dicko1981 Posted August 28, 2010 ID:305973 Share Posted August 28, 2010 Hi, i'm new to all this and have only basic computer knowledge so apologies in advance for any mistakes/errors etc i have a HP computer running windows xp and have microsoft security essentials installedIt has recently been picking up something called ramnit.b and using all onscreen prompts fail to remove it as it keeps coming back almost instantly After a full scan it 'cleans infected files' only for them to reappear.I ran the antimalware program downloaded from here and it picked up 8 infected items but microsofts scan showed over 800?here is the log from the antimalware thingy:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4493Windows 5.1.2600 Service Pack 2Internet Explorer 7.0.5730.1128/08/2010 12:12:07mbam-log-2010-08-28 (12-12-07).txtScan type: Quick scanObjects scanned: 159841Time elapsed: 16 minute(s), 0 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 4Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{7d6e6726-29bd-82f3-c8ab-f1b8077980fb} (Trojan.ZbotR.Gen) -> Delete on reboot.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\Documents and Settings\HP_Administrator\Local Settings\Temp\e.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\YC1DNOO8\svchost[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Delete on reboot.basically is there anything I can do to get rid of the thing??Many Thanks John Link to post Share on other sites More sharing options...
Elise Posted August 28, 2010 ID:305976 Share Posted August 28, 2010 Hello , And My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. -----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the button.[*]Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease download Rootkit Unhooker and save it to your DesktopDouble-click on RKUnhookerLE to run itClick the Report tab, then click ScanCheck Drivers, Stealth and uncheck the restClick OKWait until it's finished and then go to File > Save ReportSave the report to your DesktopCopy the entire contents of the report and paste it in a reply here.Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)RKU logThanks and again sorry for the delay. Link to post Share on other sites More sharing options...
dicko1981 Posted August 28, 2010 Author ID:306004 Share Posted August 28, 2010 Link to post Share on other sites More sharing options...
Elise Posted August 28, 2010 ID:306005 Share Posted August 28, 2010 Hi, I think something went wrong with your post. Link to post Share on other sites More sharing options...
dicko1981 Posted August 28, 2010 Author ID:306007 Share Posted August 28, 2010 Thanks for the replyOTL logOTL logfile created on: 28/08/2010 13:03:41 - Run 1OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\DownloadsWindows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 179.56 Gb Total Space | 39.33 Gb Free Space | 21.91% Space Free | Partition Type: NTFSDrive D: | 6.73 Gb Total Space | 0.58 Gb Free Space | 8.64% Space Free | Partition Type: FAT32E: Drive not present or media not loadedDrive F: | 76.33 Gb Total Space | 35.13 Gb Free Space | 46.03% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive L: | 698.64 Gb Total Space | 156.32 Gb Free Space | 22.38% Space Free | Partition Type: NTFSComputer Name: DICKINSONCurrent User Name: HP_AdministratorLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/08/28 13:03:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exePRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exePRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exePRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exePRC - [2010/06/14 18:41:23 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\Bin\HiYo.exePRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exePRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exePRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exePRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exePRC - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exePRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEPRC - [2009/02/16 13:11:44 | 000,269,824 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exePRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exePRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exePRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exePRC - [2008/07/11 18:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exePRC - [2008/03/05 13:18:02 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exePRC - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exePRC - [2008/03/05 13:15:30 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exePRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exePRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exePRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exePRC - [2007/12/07 10:34:00 | 000,176,128 | ---- | M] () -- C:\Program Files\INITIO\EZ-DUB Finder v1.3.45\inihid.exePRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exePRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exePRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exePRC - [2007/07/28 14:36:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2006/10/16 22:32:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2006/09/11 07:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exePRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exePRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exePRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exePRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exePRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exePRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exePRC - [2003/02/17 12:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Tesco\Picture Suite\InsDetect.exePRC - [2002/08/14 04:33:46 | 001,130,496 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exe========== Modules (SafeList) ==========MOD - [2010/08/28 13:03:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exeMOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dllMOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dllMOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)SRV - [2010/08/28 08:45:06 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)SRV - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)SRV - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)SRV - [2002/08/14 04:33:46 | 001,130,496 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)DRV - [2010/03/01 08:57:39 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)DRV - [2008/03/16 07:55:41 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)DRV - [2008/03/05 13:15:42 | 000,039,208 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)DRV - [2008/03/05 13:15:40 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)DRV - [2008/03/05 13:15:36 | 000,108,328 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)DRV - [2007/04/17 21:05:13 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)DRV - [2007/04/17 20:59:10 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)DRV - [2007/04/17 20:59:10 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)DRV - [2007/04/17 20:59:10 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)DRV - [2006/10/16 22:57:45 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)DRV - [2006/04/05 05:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2006/02/27 13:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GoogleIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)IE - HKCU\..\URLSearchHook: F99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not foundIE - HKCU\..\URLSearchHook: FBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not foundIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Google"FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="FF - prefs.js..browser.startup.homepage: "www.google.com"FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {a33fa729-d155-4b23-842b-2c665ecabdb6}:2.0.2.4FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 12:21:38 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 08:27:46 | 000,000,000 | ---D | M][2008/08/27 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions[2009/09/05 08:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/01/10 10:59:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2009/05/05 11:12:01 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}[2009/04/19 08:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2007/04/20 07:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2010/08/28 08:47:55 | 001,445,888 | ---- | M] (20-20 Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NP2020Player.dll[2010/08/28 08:47:56 | 000,151,552 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll[2010/08/28 08:47:56 | 000,274,432 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll[2010/08/28 08:47:56 | 000,177,664 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dllO1 HOSTS File: ([2004/08/10 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not foundO2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.O3 - HKLM\..\Toolbar: (Yahoo! Link to post Share on other sites More sharing options...
Elise Posted August 28, 2010 ID:306011 Share Posted August 28, 2010 I see indeed some evidence of Ramnit here. Before cleaning all infected files, lets first make sure its no longer active.COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
dicko1981 Posted August 28, 2010 Author ID:306071 Share Posted August 28, 2010 ComboFix 10-08-27.03 - HP_Administrator 28/08/2010 16:01:04.1.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1983.1095 [GMT 1:00]Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exeAV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\docume~1\HP_ADM~1\LOCALS~1\Temp\1.wmvc:\documents and settings\HP_Administrator\Favorites\Download programs.urlc:\documents and settings\HP_Administrator\Favorites\Games.urlc:\documents and settings\HP_Administrator\Favorites\Translator.urlc:\documents and settings\HP_Administrator\Favorites\Videos.urlc:\documents and settings\HP_Administrator\Start Menu\Programs\Download programs.urlc:\documents and settings\HP_Administrator\Start Menu\Programs\Games.urlc:\documents and settings\HP_Administrator\Start Menu\Programs\Translator.urlc:\documents and settings\HP_Administrator\Start Menu\Programs\Videos.urlc:\program files\Internet Explorer\complete.datc:\program files\Internet Explorer\dmlconf.datc:\program files\Microsoft\DesktopLayer.exeD:\Autorun.infL:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 ))))))))))))))))))))))))))))))).2010-08-28 14:44 . 2010-08-28 14:44 -------- d-----w- c:\windows\LastGood.Tmp2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes2010-08-28 10:52 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-08-28 10:52 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-08-26 17:34 . 2010-08-28 15:10 -------- d-----w- c:\program files\temp2010-08-21 08:14 . 2010-08-21 08:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\fltk.org2010-08-17 17:44 . 