Jump to content

ramnit.b


Recommended Posts

Hi, i'm new to all this and have only basic computer knowledge so apologies in advance for any mistakes/errors etc :P

i have a HP computer running windows xp and have microsoft security essentials installed

It has recently been picking up something called ramnit.b and using all onscreen prompts fail to remove it as it keeps coming back almost instantly :P

After a full scan it 'cleans infected files' only for them to reappear.

I ran the antimalware program downloaded from here and it picked up 8 infected items but microsofts scan showed over 800?

here is the log from the antimalware thingy:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4493

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.11

28/08/2010 12:12:07

mbam-log-2010-08-28 (12-12-07).txt

Scan type: Quick scan

Objects scanned: 159841

Time elapsed: 16 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{7d6e6726-29bd-82f3-c8ab-f1b8077980fb} (Trojan.ZbotR.Gen) -> Delete on reboot.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\e.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\YC1DNOO8\svchost[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Delete on reboot.

basically is there anything I can do to get rid of the thing??

Many Thanks

John

Link to post
Share on other sites

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

Hello ,

And :P My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Thanks for the reply

OTL log

OTL logfile created on: 28/08/2010 13:03:41 - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 179.56 Gb Total Space | 39.33 Gb Free Space | 21.91% Space Free | Partition Type: NTFS

Drive D: | 6.73 Gb Total Space | 0.58 Gb Free Space | 8.64% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 76.33 Gb Total Space | 35.13 Gb Free Space | 46.03% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive L: | 698.64 Gb Total Space | 156.32 Gb Free Space | 22.38% Space Free | Partition Type: NTFS

Computer Name: DICKINSON

Current User Name: HP_Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/28 13:03:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe

PRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2010/06/14 18:41:23 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\Bin\HiYo.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

PRC - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

PRC - [2009/02/16 13:11:44 | 000,269,824 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe

PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

PRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2008/07/11 18:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

PRC - [2008/03/05 13:18:02 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2008/03/05 13:15:30 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe

PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe

PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe

PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/12/07 10:34:00 | 000,176,128 | ---- | M] () -- C:\Program Files\INITIO\EZ-DUB Finder v1.3.45\inihid.exe

PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2007/07/28 14:36:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/10/16 22:32:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2006/09/11 07:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

PRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe

PRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe

PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe

PRC - [2003/02/17 12:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Tesco\Picture Suite\InsDetect.exe

PRC - [2002/08/14 04:33:46 | 001,130,496 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exe

========== Modules (SafeList) ==========

MOD - [2010/08/28 13:03:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe

MOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll

MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/08/28 08:45:06 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)

SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)

SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)

SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)

SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)

SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

SRV - [2002/08/14 04:33:46 | 001,130,496 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)

DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)

DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)

DRV - [2010/03/01 08:57:39 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)

DRV - [2008/03/16 07:55:41 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)

DRV - [2008/03/05 13:15:42 | 000,039,208 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2008/03/05 13:15:40 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2008/03/05 13:15:36 | 000,108,328 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)

DRV - [2007/04/17 21:05:13 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)

DRV - [2007/04/17 20:59:10 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)

DRV - [2007/04/17 20:59:10 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)

DRV - [2007/04/17 20:59:10 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)

DRV - [2006/10/16 22:57:45 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)

DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)

DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)

DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)

DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)

DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)

DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)

DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)

DRV - [2006/04/05 05:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/02/27 13:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)

DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKCU\..\URLSearchHook: F99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: FBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a33fa729-d155-4b23-842b-2c665ecabdb6}:2.0.2.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 12:21:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 08:27:46 | 000,000,000 | ---D | M]

[2008/08/27 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions

[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions

[2009/09/05 08:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/10 10:59:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/05/05 11:12:01 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}

[2009/04/19 08:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/04/20 07:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/08/28 08:47:55 | 001,445,888 | ---- | M] (20-20 Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NP2020Player.dll

[2010/08/28 08:47:56 | 000,151,552 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll

[2010/08/28 08:47:56 | 000,274,432 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll

[2010/08/28 08:47:56 | 000,177,664 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dll

O1 HOSTS File: ([2004/08/10 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo!

