exe[2010/07/07 17:09:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2010/07/07 17:00:47 | 000,434,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010/07/07 17:00:47 | 000,068,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010/07/07 17:00:46 | 000,511,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010/07/07 16:56:22 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2010/07/07 16:56:21 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3364022493-1685927933-3398289191-1006.job[2010/07/07 16:56:21 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3364022493-1685927933-3398289191-1005.job[2010/07/07 16:56:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/07/07 16:56:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/07/07 16:56:08 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys[2010/07/07 15:02:58 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{82E2EDD9-0E8F-40A2-A663-29D0B3539DA7}.job[2010/07/06 23:37:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\colin\ntuser.ini[2010/07/06 23:37:46 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\colin\NTUSER.DAT[2010/07/06 22:14:28 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3364022493-1685927933-3398289191-1005.job[2010/07/05 23:36:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/07/05 00:01:58 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk[2010/07/04 22:43:06 | 000,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\drivers\symc810.sys[2010/07/04 12:53:58 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/07/04 08:50:20 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3364022493-1685927933-3398289191-1006.job[2010/07/01 10:51:49 | 000,001,977 | ---- | M] () -- C:\Documents and Settings\colin\Desktop\SpyHunter.lnk[2010/07/01 10:29:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat[2010/07/01 10:28:48 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\colin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2010/07/01 10:28:48 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2010/07/01 00:40:14 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2010/06/21 21:54:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2010/06/11 08:38:22 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files Created - No Company Name ==========[2010/07/05 00:01:58 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk[2010/07/04 12:53:58 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/07/01 10:51:49 | 000,001,977 | ---- | C] () -- C:\Documents and Settings\colin\Desktop\SpyHunter.lnk[2010/07/01 10:29:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat[2010/07/01 10:28:48 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\colin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2010/07/01 10:28:48 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2010/06/12 10:11:47 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3364022493-1685927933-3398289191-1005.job[2009/07/31 00:20:26 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys[2009/07/31 00:20:26 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys[2009/07/31 00:20:26 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini[2009/07/16 06:37:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2009/07/16 05:09:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll[2009/07/16 04:24:21 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini[2009/07/16 04:18:07 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini< End of report > Link to post Share on other sites More sharing options...
Elise Posted July 7, 2010 ID:280743 Share Posted July 7, 2010 Please post also the GMER log. If GMER gives you trouble, try to run it with the Sections option checked only. Link to post Share on other sites More sharing options...
Hawkflyer Posted July 7, 2010 Author ID:280773 Share Posted July 7, 2010 GMER bluescreened and restarted the computer so i done it with just sections checked.Thanks for your help by the way.GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-07-07 19:45:18Windows 5.1.2600 Service Pack 3Running: 1sbhxy3j.exe; Driver: C:\DOCUME~1\colin\LOCALS~1\Temp\ugldqpow.sys---- User code sections - GMER 1.0.15 ----.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1692] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
Elise Posted July 7, 2010 ID:280777 Share Posted July 7, 2010 Hello again,COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