2010-08-17 17:44 -------- d--h--w- c:\windows\msdownld.tmp2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PCHealth2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth2010-08-12 16:45 . 2005-09-05 10:21 362944 ----a-w- c:\windows\system32\drivers\WG11TND5.sys2010-08-12 16:45 . 2005-07-27 20:15 149392 ----a-w- c:\windows\system32\drivers\ar5523.bin2010-08-12 08:28 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe2010-08-12 08:19 . 2010-08-12 08:19 -------- d-----w- c:\program files\Microsoft Security Essentials.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-08-28 15:15 . 2008-08-17 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki2010-08-28 15:11 . 2010-05-31 11:20 -------- d-----w- c:\program files\QuickTime2010-08-28 15:10 . 2010-03-05 21:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Goix2010-08-28 15:10 . 2009-09-22 12:45 -------- d-----w- c:\program files\Microsoft2010-08-28 14:56 . 2006-10-16 21:32 -------- d-----w- c:\program files\HP DigitalMedia Archive2010-08-28 12:20 . 2008-09-12 16:32 -------- d-----w- c:\program files\MediaCoderSE2010-08-28 12:20 . 2009-04-24 16:55 -------- d-----w- c:\program files\VirtualDJ2010-08-28 12:19 . 2008-11-26 17:00 -------- d-----w- c:\program files\YASAMP4Converter2010-08-28 11:12 . 2008-05-15 04:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ygfehi2010-08-28 11:03 . 2008-11-19 15:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Regou2010-08-28 07:33 . 2009-04-21 19:16 -------- d-----w- c:\program files\7-Zip2010-08-28 07:33 . 2009-07-24 18:53 -------- d-----w- c:\program files\ABC Amber LIT Converter2010-08-28 07:33 . 2010-01-19 18:14 -------- d-----w- c:\program files\AIM2010-08-28 07:33 . 2009-08-31 08:17 -------- d-----w- c:\program files\AmazingMIDI2010-08-28 07:33 . 2010-05-21 18:02 -------- d-----w- c:\program files\AutoGK2010-08-28 07:32 . 2006-10-16 21:34 -------- d---a-w- c:\program files\Common Files\LightScribe2010-08-28 07:32 . 2008-04-13 15:39 -------- d-----w- c:\program files\Common Files\Macromedia2010-08-28 07:31 . 2006-10-16 21:28 -------- d-----w- c:\program files\Common Files\Sonic Shared2010-08-28 07:31 . 2006-10-16 21:33 -------- d-----w- c:\program files\Common Files\SureThing Shared2010-08-28 07:31 . 2008-07-03 13:08 -------- d-----w- c:\program files\Coupon Printer2010-08-28 07:31 . 2008-03-06 16:43 -------- d-----w- c:\program files\DVD Decrypter2010-08-28 07:31 . 2009-05-02 17:46 -------- d-----w- c:\program files\DVD2one V22010-08-28 07:31 . 2006-10-16 21:01 -------- d-----w- c:\program files\EnglishOtto2010-08-28 07:30 . 2009-07-17 07:27 -------- d-----w- c:\program files\Free MKV Video2Dvd2010-08-28 07:30 . 2006-10-16 21:01 -------- d-----w- c:\program files\GemMaster2010-08-28 07:29 . 2009-08-30 11:03 -------- d-----w- c:\program files\Guitar Pro 52010-08-28 07:27 . 2006-10-16 21:47 -------- d-----w- c:\program files\PC-Doctor 5 for Windows2010-08-28 07:27 . 2009-03-14 15:21 -------- d-----w- c:\program files\Qloud2010-08-28 07:26 . 2009-04-19 07:01 -------- d-----w- c:\program files\Vuze2010-08-28 07:26 . 2007-08-06 13:24 -------- d-----w- c:\program files\Xvid2010-08-28 07:26 . 2009-04-19 10:35 -------- d-----w- c:\program files\Zipeg2010-08-27 19:11 . 2010-06-06 13:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Facebook2010-08-27 13:45 . 2008-12-22 00:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Izzyfa2010-08-27 09:20 . 2009-05-30 13:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ogni2010-08-26 19:36 . 2006-10-16 21:33 -------- d-----w- c:\program files\Sonic2010-08-26 17:30 . 2008-05-05 20:08 -------- d-----w- c:\program files\FileZilla FTP Client2010-08-26 17:22 . 2009-04-19 07:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus2010-08-17 20:23 . 2009-09-13 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-08-12 16:45 . 2006-10-16 21:23 -------- d--h--w- c:\program files\InstallShield Installation Information2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\program files\Common Files\Symantec Shared2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec2010-08-12 07:23 . 2006-10-16 21:56 -------- d-----w- c:\program files\Symantec2010-08-12 07:10 . 2010-04-11 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton2010-07-27 05:02 . 2010-07-27 05:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Tiapc2009-04-19 10:46 . 2009-04-19 10:46 5723432 ----a-w- c:\program files\AdvrCntr42005-05-26 14:35 . 2010-03-13 05:08 1422 ----a-w- c:\program files\ReadMe.txt.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]2008-12-09 17:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Tesco Insert Detect"="c:\program files\Tesco\Picture Suite\InsDetect.exe" [2003-02-17 262144]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-03-05 148776]"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]"{7D6E6726-29BD-82F3-C8AB-F1B8077980FB}"="c:\documents and settings\HP_Administrator\Application Data\Tiapc\eredi.exe" [2010-07-27 115712]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-16 180269]"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2010-08-28 294912]"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"ftutil2"="ftutil2.dll" [2004-06-07 106496]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-05 161064]"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-03-05 1057064]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-28 466944]"Hiyo"="c:\program files\HiYo\Bin\bin\HiYo.exe" [2010-06-14 255344]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]c:\documents and settings\All Users\Start Menu\Programs\Startup\Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2009-2-16 269824]EZ-DUB Finder.lnk - c:\program files\INITIO\EZ-DUB Finder v1.3.45\inihid.exe [2010-3-13 176128]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2010-8-12 884840]c:\documents and settings\Default User\Start Menu\Programs\Startup\miny.exe [2010-8-28 115712]Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-16 69120]PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-16 69120][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Kontiki\\KService.exe"="c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\AIM\\aim.exe"="c:\\Program Files\\Vuze\\Azureus.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"=R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [16/03/2008 07:55 15172]R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [01/08/2009 21:30 9600]R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 08:57 390528]R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [19/04/2009 08:01 464264]R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [19/04/2009 08:02 234888]R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [16/10/2007 15:16 17149]S2 gupdate1c9a98eff5a8023;Google Update Service (gupdate1c9a98eff5a8023);c:\program files\Google\Update\GoogleUpdate.exe [20/03/2009 20:06 133104]S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [17/04/2007 20:59 30464]S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [17/04/2007 20:59 12672]S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [17/04/2007 20:59 40320]S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [17/04/2007 20:59 32000][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder2010-08-28 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-17 12:10]2010-08-28 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.co.uk/uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktopuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktopuInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktopuInternet Settings,ProxyOverride = <local>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.comFF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.startup.homepage - www.google.comFF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dllFF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dllFF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NP2020Player.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npcpbrkuk7.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npcsau7.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dllFF - plugin: c:\windows\system32\20-20 Technologies\3D Room Planner\NP2020Player.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false.- - - - ORPHANS REMOVED - - - -URLSearchHooks-FBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)URLSearchHooks-F99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)HKLM-Run-PCDrProfiler - (no file)AddRemove-Qloud Plug-in for iTunes - c:\program files\iTunes\Plug-Ins\Qloud\iTunesQLoudSetup.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-08-28 16:13Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-3016895886-430028113-3949317508-1007\Software\SecuROM\License information*]"datasecu"=hex:3c,9c,d1,1e,08,60,0c,29,3e,51,7f,3c,d7,46,05,33,06,2a,fd,5d,38, dc,c2,db,f3,6c,e9,a5,5f,be,0a,4a,95,35,30,e0,12,1b,85,22,98,b2,08,f1,d5,02,\"rkeysecu"=hex:72,6e,f2,2e,93,c6,fc,19,f3,84,65,38,d0,80,f5,3a.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(872)c:\windows\system32\Ati2evxx.dll- - - - - - - > 'explorer.exe'(7032)c:\windows\system32\WININET.dllc:\program files\Trusteer\Rapport\bin\rooksbas.dllc:\progra~1\WINDOW~1\wmpband.dllc:\program files\Common Files\Ahead\Lib\NeroSearchBar.dllc:\program files\Common Files\Ahead\Lib\MFC71U.DLLc:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dllc:\windows\system32\ieframe.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\program files\Microsoft Security Essentials\MsMpEng.exec:\windows\system32\Ati2evxx.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\windows\arservice.exec:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exec:\program files\Seagate\Basics\Service\SyncServicesBasics.exec:\program files\Bonjour\mDNSResponder.exec:\windows\eHome\ehRecvr.exec:\windows\eHome\ehSched.exec:\program files\Nero\Nero 7\InCD\InCDsrv.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Kontiki\KService.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\mysql\bin\mysqld-nt.exec:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exec:\windows\system32\HPZipm12.exec:\program files\Internet Explorer\IEXPLORE.EXEc:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exec:\windows\ehome\mcrdsvc.exec:\windows\RTHDCPL.EXEc:\windows\ARPWRMSG.EXEc:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exec:\windows\system32\dllhost.exec:\hp\KBD\KBD.EXEc:\windows\system32\wscntfy.exec:\program files\iPod\bin\iPodService.exec:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exec:\windows\eHome\ehmsas.exec:\windows\system\hpsysdrv.exec:\program files\Java\jre1.5.0_06\bin\jusched.exec:\program files\Common Files\Ahead\Lib\NMIndexingService.exec:\windows\system32\dwwin.exe.**************************************************************************.Completion time: 2010-08-28 16:28:41 - machine was rebootedComboFix-quarantined-files.txt 2010-08-28 15:28Pre-Run: 46,249,521,152 bytes freePost-Run: 85,626,241,024 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect- - End Of File - - 7487E8D401F82388537C1B91EA9CD87C Link to post Share on other sites More sharing options...