Link to post
Share on other sites

I see indeed some evidence of Ramnit here. Before cleaning all infected files, lets first make sure its no longer active.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

ComboFix 10-08-27.03 - HP_Administrator 28/08/2010 16:01:04.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1983.1095 [GMT 1:00]

Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\1.wmv

c:\documents and settings\HP_Administrator\Favorites\Download programs.url

c:\documents and settings\HP_Administrator\Favorites\Games.url

c:\documents and settings\HP_Administrator\Favorites\Translator.url

c:\documents and settings\HP_Administrator\Favorites\Videos.url

c:\documents and settings\HP_Administrator\Start Menu\Programs\Download programs.url

c:\documents and settings\HP_Administrator\Start Menu\Programs\Games.url

c:\documents and settings\HP_Administrator\Start Menu\Programs\Translator.url

c:\documents and settings\HP_Administrator\Start Menu\Programs\Videos.url

c:\program files\Internet Explorer\complete.dat

c:\program files\Internet Explorer\dmlconf.dat

c:\program files\Microsoft\DesktopLayer.exe

D:\Autorun.inf

L:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 )))))))))))))))))))))))))))))))

.

2010-08-28 14:44 . 2010-08-28 14:44 -------- d-----w- c:\windows\LastGood.Tmp

2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2010-08-28 10:52 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-28 10:52 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-26 17:34 . 2010-08-28 15:10 -------- d-----w- c:\program files\temp

2010-08-21 08:14 . 2010-08-21 08:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\fltk.org

2010-08-17 17:44 . 2010-08-17 17:44 -------- d--h--w- c:\windows\msdownld.tmp

2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PCHealth

2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-08-12 16:45 . 2005-09-05 10:21 362944 ----a-w- c:\windows\system32\drivers\WG11TND5.sys

2010-08-12 16:45 . 2005-07-27 20:15 149392 ----a-w- c:\windows\system32\drivers\ar5523.bin

2010-08-12 08:28 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-08-12 08:19 . 2010-08-12 08:19 -------- d-----w- c:\program files\Microsoft Security Essentials

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-28 15:15 . 2008-08-17 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki

2010-08-28 15:11 . 2010-05-31 11:20 -------- d-----w- c:\program files\QuickTime

2010-08-28 15:10 . 2010-03-05 21:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Goix

2010-08-28 15:10 . 2009-09-22 12:45 -------- d-----w- c:\program files\Microsoft

2010-08-28 14:56 . 2006-10-16 21:32 -------- d-----w- c:\program files\HP DigitalMedia Archive

2010-08-28 12:20 . 2008-09-12 16:32 -------- d-----w- c:\program files\MediaCoderSE

2010-08-28 12:20 . 2009-04-24 16:55 -------- d-----w- c:\program files\VirtualDJ

2010-08-28 12:19 . 2008-11-26 17:00 -------- d-----w- c:\program files\YASAMP4Converter

2010-08-28 11:12 . 2008-05-15 04:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ygfehi

2010-08-28 11:03 . 2008-11-19 15:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Regou

2010-08-28 07:33 . 2009-04-21 19:16 -------- d-----w- c:\program files\7-Zip

2010-08-28 07:33 . 2009-07-24 18:53 -------- d-----w- c:\program files\ABC Amber LIT Converter

2010-08-28 07:33 . 2010-01-19 18:14 -------- d-----w- c:\program files\AIM

2010-08-28 07:33 . 2009-08-31 08:17 -------- d-----w- c:\program files\AmazingMIDI

2010-08-28 07:33 . 2010-05-21 18:02 -------- d-----w- c:\program files\AutoGK

2010-08-28 07:32 . 2006-10-16 21:34 -------- d---a-w- c:\program files\Common Files\LightScribe