Hawkflyer Posted July 7, 2010 Author ID:280824 Share Posted July 7, 2010 ComboFix 10-07-06.05 - colin 07/07/2010 20:47:02.1.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.401 [GMT 1:00]Running from: c:\documents and settings\colin\Desktop\ComboFix.exeAV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\hpeB5.dll.((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 ))))))))))))))))))))))))))))))).2010-07-04 23:01 . 2010-07-04 23:01 -------- d-----w- c:\program files\Common Files\Adobe2010-07-04 22:59 . 2010-07-04 22:59 53632 ----a-w- c:\documents and settings\colin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe2010-07-04 22:55 . 2010-07-04 22:55 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe2010-07-04 22:55 . 2010-07-04 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS2010-07-02 23:03 . 2010-07-02 23:03 -------- d-----w- c:\documents and settings\aisling\Local Settings\Application Data\Sony2010-07-02 23:03 . 2010-07-02 23:03 -------- d-----w- c:\documents and settings\aisling\Application Data\Sony2010-07-01 17:57 . 2010-07-01 17:57 110080 ----a-r- c:\documents and settings\aisling\Application Data\Microsoft\Installer\{6D1E8360-2F35-4C84-8D53-C614FBCA621C}\IconF7A21AF7.exe2010-07-01 17:57 . 2010-07-01 17:57 110080 ----a-r- c:\documents and settings\aisling\Application Data\Microsoft\Installer\{6D1E8360-2F35-4C84-8D53-C614FBCA621C}\IconD7F16134.exe2010-07-01 17:56 . 2010-07-01 17:57 -------- d-----w- c:\windows\6D1E83602F354C848D53C614FBCA621C.TMP2010-07-01 12:41 . 2010-07-01 12:41 -------- d-----w- c:\documents and settings\aisling\Local Settings\Application Data\Mozilla2010-07-01 12:13 . 2010-07-01 12:13 -------- d-----w- c:\documents and settings\aisling\Local Settings\Application Data\Identities2010-07-01 09:51 . 2010-07-01 09:51 110080 ----a-r- c:\documents and settings\colin\Application Data\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe2010-07-01 09:51 . 2010-07-01 09:51 110080 ----a-r- c:\documents and settings\colin\Application Data\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe2010-07-01 09:51 . 2010-07-01 09:51 -------- d-----w- C:\sh4ldr2010-07-01 09:51 . 2010-07-01 09:51 -------- d-----w- c:\program files\Enigma Software Group2010-07-01 09:51 . 2010-07-01 17:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2010-07-01 09:29 . 2010-07-01 09:29 0 ----a-w- c:\windows\nsreg.dat2010-07-01 09:28 . 2010-07-01 09:28 -------- d-----w- c:\documents and settings\colin\Local Settings\Application Data\Mozilla2010-06-30 23:55 . 2010-06-30 23:55 -------- d-----w- c:\program files\LimeWire2010-06-30 22:17 . 2010-06-30 22:17 -------- d-----w- c:\program files\ESET2010-06-30 22:17 . 2010-06-30 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET2010-06-30 18:55 . 2010-06-30 18:55 -------- d-----w- c:\documents and settings\colin\Application Data\Malwarebytes2010-06-30 18:55 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-06-30 18:55 . 2010-06-30 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-06-30 18:55 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-06-30 18:55 . 2010-07-04 11:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-06-30 18:42 . 2010-06-30 18:42 -------- d-----w- c:\documents and settings\All Users\Uniblue2010-06-30 18:42 . 2010-06-30 21:53 -------- d-----w- c:\documents and settings\colin\Application Data\Uniblue2010-06-21 09:04 . 2010-06-21 09:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe2010-06-12 07:28 . 2010-06-12 07:28 503808 ----a-w- c:\documents and settings\aisling\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e681201-n\msvcp71.dll2010-06-12 07:28 . 2010-06-12 07:28 499712 ----a-w- c:\documents and settings\aisling\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e681201-n\jmc.dll2010-06-12 07:28 . 2010-06-12 07:28 348160 ----a-w- c:\documents and settings\aisling\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e681201-n\msvcr71.dll2010-06-12 07:28 . 2010-06-12 07:28 61440 ----a-w- c:\documents and settings\aisling\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-10e3413f-n\decora-sse.dll2010-06-12 07:28 . 2010-06-12 07:28 12800 ----a-w- c:\documents and settings\aisling\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-10e3413f-n\decora-d3d.dll2010-06-10 22:50 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\14126\AdobeARM.exe2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\14126\AdobeExtractFiles.dll2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\14126\ReaderUpdater.exe2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\14126\AcrobatUpdater.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-07-04 22:59 . 2009-07-16 05:05 -------- d-----w- c:\program files\Common Files\Adobe AIR2010-07-04 21:43 . 2009-07-16 05:22 16256 ----a-w- c:\windows\system32\drivers\symc810.sys2010-07-04 19:23 . 2009-09-24 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton2010-07-03 21:42 . 2009-07-16 04:30 -------- d-----w- c:\program files\Google2010-07-01 15:31 . 2009-07-16 04:40 -------- d-----w- c:\program files\Windows Live2010-06-30 23:55 . 2010-03-14 13:43 -------- d-----w- c:\program files\Ask.com2010-06-11 07:21 . 2009-07-16 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-06-04 16:23 . 2010-05-01 09:23 -------- d-----w- c:\program files\Microsoft Silverlight2010-06-03 07:27 . 2009-10-11 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite2010-05-27 19:44 . 2010-05-27 19:44 503808 ----a-w- c:\documents and settings\colin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-497c306a-n\msvcp71.dll2010-05-27 19:44 . 