Elise Posted August 28, 2010 ID:306085 Share Posted August 28, 2010 Can you now please post a new OTL log? Link to post Share on other sites More sharing options...
dicko1981 Posted August 28, 2010 Author ID:306102 Share Posted August 28, 2010 OTL logfile created on: 28/08/2010 17:43:54 - Run 2OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\DownloadsWindows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 179.56 Gb Total Space | 79.76 Gb Free Space | 44.42% Space Free | Partition Type: NTFSDrive D: | 6.73 Gb Total Space | 0.58 Gb Free Space | 8.64% Space Free | Partition Type: FAT32E: Drive not present or media not loadedDrive F: | 76.33 Gb Total Space | 35.13 Gb Free Space | 46.03% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive L: | 698.64 Gb Total Space | 159.57 Gb Free Space | 22.84% Space Free | Partition Type: NTFSComputer Name: DICKINSONCurrent User Name: HP_AdministratorLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/08/28 17:43:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL (1).exePRC - [2010/08/28 16:05:01 | 001,175,552 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exePRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exePRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exePRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exePRC - [2010/06/14 18:41:23 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\Bin\HiYo.exePRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exePRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exePRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exePRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exePRC - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exePRC - [2009/02/27 13:18:50 | 000,015,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exePRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEPRC - [2009/02/16 13:11:44 | 000,269,824 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exePRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exePRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exePRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exePRC - [2008/07/11 18:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exePRC - [2008/03/05 13:18:14 | 000,910,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exePRC - [2008/03/05 13:18:02 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exePRC - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exePRC - [2008/03/05 13:15:30 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exePRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exePRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exePRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exePRC - [2007/12/07 10:34:00 | 000,176,128 | ---- | M] () -- C:\Program Files\INITIO\EZ-DUB Finder v1.3.45\inihid.exePRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exePRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exePRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exePRC - [2007/07/28 14:36:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2006/10/16 22:32:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2006/09/11 07:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exePRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exePRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exePRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exePRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exePRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exePRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exePRC - [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exePRC - [2003/02/17 12:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Tesco\Picture Suite\InsDetect.exe========== Modules (SafeList) ==========MOD - [2010/08/28 17:43:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL (1).exeMOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dllMOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dllMOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)SRV - [2010/08/28 16:05:01 | 001,175,552 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)SRV - [2010/08/28 15:51:45 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)SRV - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)SRV - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)DRV - [2010/03/01 08:57:39 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)DRV - [2008/03/16 07:55:41 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)DRV - [2008/03/05 13:15:42 | 000,039,208 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)DRV - [2008/03/05 13:15:40 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)DRV - [2008/03/05 13:15:36 | 000,108,328 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)DRV - [2007/04/17 21:05:13 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)DRV - [2007/04/17 20:59:10 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)DRV - [2007/04/17 20:59:10 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)DRV - [2007/04/17 20:59:10 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)DRV - [2006/10/16 22:57:45 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)DRV - [2006/04/05 05:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2006/02/27 13:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GoogleIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Google"FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="FF - prefs.js..browser.startup.homepage: "www.google.com"FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {a33fa729-d155-4b23-842b-2c665ecabdb6}:2.0.2.4FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 12:21:38 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 08:27:46 | 000,000,000 | ---D | M][2008/08/27 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions[2009/09/05 08:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/01/10 10:59:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2009/05/05 11:12:01 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}[2009/04/19 08:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2007/04/20 07:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2010/08/28 08:47:55 | 001,445,888 | ---- | M] (20-20 Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NP2020Player.dll[2010/08/28 08:47:56 | 000,151,552 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll[2010/08/28 08:47:56 | 000,274,432 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll[2010/08/28 08:47:56 | 000,177,664 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dllO1 HOSTS File: ([2010/08/28 16:09:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not foundO2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O3 - HKLM\..\Toolbar: (Yahoo! Link to post Share on other sites More sharing options...
Elise Posted August 28, 2010 ID:306134 Share Posted August 28, 2010 Hi, lets do that with a script. CF-SCRIPT-------------Open notepad and copy/paste the text in the quotebox below into it:<http://forums.malwarebytes.org/index.php?showtopic=61443&view=findpost&p=306102>Collect::c:\Program Files\Microsoft\DesktopLayer.exeRegistry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"Save this as CFScript.txt Refering to the picture above, drag CFScript.txt into ComboFix.exeWhen finished, it shall produce a log for you. Post that log in your next reply.**Note** When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.Ensure you are connected to the internet and click OK on the message box. Link to post Share on other sites More sharing options...
dicko1981 Posted August 28, 2010 Author ID:306170 Share Posted August 28, 2010 Hope this is right ComboFix 10-08-27.03 - HP_Administrator 28/08/2010 20:58:56.3.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1983.1288 [GMT 1:00]Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exeCommand switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txtAV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}file zipped: c:\program files\Microsoft\DesktopLayer.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\HP_Administrator\Application Data\Tiapc\eredi.exec:\program files\Internet Explorer\complete.datc:\program files\Internet Explorer\dmlconf.datc:\program files\Microsoft\DesktopLayer.exec:\windows\ExplorerSrv.exe.((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 ))))))))))))))))))))))))))))))).2010-08-28 20:15 . 2010-08-28 20:15 40448 ----a-w- c:\windows\ExplorerSrv.exe2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes2010-08-28 10:52 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-08-28 10:52 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-08-26 17:34 . 2010-08-28 15:10 -------- d-----w- c:\program files\temp2010-08-21 08:14 . 2010-08-21 08:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\fltk.org2010-08-17 17:44 . 2010-08-17 17:44 -------- d--h--w- c:\windows\msdownld.tmp2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PCHealth2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth2010-08-12 16:45 . 2005-09-05 10:21 362944 ----a-w- c:\windows\system32\drivers\WG11TND5.sys2010-08-12 16:45 . 2005-07-27 20:15 149392 ----a-w- c:\windows\system32\drivers\ar5523.bin2010-08-12 08:28 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe2010-08-12 08:19 . 2010-08-12 08:19 -------- d-----w- c:\program files\Microsoft Security Essentials.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-08-28 20:20 . 2008-08-17 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki2010-08-28 20:15 . 2009-09-22 12:45 -------- d-----w- c:\program files\Microsoft2010-08-28 20:13 . 2010-07-27 05:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Tiapc2010-08-28 19:49 . 