2010-08-28 07:32 . 2008-04-13 15:39 -------- d-----w- c:\program files\Common Files\Macromedia

2010-08-28 07:31 . 2006-10-16 21:28 -------- d-----w- c:\program files\Common Files\Sonic Shared

2010-08-28 07:31 . 2006-10-16 21:33 -------- d-----w- c:\program files\Common Files\SureThing Shared

2010-08-28 07:31 . 2008-07-03 13:08 -------- d-----w- c:\program files\Coupon Printer

2010-08-28 07:31 . 2008-03-06 16:43 -------- d-----w- c:\program files\DVD Decrypter

2010-08-28 07:31 . 2009-05-02 17:46 -------- d-----w- c:\program files\DVD2one V2

2010-08-28 07:31 . 2006-10-16 21:01 -------- d-----w- c:\program files\EnglishOtto

2010-08-28 07:30 . 2009-07-17 07:27 -------- d-----w- c:\program files\Free MKV Video2Dvd

2010-08-28 07:30 . 2006-10-16 21:01 -------- d-----w- c:\program files\GemMaster

2010-08-28 07:29 . 2009-08-30 11:03 -------- d-----w- c:\program files\Guitar Pro 5

2010-08-28 07:27 . 2006-10-16 21:47 -------- d-----w- c:\program files\PC-Doctor 5 for Windows

2010-08-28 07:27 . 2009-03-14 15:21 -------- d-----w- c:\program files\Qloud

2010-08-28 07:26 . 2009-04-19 07:01 -------- d-----w- c:\program files\Vuze

2010-08-28 07:26 . 2007-08-06 13:24 -------- d-----w- c:\program files\Xvid

2010-08-28 07:26 . 2009-04-19 10:35 -------- d-----w- c:\program files\Zipeg

2010-08-27 19:11 . 2010-06-06 13:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Facebook

2010-08-27 13:45 . 2008-12-22 00:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Izzyfa

2010-08-27 09:20 . 2009-05-30 13:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ogni

2010-08-26 19:36 . 2006-10-16 21:33 -------- d-----w- c:\program files\Sonic

2010-08-26 17:30 . 2008-05-05 20:08 -------- d-----w- c:\program files\FileZilla FTP Client

2010-08-26 17:22 . 2009-04-19 07:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus

2010-08-17 20:23 . 2009-09-13 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-12 16:45 . 2006-10-16 21:23 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-08-12 07:23 . 2006-10-16 21:56 -------- d-----w- c:\program files\Symantec

2010-08-12 07:10 . 2010-04-11 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-07-27 05:02 . 2010-07-27 05:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Tiapc

2009-04-19 10:46 . 2009-04-19 10:46 5723432 ----a-w- c:\program files\AdvrCntr4

2005-05-26 14:35 . 2010-03-13 05:08 1422 ----a-w- c:\program files\ReadMe.txt

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-12-09 17:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Tesco Insert Detect"="c:\program files\Tesco\Picture Suite\InsDetect.exe" [2003-02-17 262144]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-03-05 148776]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]

"{7D6E6726-29BD-82F3-C8AB-F1B8077980FB}"="c:\documents and settings\HP_Administrator\Application Data\Tiapc\eredi.exe" [2010-07-27 115712]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-16 180269]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2010-08-28 294912]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"ftutil2"="ftutil2.dll" [2004-06-07 106496]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]

"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-05 161064]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-03-05 1057064]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-28 466944]

"Hiyo"="c:\program files\HiYo\Bin\bin\HiYo.exe" [2010-06-14 255344]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2009-2-16 269824]

EZ-DUB Finder.lnk - c:\program files\INITIO\EZ-DUB Finder v1.3.45\inihid.exe [2010-3-13 176128]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2010-8-12 884840]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

miny.exe [2010-8-28 115712]