2010-05-27 19:44 499712 ----a-w- c:\documents and settings\colin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-497c306a-n\jmc.dll2010-05-27 19:44 . 2010-05-27 19:44 348160 ----a-w- c:\documents and settings\colin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-497c306a-n\msvcr71.dll2010-05-27 19:44 . 2010-05-27 19:44 61440 ----a-w- c:\documents and settings\colin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-303c9bf8-n\decora-sse.dll2010-05-27 19:44 . 2010-05-27 19:44 12800 ----a-w- c:\documents and settings\colin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-303c9bf8-n\decora-d3d.dll2010-05-06 10:41 . 2009-07-16 12:02 916480 ----a-w- c:\windows\system32\wininet.dll2010-05-02 05:22 . 2009-07-16 12:02 1851264 ----a-w- c:\windows\system32\win32k.sys2010-04-20 05:30 . 2009-07-16 12:02 285696 ----a-w- c:\windows\system32\atmfd.dll2010-07-02 23:08 . 2010-07-02 23:08 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-25 68856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-02 30192]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2010-05-18 3021720]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-20 817672]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-18 202256]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-7-16 565248][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29/03/2010 17:12 114984]R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29/03/2010 17:13 95872]R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29/03/2010 17:12 810120]R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [20/03/2010 23:49 90112]R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [16/07/2009 06:07 237568]R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [18/05/2010 17:06 327064]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/12/2009 22:49 135664]S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [27/01/2010 18:10 5248]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [16/07/2009 05:30 30192]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [16/07/2009 05:15 162816]S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?].Contents of the 'Scheduled Tasks' folder2010-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 21:49]2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 21:49]2010-07-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3364022493-1685927933-3398289191-1005.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]2010-07-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3364022493-1685927933-3398289191-1006.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]2010-07-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3364022493-1685927933-3398289191-1005.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]2010-07-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3364022493-1685927933-3398289191-1006.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]2010-07-07 c:\windows\Tasks\User_Feed_Synchronization-{82E2EDD9-0E8F-40A2-A663-29D0B3539DA7}.job- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]..------- Supplementary Scan -------.uStart Page = about:blankuInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=ao531hIE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlFF - ProfilePath - c:\documents and settings\colin\Application Data\Mozilla\Firefox\Profiles\9lloas7f.default\FF - prefs.js: network.proxy.type - 0FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dllFF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\Sony\Media Go\npmediago.dllFF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);.- - - - ORPHANS REMOVED - - - -Toolbar-Locked - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exeSafeBoot-klmdb.sys**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-07-07 20:55Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'explorer.exe'(2724)c:\windows\system32\WININET.dllc:\windows\system32\msi.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dllc:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLLc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dllc:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlrc:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngrc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exec:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exec:\windows\RTHDCPL.EXEc:\windows\system32\igfxsrvc.exec:\windows\system32\igfxext.exec:\program files\PC Connectivity Solution\ServiceLayer.exec:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exec:\program files\PC Connectivity Solution\Transports\NclRSSrv.exec:\docume~1\colin\LOCALS~1\Temp\RtkBtMnt.exec:\\?\c:\windows\system32\WBEM\WMIADAP.EXE.**************************************************************************.Completion time: 2010-07-07 20:59:27 - machine was rebootedComboFix-quarantined-files.txt 2010-07-07 19:59Pre-Run: 133,742,256,128 bytes freePost-Run: 133,917,818,880 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect- - End Of File - - 5CECD389756EA634AA44EE6D311F8810 Link to post Share on other sites More sharing options...