2010-03-05 21:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Goix2010-08-28 19:47 . 2010-06-22 18:54 -------- d-----w- c:\program files\iTunes2010-08-28 15:11 . 2010-05-31 11:20 -------- d-----w- c:\program files\QuickTime2010-08-28 14:56 . 2006-10-16 21:32 -------- d-----w- c:\program files\HP DigitalMedia Archive2010-08-28 12:20 . 2008-09-12 16:32 -------- d-----w- c:\program files\MediaCoderSE2010-08-28 12:20 . 2009-04-24 16:55 -------- d-----w- c:\program files\VirtualDJ2010-08-28 12:19 . 2008-11-26 17:00 -------- d-----w- c:\program files\YASAMP4Converter2010-08-28 11:12 . 2008-05-15 04:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ygfehi2010-08-28 11:03 . 2008-11-19 15:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Regou2010-08-28 07:33 . 2009-04-21 19:16 -------- d-----w- c:\program files\7-Zip2010-08-28 07:33 . 2009-07-24 18:53 -------- d-----w- c:\program files\ABC Amber LIT Converter2010-08-28 07:33 . 2010-01-19 18:14 -------- d-----w- c:\program files\AIM2010-08-28 07:33 . 2009-08-31 08:17 -------- d-----w- c:\program files\AmazingMIDI2010-08-28 07:33 . 2010-05-21 18:02 -------- d-----w- c:\program files\AutoGK2010-08-28 07:32 . 2006-10-16 21:34 -------- d---a-w- c:\program files\Common Files\LightScribe2010-08-28 07:32 . 2008-04-13 15:39 -------- d-----w- c:\program files\Common Files\Macromedia2010-08-28 07:31 . 2006-10-16 21:28 -------- d-----w- c:\program files\Common Files\Sonic Shared2010-08-28 07:31 . 2006-10-16 21:33 -------- d-----w- c:\program files\Common Files\SureThing Shared2010-08-28 07:31 . 2008-07-03 13:08 -------- d-----w- c:\program files\Coupon Printer2010-08-28 07:31 . 2008-03-06 16:43 -------- d-----w- c:\program files\DVD Decrypter2010-08-28 07:31 . 2009-05-02 17:46 -------- d-----w- c:\program files\DVD2one V22010-08-28 07:31 . 2006-10-16 21:01 -------- d-----w- c:\program files\EnglishOtto2010-08-28 07:30 . 2009-07-17 07:27 -------- d-----w- c:\program files\Free MKV Video2Dvd2010-08-28 07:30 . 2006-10-16 21:01 -------- d-----w- c:\program files\GemMaster2010-08-28 07:29 . 2009-08-30 11:03 -------- d-----w- c:\program files\Guitar Pro 52010-08-28 07:27 . 2006-10-16 21:47 -------- d-----w- c:\program files\PC-Doctor 5 for Windows2010-08-28 07:27 . 2009-03-14 15:21 -------- d-----w- c:\program files\Qloud2010-08-28 07:26 . 2009-04-19 07:01 -------- d-----w- c:\program files\Vuze2010-08-28 07:26 . 2007-08-06 13:24 -------- d-----w- c:\program files\Xvid2010-08-28 07:26 . 2009-04-19 10:35 -------- d-----w- c:\program files\Zipeg2010-08-27 19:11 . 2010-06-06 13:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Facebook2010-08-27 13:45 . 2008-12-22 00:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Izzyfa2010-08-27 09:20 . 2009-05-30 13:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ogni2010-08-26 19:36 . 2006-10-16 21:33 -------- d-----w- c:\program files\Sonic2010-08-26 17:30 . 2008-05-05 20:08 -------- d-----w- c:\program files\FileZilla FTP Client2010-08-26 17:22 . 2009-04-19 07:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus2010-08-17 20:23 . 2009-09-13 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-08-12 16:45 . 2006-10-16 21:23 -------- d--h--w- c:\program files\InstallShield Installation Information2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\program files\Common Files\Symantec Shared2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec2010-08-12 07:23 . 2006-10-16 21:56 -------- d-----w- c:\program files\Symantec2010-08-12 07:10 . 2010-04-11 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton2009-04-19 10:46 . 2009-04-19 10:46 5723432 ----a-w- c:\program files\AdvrCntr42005-05-26 14:35 . 2010-03-13 05:08 1422 ----a-w- c:\program files\ReadMe.txt.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]2008-12-09 17:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Tesco Insert Detect"="c:\program files\Tesco\Picture Suite\InsDetect.exe" [2003-02-17 262144]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-03-05 148776]"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]"{7D6E6726-29BD-82F3-C8AB-F1B8077980FB}"="c:\documents and settings\HP_Administrator\Application Data\Raidko\ekgup.exe" [2007-10-05 115712]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-16 180269]"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2010-08-28 294912]"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"ftutil2"="ftutil2.dll" [2004-06-07 106496]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-05 161064]"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-03-05 1057064]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-28 466944]"Hiyo"="c:\program files\HiYo\Bin\bin\HiYo.exe" [2010-06-14 255344]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]c:\documents and settings\All Users\Start Menu\Programs\Startup\Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2009-2-16 269824]EZ-DUB Finder.lnk - c:\program files\INITIO\EZ-DUB Finder v1.3.45\inihid.exe [2010-3-13 221184]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2010-8-12 884840]c:\documents and settings\Default User\Start Menu\Programs\Startup\miny.exe [2010-8-28 115712]Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-16 69120]PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-16 69120][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Kontiki\\KService.exe"="c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\AIM\\aim.exe"="c:\\Program Files\\Vuze\\Azureus.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"="c:\\WINDOWS\\explorer.exe"=R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [16/03/2008 07:55 15172]R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [01/08/2009 21:30 9600]R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 08:57 390528]R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [19/04/2009 08:01 464264]R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [19/04/2009 08:02 234888]R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [16/10/2007 15:16 17149]S2 gupdate1c9a98eff5a8023;Google Update Service (gupdate1c9a98eff5a8023);c:\program files\Google\Update\GoogleUpdate.exe [20/03/2009 20:06 133104]S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [17/04/2007 20:59 30464]S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [17/04/2007 20:59 12672]S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [17/04/2007 20:59 40320]S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [17/04/2007 20:59 32000][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder2010-08-28 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-17 12:10]2010-08-28 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.co.uk/uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktopuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktopuInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktopuInternet Settings,ProxyOverride = <local>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.comFF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.startup.homepage - www.google.comFF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dllFF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-08-28 21:18Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-3016895886-430028113-3949317508-1007\Software\SecuROM\License information*]"datasecu"=hex:3c,9c,d1,1e,08,60,0c,29,3e,51,7f,3c,d7,46,05,33,06,2a,fd,5d,38, dc,c2,db,f3,6c,e9,a5,5f,be,0a,4a,95,35,30,e0,12,1b,85,22,98,b2,08,f1,d5,02,\"rkeysecu"=hex:72,6e,f2,2e,93,c6,fc,19,f3,84,65,38,d0,80,f5,3a.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(872)c:\windows\system32\Ati2evxx.dll- - - - - - - > 'explorer.exe'(6776)c:\windows\system32\WININET.dllc:\program files\Trusteer\Rapport\bin\rooksbas.dllc:\progra~1\WINDOW~1\wmpband.dllc:\program files\Common Files\Ahead\Lib\NeroSearchBar.dllc:\program files\Common Files\Ahead\Lib\MFC71U.DLLc:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dllc:\windows\system32\ieframe.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\program files\Microsoft Security Essentials\MsMpEng.exec:\windows\system32\Ati2evxx.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\windows\arservice.exec:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exec:\program files\Seagate\Basics\Service\SyncServicesBasics.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Internet Explorer\IEXPLORE.EXEc:\windows\eHome\ehRecvr.exec:\windows\eHome\ehSched.exec:\program files\Nero\Nero 7\InCD\InCDsrv.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Kontiki\KService.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\mysql\bin\mysqld-nt.exec:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exec:\windows\system32\HPZipm12.exec:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exec:\windows\ehome\mcrdsvc.exec:\windows\RTHDCPL.EXEc:\windows\ARPWRMSG.EXEc:\hp\KBD\KBD.EXEc:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exec:\windows\system32\dllhost.exec:\windows\system32\wscntfy.exec:\program files\iPod\bin\iPodService.exec:\windows\eHome\ehmsas.exec:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exec:\program files\Common Files\Ahead\Lib\NMIndexingService.exec:\windows\system32\dwwin.exec:\windows\system\hpsysdrv.exec:\program files\Java\jre1.5.0_06\bin\jusched.exe.**************************************************************************.Completion time: 2010-08-28 21:31:56 - machine was rebootedComboFix-quarantined-files.txt 2010-08-28 20:31ComboFix2.txt 2010-08-28 15:28Pre-Run: 85,759,668,224 bytes freePost-Run: 85,662,302,208 bytes free- - End Of File - - 7D0F0A968EDDC9B47DE8BCBEE1FCC9BE Link to post Share on other sites More sharing options...