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-16 69120]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-16 69120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"=

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [16/03/2008 07:55 15172]

R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [01/08/2009 21:30 9600]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 08:57 390528]

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [19/04/2009 08:01 464264]

R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [19/04/2009 08:02 234888]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [16/10/2007 15:16 17149]

S2 gupdate1c9a98eff5a8023;Google Update Service (gupdate1c9a98eff5a8023);c:\program files\Google\Update\GoogleUpdate.exe [20/03/2009 20:06 133104]

S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [17/04/2007 20:59 30464]

S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [17/04/2007 20:59 12672]

S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [17/04/2007 20:59 40320]

S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [17/04/2007 20:59 32000]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-08-28 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-17 12:10]

2010-08-28 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktop

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - www.google.com

FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NP2020Player.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npcpbrkuk7.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npcsau7.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: c:\windows\system32\20-20 Technologies\3D Room Planner\NP2020Player.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false.

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-FBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

URLSearchHooks-F99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-PCDrProfiler - (no file)

AddRemove-Qloud Plug-in for iTunes - c:\program files\iTunes\Plug-Ins\Qloud\iTunesQLoudSetup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-28 16:13

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3016895886-430028113-3949317508-1007\Software\SecuROM\License information*]

"datasecu"=hex:3c,9c,d1,1e,08,60,0c,29,3e,51,7f,3c,d7,46,05,33,06,2a,fd,5d,38,

dc,c2,db,f3,6c,e9,a5,5f,be,0a,4a,95,35,30,e0,12,1b,85,22,98,b2,08,f1,d5,02,\

"rkeysecu"=hex:72,6e,f2,2e,93,c6,fc,19,f3,84,65,38,d0,80,f5,3a

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7032)

c:\windows\system32\WININET.dll

c:\program files\Trusteer\Rapport\bin\rooksbas.dll

c:\progra~1\WINDOW~1\wmpband.dll

c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\arservice.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Nero\Nero 7\InCD\InCDsrv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Kontiki\KService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\mysql\bin\mysqld-nt.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\RTHDCPL.EXE

c:\windows\ARPWRMSG.EXE

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\system32\dllhost.exe

c:\hp\KBD\KBD.EXE

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\eHome\ehmsas.exe

c:\windows\system\hpsysdrv.exe

c:\program files\Java\jre1.5.0_06\bin\jusched.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\windows\system32\dwwin.exe

.

**************************************************************************

.

Completion time: 2010-08-28 16:28:41 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-28 15:28

Pre-Run: 46,249,521,152 bytes free

Post-Run: 85,626,241,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 7487E8D401F82388537C1B91EA9CD87C

Link to post
Share on other sites

OTL logfile created on: 28/08/2010 17:43:54 - Run 2

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 179.56 Gb Total Space | 79.76 Gb Free Space | 44.42% Space Free | Partition Type: NTFS

Drive D: | 6.73 Gb Total Space | 0.58 Gb Free Space | 8.64% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 76.33 Gb Total Space | 35.13 Gb Free Space | 46.03% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive L: | 698.64 Gb Total Space | 159.57 Gb Free Space | 22.84% Space Free | Partition Type: NTFS

Computer Name: DICKINSON

Current User Name: HP_Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/28 17:43:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL (1).exe

PRC - [2010/08/28 16:05:01 | 001,175,552 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exe

PRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2010/06/14 18:41:23 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\Bin\HiYo.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

PRC - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2009/02/27 13:18:50 | 000,015,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

PRC - [2009/02/16 13:11:44 | 000,269,824 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe

PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

PRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2008/07/11 18:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

PRC - [2008/03/05 13:18:14 | 000,910,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2008/03/05 13:18:02 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2008/03/05 13:15:30 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe

PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe

PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe

PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/12/07 10:34:00 | 000,176,128 | ---- | M] () -- C:\Program Files\INITIO\EZ-DUB Finder v1.3.45\inihid.exe

PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2007/07/28 14:36:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/10/16 22:32:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2006/09/11 07:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

PRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe

PRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe

PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe

PRC - [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe

PRC - [2003/02/17 12:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Tesco\Picture Suite\InsDetect.exe

========== Modules (SafeList) ==========

MOD - [2010/08/28 17:43:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL (1).exe

MOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll

MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/08/28 16:05:01 | 001,175,552 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)

SRV - [2010/08/28 15:51:45 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)

SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)

SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)

SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)

SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)

SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)

DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)

DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)

DRV - [2010/03/01 08:57:39 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)

DRV - [2008/03/16 07:55:41 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)

DRV - [2008/03/05 13:15:42 | 000,039,208 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2008/03/05 13:15:40 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2008/03/05 13:15:36 | 000,108,328 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)

DRV - [2007/04/17 21:05:13 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)

DRV - [2007/04/17 20:59:10 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)

DRV - [2007/04/17 20:59:10 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)

DRV - [2007/04/17 20:59:10 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)

DRV - [2006/10/16 22:57:45 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)

DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)

DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)

DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)

DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)

DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)

DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)

DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)

DRV - [2006/04/05 05:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/02/27 13:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)

DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a33fa729-d155-4b23-842b-2c665ecabdb6}:2.0.2.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 12:21:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 08:27:46 | 000,000,000 | ---D | M]

[2008/08/27 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions

[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions

[2009/09/05 08:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/10 10:59:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/05/05 11:12:01 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}

[2009/04/19 08:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/04/20 07:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/08/28 08:47:55 | 001,445,888 | ---- | M] (20-20 Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NP2020Player.dll

[2010/08/28 08:47:56 | 000,151,552 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll

[2010/08/28 08:47:56 | 000,274,432 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll

[2010/08/28 08:47:56 | 000,177,664 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dll

O1 HOSTS File: ([2010/08/28 16:09:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Yahoo!

Link to post
Share on other sites

Hi, lets do that with a script. :P

CF-SCRIPT

-------------

Open notepad and copy/paste the text in the quotebox below into it:

<http://forums.malwarebytes.org/index.php?showtopic=61443&view=findpost&p=306102>

Collect::
c:\Program Files\Microsoft\DesktopLayer.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

Link to post
Share on other sites

Hope this is right :P

ComboFix 10-08-27.03 - HP_Administrator 28/08/2010 20:58:56.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1983.1288 [GMT 1:00]

Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

file zipped: c:\program files\Microsoft\DesktopLayer.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\HP_Administrator\Application Data\Tiapc\eredi.exe

c:\program files\Internet Explorer\complete.dat

c:\program files\Internet Explorer\dmlconf.dat

c:\program files\Microsoft\DesktopLayer.exe

c:\windows\ExplorerSrv.exe

.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 )))))))))))))))))))))))))))))))

.

2010-08-28 20:15 . 2010-08-28 20:15 40448 ----a-w- c:\windows\ExplorerSrv.exe

2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2010-08-28 10:52 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-28 10:52 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-26 17:34 . 2010-08-28 15:10 -------- d-----w- c:\program files\temp

2010-08-21 08:14 . 2010-08-21 08:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\fltk.org

2010-08-17 17:44 . 2010-08-17 17:44 -------- d--h--w- c:\windows\msdownld.tmp

2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PCHealth

2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-08-12 16:45 . 2005-09-05 10:21 362944 ----a-w- c:\windows\system32\drivers\WG11TND5.sys

2010-08-12 16:45 . 2005-07-27 20:15 149392 ----a-w- c:\windows\system32\drivers\ar5523.bin

2010-08-12 08:28 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-08-12 08:19 . 2010-08-12 08:19 -------- d-----w- c:\program files\Microsoft Security Essentials

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-28 20:20 . 2008-08-17 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki

2010-08-28 20:15 . 2009-09-22 12:45 -------- d-----w- c:\program files\Microsoft

2010-08-28 20:13 . 2010-07-27 05:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Tiapc

2010-08-28 19:49 . 2010-03-05 21:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Goix

2010-08-28 19:47 . 2010-06-22 18:54 -------- d-----w- c:\program files\iTunes

2010-08-28 15:11 . 2010-05-31 11:20 -------- d-----w- c:\program files\QuickTime

2010-08-28 14:56 . 2006-10-16 21:32 -------- d-----w- c:\program files\HP DigitalMedia Archive

2010-08-28 12:20 . 2008-09-12 16:32 -------- d-----w- c:\program files\MediaCoderSE

2010-08-28 12:20 . 2009-04-24 16:55 -------- d-----w- c:\program files\VirtualDJ

2010-08-28 12:19 . 2008-11-26 17:00 -------- d-----w- c:\program files\YASAMP4Converter

2010-08-28 11:12 . 2008-05-15 04:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ygfehi

2010-08-28 11:03 . 2008-11-19 15:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Regou

2010-08-28 07:33 . 2009-04-21 19:16 -------- d-----w- c:\program files\7-Zip

2010-08-28 07:33 . 2009-07-24 18:53 -------- d-----w- c:\program files\ABC Amber LIT Converter

2010-08-28 07:33 . 2010-01-19 18:14 -------- d-----w- c:\program files\AIM

2010-08-28 07:33 . 2009-08-31 08:17 -------- d-----w- c:\program files\AmazingMIDI

2010-08-28 07:33 . 2010-05-21 18:02 -------- d-----w- c:\program files\AutoGK

2010-08-28 07:32 . 2006-10-16 21:34 -------- d---a-w- c:\program files\Common Files\LightScribe

2010-08-28 07:32 . 2008-04-13 15:39 -------- d-----w- c:\program files\Common Files\Macromedia

2010-08-28 07:31 . 2006-10-16 21:28 -------- d-----w- c:\program files\Common Files\Sonic Shared

2010-08-28 07:31 . 2006-10-16 21:33 -------- d-----w- c:\program files\Common Files\SureThing Shared

2010-08-28 07:31 . 2008-07-03 13:08 -------- d-----w- c:\program files\Coupon Printer

2010-08-28 07:31 . 2008-03-06 16:43 -------- d-----w- c:\program files\DVD Decrypter

2010-08-28 07:31 . 2009-05-02 17:46 -------- d-----w- c:\program files\DVD2one V2

2010-08-28 07:31 . 2006-10-16 21:01 -------- d-----w- c:\program files\EnglishOtto

2010-08-28 07:30 . 2009-07-17 07:27 -------- d-----w- c:\program files\Free MKV Video2Dvd

2010-08-28 07:30 . 2006-10-16 21:01 -------- d-----w- c:\program files\GemMaster

2010-08-28 07:29 . 2009-08-30 11:03 -------- d-----w- c:\program files\Guitar Pro 5

2010-08-28 07:27 . 2006-10-16 21:47 -------- d-----w- c:\program files\PC-Doctor 5 for Windows

2010-08-28 07:27 . 2009-03-14 15:21 -------- d-----w- c:\program files\Qloud

2010-08-28 07:26 . 2009-04-19 07:01 -------- d-----w- c:\program files\Vuze

2010-08-28 07:26 . 2007-08-06 13:24 -------- d-----w- c:\program files\Xvid

2010-08-28 07:26 . 2009-04-19 10:35 -------- d-----w- c:\program files\Zipeg

2010-08-27 19:11 . 2010-06-06 13:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Facebook

2010-08-27 13:45 . 2008-12-22 00:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Izzyfa

2010-08-27 09:20 . 2009-05-30 13:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ogni

2010-08-26 19:36 . 2006-10-16 21:33 -------- d-----w- c:\program files\Sonic

2010-08-26 17:30 . 2008-05-05 20:08 -------- d-----w- c:\program files\FileZilla FTP Client