Elise Posted July 7, 2010 ID:280829 Share Posted July 7, 2010 Hello again,Please let me know how the homepage is after the following fix and if you have any other issues left.OTL FIX------------We need to run an OTL FixPlease reopen on your desktop.Copy and Paste the following code into the textbox. Do not include the word "Code":otlIE - HKU\S-1-5-21-3364022493-1685927933-3398289191-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank:commands[emptytemp]Push OTL may ask to reboot the machine. Please do so if asked.Click .A report will open. Copy and Paste that report in your next reply. Link to post Share on other sites More sharing options...
Hawkflyer Posted July 7, 2010 Author ID:280835 Share Posted July 7, 2010 Hi did all that and it said it needed to restart to fix which i did but no report came up. Link to post Share on other sites More sharing options...
Hawkflyer Posted July 7, 2010 Author ID:280837 Share Posted July 7, 2010 The homepage issue seems resolved Link to post Share on other sites More sharing options...
Elise Posted July 7, 2010 ID:280843 Share Posted July 7, 2010 Please rerun OTL, make sure under "Extra registry" Use Safelist is checked and rerun OTL. Please post me extra.txt Link to post Share on other sites More sharing options...
Hawkflyer Posted July 7, 2010 Author ID:280846 Share Posted July 7, 2010 When i opened otl this came upAll processes killed========== OTL ==========HKU\S-1-5-21-3364022493-1685927933-3398289191-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!========== COMMANDS ==========[EMPTYTEMP]User: aisling->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes->Java cache emptied: 2770 bytes->FireFox cache emptied: 27851708 bytes->Flash cache emptied: 42374 bytesUser: All UsersUser: colin->Temp folder emptied: 512580 bytes->Temporary Internet Files folder emptied: 3800555 bytes->Java cache emptied: 15288418 bytes->FireFox cache emptied: 33052675 bytes->Flash cache emptied: 2135830 bytesUser: Default User->Temp folder emptied: 61410644 bytes->Temporary Internet Files folder emptied: 33170 bytes->Flash cache emptied: 56900 bytesUser: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 49219 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes->Java cache emptied: 1315 bytes->Flash cache emptied: 7210 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 131819 bytes%systemroot%\System32 .tmp files removed: 2577 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2936585 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 140.00 mbOTL by OldTimer - Version 3.2.7.1 log created on 07072010_211720Files\Folders moved on Reboot...File move failed. C:\Documents and Settings\colin\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log scheduled to be moved on reboot.File\Folder C:\Documents and Settings\colin\Local Settings\Temp\~DF784D.tmp not found!File\Folder C:\Documents and Settings\colin\Local Settings\Temp\~DF7859.tmp not found!File\Folder C:\Documents and Settings\colin\Local Settings\Temp\~DF78EB.tmp not found!File\Folder C:\Documents and Settings\colin\Local Settings\Temp\~DF78F7.tmp not found!File\Folder C:\Documents and Settings\colin\Local Settings\Temp\~DF7B12.tmp not found!File\Folder C:\Documents and Settings\colin\Local Settings\Temp\~DF7B1E.tmp not found!C:\Documents and Settings\colin\Local Settings\Temporary Internet Files\Content.IE5\CKQ3OBLG\index[6].htm moved successfully.C:\Documents and Settings\colin\Local Settings\Temporary Internet Files\Content.IE5\025DN1M7\iframe[1].htm moved successfully.Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
Elise Posted July 7, 2010 ID:280848 Share Posted July 7, 2010 Okay, please post also the extra.txt log so I can have a look at the installed programs list. Link to post Share on other sites More sharing options...