Elise Posted August 29, 2010 ID:306514 Share Posted August 29, 2010 Please visit this site and follow the instructions for uploading the C:\Qoobox\Quarantine\[4]-Submit_2010-xx-xx@xx.xx.zipfile. (xx is date/time)Its now time to clean up some leftovers, but before doing so, I want to make sure the infection is no longer active, therefore please post me a new OTL log. Link to post Share on other sites More sharing options...
dicko1981 Posted August 29, 2010 Author ID:306530 Share Posted August 29, 2010 File uploaded and here is the new otl log OTL logfile created on: 29/08/2010 10:35:39 - Run 3OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\DownloadsWindows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 179.56 Gb Total Space | 79.79 Gb Free Space | 44.44% Space Free | Partition Type: NTFSDrive D: | 6.73 Gb Total Space | 0.58 Gb Free Space | 8.64% Space Free | Partition Type: FAT32E: Drive not present or media not loadedDrive F: | 76.33 Gb Total Space | 35.13 Gb Free Space | 46.03% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive L: | 698.64 Gb Total Space | 159.57 Gb Free Space | 22.84% Space Free | Partition Type: NTFSComputer Name: DICKINSONCurrent User Name: HP_AdministratorLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/08/28 20:37:26 | 000,221,184 | ---- | M] () -- C:\Program Files\INITIO\EZ-DUB Finder v1.3.45\inihid.exePRC - [2010/08/28 16:05:01 | 001,175,552 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exePRC - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exePRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exePRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exePRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exePRC - [2010/06/14 18:41:23 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\Bin\HiYo.exePRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exePRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exePRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exePRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exePRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exePRC - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exePRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEPRC - [2009/02/16 13:11:44 | 000,269,824 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exePRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exePRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exePRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exePRC - [2008/07/11 18:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exePRC - [2008/03/05 13:18:14 | 000,910,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exePRC - [2008/03/05 13:18:02 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exePRC - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exePRC - [2008/03/05 13:15:30 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exePRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exePRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exePRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exePRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exePRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exePRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exePRC - [2007/07/28 14:36:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2006/10/16 22:32:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2006/09/11 07:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exePRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exePRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exePRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exePRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exePRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exePRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exePRC - [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exePRC - [2003/02/17 12:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Tesco\Picture Suite\InsDetect.exe========== Modules (SafeList) ==========MOD - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exeMOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dllMOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dllMOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)SRV - [2010/08/28 16:05:01 | 001,175,552 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)SRV - [2010/08/28 15:51:45 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)SRV - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)SRV - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)DRV - [2010/03/01 08:57:39 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)DRV - [2008/03/16 07:55:41 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)DRV - [2008/03/05 13:15:42 | 000,039,208 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)DRV - [2008/03/05 13:15:40 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)DRV - [2008/03/05 13:15:36 | 000,108,328 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)DRV - [2007/04/17 21:05:13 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)DRV - [2007/04/17 20:59:10 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)DRV - [2007/04/17 20:59:10 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)DRV - [2007/04/17 20:59:10 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)DRV - [2006/10/16 22:57:45 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)DRV - [2006/04/05 05:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2006/02/27 13:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GoogleIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Google"FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="FF - prefs.js..browser.startup.homepage: "www.google.com"FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {a33fa729-d155-4b23-842b-2c665ecabdb6}:2.0.2.4FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 12:21:38 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 08:27:46 | 000,000,000 | ---D | M][2008/08/27 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions[2009/09/05 08:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/01/10 10:59:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2009/05/05 11:12:01 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}[2009/04/19 08:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2007/04/20 07:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2010/08/28 08:47:55 | 001,445,888 | ---- | M] (20-20 Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NP2020Player.dll[2010/08/28 08:47:56 | 000,151,552 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll[2010/08/28 08:47:56 | 000,274,432 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll[2010/08/28 08:47:56 | 000,177,664 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dllO1 HOSTS File: ([2010/08/28 21:15:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not foundO2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O3 - HKLM\..\Toolbar: (Yahoo! Link to post Share on other sites More sharing options...
Elise Posted August 29, 2010 ID:306541 Share Posted August 29, 2010 Unfortunately not yet...OTL FIX------------We need to run an OTL FixPlease reopen on your desktop.Copy and Paste the following code into the textbox. Do not include the word "Code":otlO4 - HKCU..\Run: [{7D6E6726-29BD-82F3-C8AB-F1B8077980FB}] C:\Documents and Settings\HP_Administrator\Application Data\Raidko\ekgup.exe ():filesc:\Program Files\Microsoft\DesktopLayer.exe:reg[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,":commands[emptytemp]Push OTL may ask to reboot the machine. Please do so if asked.Click .A report will open. Copy and Paste that report in your next reply.When done post me also a new OTL log. Link to post Share on other sites More sharing options...
dicko1981 Posted August 29, 2010 Author ID:306555 Share Posted August 29, 2010 otl fix logAll processes killed========== OTL ==========Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{7D6E6726-29BD-82F3-C8AB-F1B8077980FB} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D6E6726-29BD-82F3-C8AB-F1B8077980FB}\ not found.C:\Documents and Settings\HP_Administrator\Application Data\Raidko\ekgup.exe moved successfully.========== FILES ==========File move failed. c:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.========== REGISTRY ==========HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!========== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32768 bytesUser: All UsersUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes->Flash cache emptied: 41 bytesUser: HP_Administrator->Temp folder emptied: 764205 bytes->Temporary Internet Files folder emptied: 2297955 bytes->Java cache emptied: 38689583 bytes->FireFox cache emptied: 80627518 bytes->Google Chrome cache emptied: 272378744 bytes->Apple Safari cache emptied: 14336 bytes->Flash cache emptied: 2141171 bytesUser: LocalService->Temp folder emptied: 65748 bytes->Temporary Internet Files folder emptied: 82266 bytesUser: NetworkService->Temp folder emptied: 7710 bytes->Temporary Internet Files folder emptied: 49286 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 2577 bytes%systemroot%\System32\dllcache .tmp files removed: 5505024 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 31517 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 3154934 bytesTotal Files Cleaned = 387.00 mbOTL by OldTimer - Version 3.2.10.0 log created on 08292010_113313Files\Folders moved on Reboot...File move failed. c:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.Registry entries deleted on Reboot...The latest otl log OTL logfile created on: 29/08/2010 12:08:59 - Run 4OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\DownloadsWindows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 179.56 Gb Total Space | 80.22 Gb Free Space | 44.67% Space Free | Partition Type: NTFSDrive D: | 6.73 Gb Total Space | 0.58 Gb Free Space | 8.64% Space Free | Partition Type: FAT32E: Drive not present or media not loadedDrive F: | 76.33 Gb Total Space | 35.13 Gb Free Space | 46.03% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive L: | 698.64 Gb Total Space | 159.57 Gb Free Space | 22.84% Space Free | Partition Type: NTFSComputer Name: DICKINSONCurrent User Name: HP_AdministratorLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/08/29 11:02:38 | 000,221,184 | ---- | M] () -- C:\Program Files\INITIO\EZ-DUB Finder v1.3.45\inihid.exePRC - [2010/08/29 11:00:35 | 001,175,552 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exePRC - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exePRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exePRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exePRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exePRC - [2010/06/14 18:41:23 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\Bin\HiYo.exePRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exePRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exePRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exePRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exePRC - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exePRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEPRC - [2009/02/16 13:11:44 | 000,269,824 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exePRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exePRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exePRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exePRC - [2008/07/11 18:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exePRC - [2008/03/05 13:18:14 | 000,910,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exePRC - [2008/03/05 13:18:02 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exePRC - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exePRC - [2008/03/05 13:15:30 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exePRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exePRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exePRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exePRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exePRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exePRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exePRC - [2007/07/28 14:36:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2006/10/16 22:32:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2006/09/11 07:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exePRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exePRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exePRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exePRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exePRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exePRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exePRC - [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exePRC - [2003/02/17 12:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Tesco\Picture Suite\InsDetect.exe========== Modules (SafeList) ==========MOD - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exeMOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dllMOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dllMOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)SRV - [2010/08/29 11:00:35 | 001,175,552 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)SRV - [2010/08/28 15:51:45 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)SRV - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)SRV - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)DRV - [2010/03/01 08:57:39 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)DRV - [2008/03/16 07:55:41 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)DRV - [2008/03/05 13:15:42 | 000,039,208 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)DRV - [2008/03/05 13:15:40 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)DRV - [2008/03/05 13:15:36 | 000,108,328 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)DRV - [2007/04/17 21:05:13 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)DRV - [2007/04/17 20:59:10 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)DRV - [2007/04/17 20:59:10 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)DRV - [2007/04/17 20:59:10 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)DRV - [2006/10/16 22:57:45 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)DRV - [2006/04/05 05:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2006/02/27 13:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GoogleIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Google"FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="FF - prefs.js..browser.startup.homepage: "www.google.com"FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {a33fa729-d155-4b23-842b-2c665ecabdb6}:2.0.2.4FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 12:21:38 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 08:27:46 | 000,000,000 | ---D | M][2008/08/27 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions[2009/09/05 08:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/01/10 10:59:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2009/05/05 11:12:01 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}[2009/04/19 08:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2007/04/20 07:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2010/08/28 08:47:55 | 001,445,888 | ---- | M] (20-20 Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NP2020Player.dll[2010/08/28 08:47:56 | 000,151,552 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll[2010/08/28 08:47:56 | 000,274,432 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll[2010/08/28 08:47:56 | 000,177,664 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dllO1 HOSTS File: ([2010/08/28 21:15:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not foundO2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O3 - HKLM\..\Toolbar: (Yahoo! Link to post Share on other sites More sharing options...