2010-08-26 17:22 . 2009-04-19 07:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus

2010-08-17 20:23 . 2009-09-13 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-12 16:45 . 2006-10-16 21:23 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-08-12 07:23 . 2006-10-16 21:56 -------- d-----w- c:\program files\Symantec

2010-08-12 07:10 . 2010-04-11 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-04-19 10:46 . 2009-04-19 10:46 5723432 ----a-w- c:\program files\AdvrCntr4

2005-05-26 14:35 . 2010-03-13 05:08 1422 ----a-w- c:\program files\ReadMe.txt

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-12-09 17:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Tesco Insert Detect"="c:\program files\Tesco\Picture Suite\InsDetect.exe" [2003-02-17 262144]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-03-05 148776]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]

"{7D6E6726-29BD-82F3-C8AB-F1B8077980FB}"="c:\documents and settings\HP_Administrator\Application Data\Raidko\ekgup.exe" [2007-10-05 115712]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-16 180269]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2010-08-28 294912]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"ftutil2"="ftutil2.dll" [2004-06-07 106496]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]

"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-05 161064]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-03-05 1057064]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-28 466944]

"Hiyo"="c:\program files\HiYo\Bin\bin\HiYo.exe" [2010-06-14 255344]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2009-2-16 269824]

EZ-DUB Finder.lnk - c:\program files\INITIO\EZ-DUB Finder v1.3.45\inihid.exe [2010-3-13 221184]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2010-8-12 884840]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

miny.exe [2010-8-28 115712]

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-16 69120]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-16 69120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"=

"c:\\WINDOWS\\explorer.exe"=

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [16/03/2008 07:55 15172]

R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [01/08/2009 21:30 9600]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 08:57 390528]

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [19/04/2009 08:01 464264]

R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [19/04/2009 08:02 234888]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [16/10/2007 15:16 17149]

S2 gupdate1c9a98eff5a8023;Google Update Service (gupdate1c9a98eff5a8023);c:\program files\Google\Update\GoogleUpdate.exe [20/03/2009 20:06 133104]

S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [17/04/2007 20:59 30464]

S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [17/04/2007 20:59 12672]

S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [17/04/2007 20:59 40320]

S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [17/04/2007 20:59 32000]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-08-28 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-17 12:10]

2010-08-28 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktop

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - www.google.com

FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-28 21:18

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3016895886-430028113-3949317508-1007\Software\SecuROM\License information*]

"datasecu"=hex:3c,9c,d1,1e,08,60,0c,29,3e,51,7f,3c,d7,46,05,33,06,2a,fd,5d,38,

dc,c2,db,f3,6c,e9,a5,5f,be,0a,4a,95,35,30,e0,12,1b,85,22,98,b2,08,f1,d5,02,\

"rkeysecu"=hex:72,6e,f2,2e,93,c6,fc,19,f3,84,65,38,d0,80,f5,3a

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6776)

c:\windows\system32\WININET.dll

c:\program files\Trusteer\Rapport\bin\rooksbas.dll

c:\progra~1\WINDOW~1\wmpband.dll

c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\arservice.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Nero\Nero 7\InCD\InCDsrv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Kontiki\KService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\mysql\bin\mysqld-nt.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\RTHDCPL.EXE

c:\windows\ARPWRMSG.EXE

c:\hp\KBD\KBD.EXE

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\eHome\ehmsas.exe

c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\windows\system32\dwwin.exe

c:\windows\system\hpsysdrv.exe

c:\program files\Java\jre1.5.0_06\bin\jusched.exe

.

**************************************************************************

.