Hawkflyer Posted July 7, 2010 Author ID:280851 Share Posted July 7, 2010 Okay, please post also the extra.txt log so I can have a look at the installed programs list.Where do i find this??? Like i said im not good with computers Link to post Share on other sites More sharing options...
Elise Posted July 8, 2010 ID:281054 Share Posted July 8, 2010 Please rerun OTL, make sure under "Extra registry" Use Safelist is checked and rerun OTL. Please post me extra.txtSee quote Link to post Share on other sites More sharing options...
Hawkflyer Posted July 8, 2010 Author ID:281071 Share Posted July 8, 2010 OTL Extras logfile created on: 08/07/2010 08:50:03 - Run 1OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\colin\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy1,012.00 Mb Total Physical Memory | 445.00 Mb Available Physical Memory | 44.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File freePaging file location(s): C:\pagefile.sys 1512 3024 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 141.05 Gb Total Space | 124.90 Gb Free Space | 88.55% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: CCurrent User Name: colinLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>][HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = htmlfile] -- Reg Error: Key error. File not found========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htafile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 1"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater"{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" = SpyHunter"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer"{6D1E8360-2F35-4C84-8D53-C614FBCA621C}" = SpyHunter"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Link to post Share on other sites More sharing options...
Elise Posted July 8, 2010 ID:281073 Share Posted July 8, 2010 That is looking quite good. Please launch MBAM, update it first and run a full scan.Please run also a scan with your ESET Antivirus.Post me the result of both scans together with a description of any remaining problems. Link to post Share on other sites More sharing options...
Hawkflyer Posted July 8, 2010 Author ID:281228 Share Posted July 8, 2010 Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4275Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870208/07/2010 14:51:56mbam-log-2010-07-08 (14-51-56).txtScan type: Quick scanObjects scanned: 134192Time elapsed: 8 minute(s), 58 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Hawkflyer Posted July 8, 2010 Author ID:281229 Share Posted July 8, 2010 Scan LogVersion of virus signature database: 5262 (20100708)Date: 08/07/2010 Time: 16:05:04Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\C:\hiberfil.sys - error opening [4]C:\pagefile.sys - error opening [4]C:\ACER\Preload\Autorun\DRV\Intel NB Chipset 945GSE\Lang\CHIP\ESP\license.txt Link to post Share on other sites More sharing options...
Elise Posted July 8, 2010 ID:281252 Share Posted July 8, 2010 That is looking great! Unless you have any problems left, you are good to go! ALL CLEAN--------------Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean Please do the following to remove the remaining programs from your PC:Delete the tools used during the disinfection:Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.Delete GMER (this is a random named file) and OTL.Please read these advices, in order to prevent reinfecting your PC:Install and update the following programs regularly:an outbound firewallA comprehensive tutorial and a list of possible firewalls can be found here.an AntiVirus SoftwareIt is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.an Anti-Spyware programMalware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.SUPERAntiSpyware is another good scanner with high detection and removal rates.Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.Spyware BlasterA tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.MVPs hosts fileA tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file[*]Keep Windows (and your other Microsoft software) up to date!I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!![*]Keep your other software up to date as wellSoftware does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.[*]Stay up to date!The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.Some more links you might find of interest:Miekies' prevention suggestionsSo How did I get infected?Microsoft - 'Security at home'Calendar of Updates: See which updates have been released.How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.osalt: Find (free) open source alternatives to known commercial software.Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards. Link to post Share on other sites More sharing options...
Hawkflyer Posted July 10, 2010 Author ID:281939 Share Posted July 10, 2010 Thanks for your help.Everything seems to be working fine. Link to post Share on other sites More sharing options...
Elise Posted July 10, 2010 ID:281946 Share Posted July 10, 2010 You are welcome! I will request this topic to be closed. Link to post Share on other sites More sharing options...
Recommended Posts