Elise Posted August 29, 2010 ID:306574 Share Posted August 29, 2010 No luck there. Lets do some cleaning first.ESET ONLINE SCANNER----------------------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Check Push the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.Push the button.Push There is a small chance ESET will detect/delete the userinit hijack. For that reason, make sure not to delete the following file if detected!c:\program files\microsoft\desktoplayer.exeDo not allow ESET to remove found threats at first scan. Only if you see the above mentioned file is not detected, you can do that, otherwise just post the scan log. Link to post Share on other sites More sharing options...
dicko1981 Posted August 29, 2010 Author ID:306754 Share Posted August 29, 2010 probably not a good sign but the log was too long to post, i will try and upload the notepad documentESETScan.txt Link to post Share on other sites More sharing options...
Elise Posted August 29, 2010 ID:306758 Share Posted August 29, 2010 Can you please launch MBAM, update it and run a full scan? Please post me the resulting log. Link to post Share on other sites More sharing options...
dicko1981 Posted August 30, 2010 Author ID:307031 Share Posted August 30, 2010 Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4505Windows 5.1.2600 Service Pack 2Internet Explorer 7.0.5730.1130/08/2010 17:26:46mbam-log-2010-08-30 (17-26-46).txtScan type: Full scan (C:\|D:\|F:\|L:\|)Objects scanned: 393950Time elapsed: 5 hour(s), 13 minute(s), 41 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 2Folders Infected: 0Files Infected: 13Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{7d6e6726-29bd-82f3-c8ab-f1b8077980fb} (Trojan.ZbotR.Gen) -> No action taken.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> No action taken.Folders Infected:(No malicious items detected)Files Infected:C:\mysql\bin\mysqld-ntSrv.exe (Heuristics.Shuriken) -> No action taken.C:\WINDOWS\ExplorerSrv.exe (Heuristics.Shuriken) -> No action taken.C:\_OTL\MovedFiles\08292010_113313\c_Program Files\Microsoft\DesktopLayer.exe (Heuristics.Shuriken) -> No action taken.C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32InfoSrv.exe (Spyware.Passwords) -> No action taken.C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxxSrv.exe (Spyware.Passwords) -> No action taken.C:\Program Files\HP DigitalMedia Archive\DMASchedulerSrv.exe (Spyware.Passwords) -> No action taken.C:\Program Files\INITIO\EZ-DUB Finder v1.3.45\inihidSrv.exe (Spyware.Passwords) -> No action taken.C:\Program Files\iTunes\iTunesHelperSrv.exe (Spyware.Passwords) -> No action taken.C:\Program Files\QuickTime\QTTaskSrv.exe (Spyware.Passwords) -> No action taken.C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOpSrv.exe (Spyware.Passwords) -> No action taken.C:\Qoobox\Quarantine\C\Program Files\Microsoft\DesktopLayer.exe.vir (Spyware.Passwords) -> No action taken.C:\Qoobox\Quarantine\C\WINDOWS\explorerSrv.exe.vir (Spyware.Passwords) -> No action taken.C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> No action taken. Link to post Share on other sites More sharing options...
Elise Posted August 30, 2010 ID:307038 Share Posted August 30, 2010 Did you remove all items? If so, please post me a new OTL log. Link to post Share on other sites More sharing options...
dicko1981 Posted August 30, 2010 Author ID:307051 Share Posted August 30, 2010 i have removed all items, rebooted and here is the latest otl log, hope this helps OTL logfile created on: 30/08/2010 18:23:03 - Run 5OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\DownloadsWindows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 179.56 Gb Total Space | 79.37 Gb Free Space | 44.20% Space Free | Partition Type: NTFSDrive D: | 6.73 Gb Total Space | 0.60 Gb Free Space | 8.85% Space Free | Partition Type: FAT32E: Drive not present or media not loadedDrive F: | 76.33 Gb Total Space | 35.13 Gb Free Space | 46.03% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive L: | 698.64 Gb Total Space | 159.58 Gb Free Space | 22.84% Space Free | Partition Type: NTFSComputer Name: DICKINSONCurrent User Name: HP_AdministratorLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/08/29 11:02:38 | 000,221,184 | ---- | M] () -- C:\Program Files\INITIO\EZ-DUB Finder v1.3.45\inihid.exePRC - [2010/08/29 11:00:35 | 001,175,552 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exePRC - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exePRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exePRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exePRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exePRC - [2010/06/14 18:41:23 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\Bin\HiYo.exePRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exePRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exePRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exePRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exePRC - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exePRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEPRC - [2009/02/16 13:11:44 | 000,269,824 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exePRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exePRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exePRC - [2008/11/04 01:44:24 | 000,435,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXEPRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exePRC - [2008/07/11 18:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exePRC - [2008/03/05 13:18:14 | 000,910,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exePRC - [2008/03/05 13:18:02 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exePRC - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exePRC - [2008/03/05 13:15:30 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exePRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exePRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exePRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exePRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exePRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exePRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exePRC - [2007/07/28 14:36:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2006/10/16 22:32:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2006/09/11 07:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exePRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exePRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exePRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exePRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exePRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exePRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exePRC - [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exePRC - [2003/02/17 12:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Tesco\Picture Suite\InsDetect.exe========== Modules (SafeList) ==========MOD - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exeMOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dllMOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dllMOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)SRV - [2010/08/29 11:00:35 | 001,175,552 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)SRV - [2010/08/28 15:51:45 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)SRV - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)SRV - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)DRV - [2010/03/01 08:57:39 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)DRV - [2008/03/16 07:55:41 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)DRV - [2008/03/05 13:15:42 | 000,039,208 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)DRV - [2008/03/05 13:15:40 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)DRV - [2008/03/05 13:15:36 | 000,108,328 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)DRV - [2007/04/17 21:05:13 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)DRV - [2007/04/17 20:59:10 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)DRV - [2007/04/17 20:59:10 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)DRV - [2007/04/17 20:59:10 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)DRV - [2006/10/16 22:57:45 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)DRV - [2006/04/05 05:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2006/02/27 13:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GoogleIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Google"FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="FF - prefs.js..browser.startup.homepage: "www.google.com"FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {a33fa729-d155-4b23-842b-2c665ecabdb6}:2.0.2.4FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 12:21:38 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/29 15:58:56 | 000,000,000 | ---D | M][2008/08/27 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions[2009/09/05 08:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/01/10 10:59:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2009/05/05 11:12:01 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}[2009/04/19 08:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2007/04/20 07:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2010/08/28 08:47:55 | 001,400,832 | ---- | M] (20-20 Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NP2020Player.dll[2010/08/28 08:47:56 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll[2010/08/28 08:47:56 | 000,229,376 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll[2010/08/28 08:47:56 | 000,135,680 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dllO1 HOSTS File: ([2010/08/28 21:15:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not foundO2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O3 - HKLM\..\Toolbar: (Yahoo! Link to post Share on other sites More sharing options...
Elise Posted August 30, 2010 ID:307068 Share Posted August 30, 2010 Please delete your old copy of combofix and download a new one.Then, run OTL, and copy/paste the following text into the runbox::commands[emptytemp]. Click Run Fix and immediately after the reboot, run Combofix as follows:CF-SCRIPT-------------We need to execute a CF-script.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:File::L:\0969b4bf15330f14cd54\i386\filterpipelineprintproc.dllL:\0969b4bf15330f14cd54\i386\mxdwdrv.dllL:\0969b4bf15330f14cd54\i386\xpssvcs.dllSave this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
dicko1981 Posted August 30, 2010 Author ID:307095 Share Posted August 30, 2010 ComboFix 10-08-29.04 - HP_Administrator 30/08/2010 20:39:33.4.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1983.1205 [GMT 1:00]Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exeCommand switches used :: c:\documents and settings\HP_Administrator\My Documents\Downloads\CFScript.txtAV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} * Created a new restore pointFILE ::"l:\0969b4bf15330f14cd54\i386\filterpipelineprintproc.dll""l:\0969b4bf15330f14cd54\i386\mxdwdrv.dll""l:\0969b4bf15330f14cd54\i386\xpssvcs.dll".((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\Internet Explorer\complete.datc:\program files\Internet Explorer\dmlconf.datc:\program files\Microsoft\DesktopLayer.exel:\0969b4bf15330f14cd54\i386\filterpipelineprintproc.dlll:\0969b4bf15330f14cd54\i386\mxdwdrv.dlll:\0969b4bf15330f14cd54\i386\xpssvcs.dll.((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 ))))))))))))))))))))))))))))))).2010-08-29 12:43 . 2010-08-29 12:43 -------- d-----w- c:\program files\ESET2010-08-29 10:33 . 2010-08-29 10:33 -------- d-----w- C:\_OTL2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes2010-08-28 10:52 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-08-28 10:52 . 2010-08-30 11:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-08-28 10:52 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-08-27 19:48 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{97D0B0DB-6D31-4E9E-810F-DC8C6DC7B60A}-demo32.exe2010-08-27 19:08 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{E46F4510-28C6-49C8-BB7F-7E25A7A2D0C3}-demo32.exe2010-08-27 18:14 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5B5792AC-466A-43DB-9379-A0D9FE29C162}-demo32.exe2010-08-27 17:07 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{DE3EA373-27A6-4FE1-BB67-2E6D71067E70}-demo32.exe2010-08-27 16:09 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{36D7BEFF-C19D-4F6A-AE3C-4BC3E609A720}-demo32.exe2010-08-27 15:12 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D01D4CF6-E3FD-4991-9A83-0F983C00489D}-demo32.exe2010-08-27 14:01 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{06C30791-2AF0-4850-BEAF-3C43B2EF37D9}-demo32.exe2010-08-27 13:09 . 2010-08-28 14:39 229376 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D4E87346-F81F-4A9B-B1B5-B917179C4549}-Flanger_Lite.dll2010-08-27 13:09 . 2010-08-28 14:39 98304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{A89EB5CE-4AF1-4229-B346-BDA3B59EEE84}-flanger.dll2010-08-27 13:09 . 2010-08-28 14:38 228864 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{404851A4-8351-4E41-8F3A-A08494C9DDE3}-flanger_lite_8x.dll2010-08-27 13:09 . 2010-08-28 14:38 49152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{83B04BC8-5FE1-4A02-8B97-666AC2E0F70B}-Echo.dll2010-08-27 13:09 . 2010-08-28 14:38 143360 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{389FCACF-FA8F-4D80-A6E4-DEA45B215DAB}-Filters.dll2010-08-27 13:09 . 2010-08-28 14:39 245760 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{CF0C9055-7D95-4BF7-9E4A-B697685FA106}-Cut.dll2010-08-27 13:09 . 2010-08-28 14:38 49152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{534E29EF-6F56-4936-933D-C996705DDBED}-DFV Flanger.dll2010-08-27 13:09 . 2010-08-28 14:39 557056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B1B7D4BD-5378-42C2-8A5F-7E8CF41C8AC0}-BeatGrid.dll2010-08-27 13:09 . 2010-08-28 14:38 102400 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{11B94EE1-7A13-4E9E-B4F4-783AE5F486A4}-brake.dll2010-08-27 13:09 . 2010-08-28 14:39 102400 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{A8E4A025-6C30-4C15-BD3F-2B5E9426576E}-backspin.dll2010-08-27 13:09 . 2010-08-28 14:38 28672 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8FCB47E8-80C8-4074-8CC9-DFC3EC9283D3}-balance.dll2010-08-27 13:09 . 2010-08-28 14:38 40960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5C6BDD2A-DD07-4EA6-AACB-8B2A2017F190}-Beat break.dll2010-08-27 13:09 . 2010-08-28 14:38 36864 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6842D076-215F-4992-95FC-7FB8475C78B7}-AutoCut.dll2010-08-27 12:59 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FA7772A5-0F1E-44FB-AC79-70630B19E43A}-demo32.exe2010-08-27 12:01 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{DE6F499D-F730-4166-B32A-2DC84B318B7F}-demo32.exe2010-08-27 10:57 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{43324295-C9D3-436C-BCE7-72679A7C1F8F}-demo32.exe2010-08-26 19:00 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{AC3EB925-A6ED-4B76-B713-BC3BE6E88010}-demo32.exe2010-08-26 17:34 . 2010-08-30 14:03 -------- d-----w- c:\program files\temp2010-08-21 08:14 . 2010-08-21 08:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\fltk.org2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PCHealth2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth2010-08-12 16:45 . 2005-09-05 10:21 362944 ----a-w- c:\windows\system32\drivers\WG11TND5.sys2010-08-12 16:45 . 2005-07-27 20:15 149392 ----a-w- c:\windows\system32\drivers\ar5523.bin2010-08-12 08:28 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe2010-08-12 08:19 . 2010-08-12 08:19 -------- d-----w- c:\program files\Microsoft Security Essentials.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-08-30 19:49 . 2008-08-17 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki2010-08-30 19:48 . 2009-09-22 12:45 -------- d-----w- c:\program files\Microsoft2010-08-30 16:59 . 2010-06-22 18:54 -------- d-----w- c:\program files\iTunes2010-08-30 16:54 . 2007-06-03 09:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azdix2010-08-30 16:18 . 2009-02-13 10:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Utenk2010-08-29 15:27 . 2009-04-19 10:35 -------- d-----w- c:\program files\Zipeg2010-08-29 15:27 . 2008-11-26 17:00 -------- d-----w- c:\program files\YASAMP4Converter2010-08-29 15:27 . 2007-08-06 13:24 -------- d-----w- c:\program files\Xvid2010-08-29 15:25 . 2009-04-19 07:01 -------- d-----w- c:\program files\Vuze2010-08-29 15:24 . 2009-04-24 16:55 -------- d-----w- c:\program files\VirtualDJ2010-08-29 15:19 . 2010-05-31 11:20 -------- d-----w- c:\program files\QuickTime2010-08-29 15:19 . 2009-03-14 15:21 -------- d-----w- c:\program files\Qloud2010-08-29 15:19 . 2006-10-16 21:47 -------- d-----w- c:\program files\PC-Doctor 5 for Windows2010-08-29 14:54 . 2008-09-12 16:32 -------- d-----w- c:\program files\MediaCoderSE2010-08-29 14:48 . 2006-10-16 21:32 -------- d-----w- c:\program files\HP DigitalMedia Archive2010-08-29 14:41 . 2009-08-30 11:03 -------- d-----w- c:\program files\Guitar Pro 52010-08-29 14:40 . 2006-10-16 21:01 -------- d-----w- c:\program files\GemMaster2010-08-29 14:39 . 2009-07-17 07:27 -------- d-----w- c:\program files\Free MKV Video2Dvd2010-08-29 14:37 . 2006-10-16 21:01 -------- d-----w- c:\program files\EnglishOtto2010-08-29 14:36 . 2009-05-02 17:46 -------- d-----w- c:\program files\DVD2one V22010-08-29 14:36 . 2008-03-06 16:43 -------- d-----w- c:\program files\DVD Decrypter2010-08-29 14:34 . 2008-07-03 13:08 -------- d-----w- c:\program files\Coupon Printer2010-08-29 14:34 . 2006-10-16 21:33 -------- d-----w- c:\program files\Common Files\SureThing Shared2010-08-29 14:33 . 2006-10-16 21:28 -------- d-----w- c:\program files\Common Files\Sonic Shared2010-08-29 14:31 . 2008-04-13 15:39 -------- d-----w- c:\program files\Common Files\Macromedia2010-08-29 14:31 . 2006-10-16 21:34 -------- d---a-w- c:\program files\Common Files\LightScribe2010-08-29 14:24 . 2010-05-21 18:02 -------- d-----w- c:\program files\AutoGK2010-08-29 14:24 . 2009-08-31 08:17 -------- d-----w- c:\program files\AmazingMIDI2010-08-29 14:24 . 2010-01-19 18:14 -------- d-----w- c:\program files\AIM2010-08-29 14:23 . 2009-07-24 18:53 -------- d-----w- c:\program files\ABC Amber LIT Converter2010-08-29 14:23 . 2009-04-21 19:16 -------- d-----w- c:\program files\7-Zip2010-08-29 13:18 . 2010-06-06 13:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Facebook2010-08-29 10:33 . 2007-10-05 18:54 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Raidko2010-08-29 09:45 . 2007-08-02 11:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Avmii2010-08-28 20:13 . 2010-07-27 05:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Tiapc2010-08-28 19:49 . 2010-03-05 21:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Goix2010-08-28 14:46 . 2009-11-08 11:49 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll2010-08-28 14:46 . 2010-01-10 09:59 340480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll2010-08-28 14:46 . 2010-01-10 09:59 346624 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll2010-08-28 14:46 . 2009-05-05 10:12 51200 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dll2010-08-28 14:46 . 2009-05-05 10:12 114688 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\npmozax.dll2010-08-28 14:46 . 2010-01-10 09:59 43008 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll2010-08-28 14:46 . 2010-01-10 09:59 872960 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll2010-08-28 14:46 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll2010-08-28 14:38 . 2010-08-27 19:55 102400 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9425048F-740E-448D-A074-75C1D43CBF53}-karaoke.dll2010-08-28 11:12 . 2008-05-15 04:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ygfehi2010-08-28 11:03 . 2008-11-19 15:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Regou2010-08-27 13:45 . 2008-12-22 00:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Izzyfa2010-08-27 09:20 . 2009-05-30 13:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ogni2010-08-26 19:36 . 2006-10-16 21:33 -------- d-----w- c:\program files\Sonic2010-08-26 17:30 . 2008-05-05 20:08 -------- d-----w- c:\program files\FileZilla FTP Client2010-08-26 17:22 . 2009-04-19 07:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus2010-08-21 18:55 . 2010-07-16 17:18 452104 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\Update\setup3.12\setup.exe2010-08-17 20:23 . 2009-09-13 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-08-12 16:45 . 2006-10-16 21:23 -------- d--h--w- c:\program files\InstallShield Installation Information2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\program files\Common Files\Symantec Shared2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec2010-08-12 07:23 . 2006-10-16 21:56 -------- d-----w- c:\program files\Symantec2010-08-12 07:10 . 2010-04-11 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll2010-06-22 18:30 . 2010-06-22 18:30 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe2010-06-22 18:16 . 2010-06-22 18:16 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe2010-06-14 14:30 . 2004-08-10 04:00 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe2010-06-14 12:20 . 2009-02-22 10:04 427376 ----a-w- c:\documents and settings\HP_Administrator\Application Data\HiYo\Data\hiyo_install.exe2010-06-06 13:26 . 2010-06-06 13:26 50354 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Facebook\uninstall.exe2009-04-19 10:46 . 2009-04-19 10:46 5723432 ----a-w- c:\program files\AdvrCntr42005-05-26 14:35 . 2010-03-13 05:08 1422 ----a-w- c:\program files\ReadMe.txt.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]2008-12-09 17:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Tesco Insert Detect"="c:\program files\Tesco\Picture Suite\InsDetect.exe" [2003-02-17 262144]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-03-05 148776]"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-16 180269]"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2010-08-28 249856]"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"ftutil2"="ftutil2.dll" [2004-06-07 106496]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-05 161064]"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-03-05 1057064]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-28 421888]"Hiyo"="c:\program files\HiYo\Bin\bin\HiYo.exe" [2010-06-14 255344]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]c:\documents and settings\All Users\Start Menu\Programs\Startup\Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2009-2-16 269824]EZ-DUB Finder.lnk - c:\program files\INITIO\EZ-DUB Finder v1.3.45\inihid.exe [2010-3-13 221184]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 303104]McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2010-8-12 884840]c:\documents and settings\Default User\Start Menu\Programs\Startup\ogydu.exe [2010-8-30 139776]Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-16 27136]PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-16 27136][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Kontiki\\KService.exe"="c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\AIM\\aim.exe"="c:\\Program Files\\Vuze\\Azureus.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"=R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [16/03/2008 07:55 15172]R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [01/08/2009 21:30 9600]R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 08:57 390528]R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [19/04/2009 08:01 464264]R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [19/04/2009 08:02 234888]R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [16/10/2007 15:16 17149]S2 gupdate1c9a98eff5a8023;Google Update Service (gupdate1c9a98eff5a8023);c:\program files\Google\Update\GoogleUpdate.exe [20/03/2009 20:06 133104]S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [17/04/2007 20:59 30464]S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [17/04/2007 20:59 12672]S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [17/04/2007 20:59 40320]S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [17/04/2007 20:59 32000][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder2010-08-30 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-17 12:10]2010-08-30 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.co.uk/uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktopuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktopuInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktopuInternet Settings,ProxyOverride = <local>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.comFF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.startup.homepage - www.google.comFF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dllFF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-08-30 20:49Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-3016895886-430028113-3949317508-1007\Software\SecuROM\License information*]"datasecu"=hex:3c,9c,d1,1e,08,60,0c,29,3e,51,7f,3c,d7,46,05,33,06,2a,fd,5d,38, dc,c2,db,f3,6c,e9,a5,5f,be,0a,4a,95,35,30,e0,12,1b,85,22,98,b2,08,f1,d5,02,\"rkeysecu"=hex:72,6e,f2,2e,93,c6,fc,19,f3,84,65,38,d0,80,f5,3a.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(860)c:\windows\system32\Ati2evxx.dll.Completion time: 2010-08-30 20:53:05ComboFix-quarantined-files.txt 2010-08-30 19:52ComboFix2.txt 2010-08-28 20:31ComboFix3.txt 2010-08-28 15:28Pre-Run: 85,341,618,176 bytes freePost-Run: 85,430,849,536 bytes free- - End Of File - - 9E11A865E11637BD4BECF046EE60BE41 Link to post Share on other sites More sharing options...
Elise Posted August 30, 2010 ID:307101 Share Posted August 30, 2010 Time for yet another OTL log. Link to post Share on other sites More sharing options...
dicko1981 Posted August 31, 2010 Author ID:307272 Share Posted August 31, 2010 im getting good at these OTL logfile created on: 31/08/2010 07:35:11 - Run 6OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\DownloadsWindows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 179.56 Gb Total Space | 79.52 Gb Free Space | 44.29% Space Free | Partition Type: NTFSDrive D: | 6.73 Gb Total Space | 0.60 Gb Free Space | 8.85% Space Free | Partition Type: FAT32E: Drive not present or media not loadedDrive F: | 76.33 Gb Total Space | 35.13 Gb Free Space | 46.03% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive L: | 698.64 Gb Total Space | 159.58 Gb Free Space | 22.84% Space Free | Partition Type: NTFSComputer Name: DICKINSONCurrent User Name: HP_AdministratorLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/08/29 11:02:38 | 000,221,184 | ---- | M] () -- C:\Program Files\INITIO\EZ-DUB Finder v1.3.45\inihid.exePRC - [2010/08/29 11:00:35 | 001,175,552 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exePRC - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exePRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exePRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exePRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exePRC - [2010/06/14 18:41:23 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\Bin\HiYo.exePRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exePRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exePRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exePRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exePRC - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exePRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEPRC - [2009/02/16 13:11:44 | 000,269,824 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exePRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exePRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exePRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exePRC - [2008/07/11 18:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exePRC - [2008/03/05 13:18:02 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exePRC - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exePRC - [2008/03/05 13:15:30 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exePRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exePRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exePRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exePRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exePRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exePRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exePRC - [2007/07/28 14:36:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2006/10/16 22:32:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2006/09/11 07:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exePRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exePRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exePRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exePRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exePRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exePRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exePRC - [2003/02/17 12:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Tesco\Picture Suite\InsDetect.exe========== Modules (SafeList) ==========MOD - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exeMOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dllMOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dllMOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)SRV - [2010/08/29 11:00:35 | 001,175,552 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)SRV - [2010/08/28 15:51:45 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)SRV - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)SRV - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)DRV - [2010/03/01 08:57:39 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)DRV - [2008/03/16 07:55:41 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)DRV - [2008/03/05 13:15:42 | 000,039,208 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)DRV - [2008/03/05 13:15:40 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)DRV - [2008/03/05 13:15:36 | 000,108,328 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)DRV - [2007/04/17 21:05:13 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)DRV - [2007/04/17 20:59:10 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)DRV - [2007/04/17 20:59:10 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)DRV - [2007/04/17 20:59:10 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)DRV - [2006/10/16 22:57:45 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)DRV - [2006/04/05 05:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2006/02/27 13:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GoogleIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Google"FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="FF - prefs.js..browser.startup.homepage: "www.google.com"FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {a33fa729-d155-4b23-842b-2c665ecabdb6}:2.0.2.4FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 12:21:38 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/29 15:58:56 | 000,000,000 | ---D | M][2008/08/27 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions[2009/09/05 08:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/01/10 10:59:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2009/05/05 11:12:01 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}[2009/04/19 08:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2007/04/20 07:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2010/08/28 08:47:55 | 001,400,832 | ---- | M] (20-20 Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NP2020Player.dll[2010/08/28 08:47:56 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll[2010/08/28 08:47:56 | 000,229,376 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll[2010/08/28 08:47:56 | 000,135,680 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dllO1 HOSTS File: ([2010/08/30 20:49:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not foundO2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O3 - HKLM\..\Toolbar: (Yahoo! Link to post Share on other sites More sharing options...
Recommended Posts