Completion time: 2010-08-28 21:31:56 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-28 20:31

ComboFix2.txt 2010-08-28 15:28

Pre-Run: 85,759,668,224 bytes free

Post-Run: 85,662,302,208 bytes free

- - End Of File - - 7D0F0A968EDDC9B47DE8BCBEE1FCC9BE

Link to post
Share on other sites

Please visit this site and follow the instructions for uploading the C:\Qoobox\Quarantine\[4]-Submit_2010-xx-xx@xx.xx.zipfile. (xx is date/time)

Its now time to clean up some leftovers, but before doing so, I want to make sure the infection is no longer active, therefore please post me a new OTL log.

Link to post
Share on other sites

File uploaded and here is the new otl log :P

OTL logfile created on: 29/08/2010 10:35:39 - Run 3

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 179.56 Gb Total Space | 79.79 Gb Free Space | 44.44% Space Free | Partition Type: NTFS

Drive D: | 6.73 Gb Total Space | 0.58 Gb Free Space | 8.64% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 76.33 Gb Total Space | 35.13 Gb Free Space | 46.03% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive L: | 698.64 Gb Total Space | 159.57 Gb Free Space | 22.84% Space Free | Partition Type: NTFS

Computer Name: DICKINSON

Current User Name: HP_Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/28 20:37:26 | 000,221,184 | ---- | M] () -- C:\Program Files\INITIO\EZ-DUB Finder v1.3.45\inihid.exe

PRC - [2010/08/28 16:05:01 | 001,175,552 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exe

PRC - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe

PRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2010/06/14 18:41:23 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\Bin\HiYo.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe

PRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

PRC - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

PRC - [2009/02/16 13:11:44 | 000,269,824 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe

PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

PRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2008/07/11 18:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

PRC - [2008/03/05 13:18:14 | 000,910,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2008/03/05 13:18:02 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2008/03/05 13:15:30 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe

PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe

PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe

PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2007/07/28 14:36:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/10/16 22:32:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2006/09/11 07:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

PRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe

PRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe

PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe

PRC - [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe

PRC - [2003/02/17 12:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Tesco\Picture Suite\InsDetect.exe

========== Modules (SafeList) ==========

MOD - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe

MOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll

MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/08/28 16:05:01 | 001,175,552 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)

SRV - [2010/08/28 15:51:45 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)

SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)

SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)

SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)

SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)

SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)

DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)

DRV - [2010/03/01 08:57:39 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)

DRV - [2008/03/16 07:55:41 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)

DRV - [2008/03/05 13:15:42 | 000,039,208 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2008/03/05 13:15:40 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2008/03/05 13:15:36 | 000,108,328 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)

DRV - [2007/04/17 21:05:13 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)

DRV - [2007/04/17 20:59:10 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)

DRV - [2007/04/17 20:59:10 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)

DRV - [2007/04/17 20:59:10 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)

DRV - [2006/10/16 22:57:45 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)

DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)

DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)

DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)

DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)

DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)

DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)

DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)

DRV - [2006/04/05 05:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/02/27 13:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)

DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a33fa729-d155-4b23-842b-2c665ecabdb6}:2.0.2.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 12:21:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 08:27:46 | 000,000,000 | ---D | M]

[2008/08/27 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions

[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions

[2009/09/05 08:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/10 10:59:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/05/05 11:12:01 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}

[2009/04/19 08:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/04/20 07:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/08/28 08:47:55 | 001,445,888 | ---- | M] (20-20 Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NP2020Player.dll

[2010/08/28 08:47:56 | 000,151,552 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll

[2010/08/28 08:47:56 | 000,274,432 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll

[2010/08/28 08:47:56 | 000,177,664 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dll

O1 HOSTS File: ([2010/08/28 21:15:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Yahoo!

Link to post
Share on other sites

Unfortunately not yet...

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    O4 - HKCU..\Run: [{7D6E6726-29BD-82F3-C8AB-F1B8077980FB}] C:\Documents and Settings\HP_Administrator\Application Data\Raidko\ekgup.exe ()

    :files
    c:\Program Files\Microsoft\DesktopLayer.exe

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

When done post me also a new OTL log.

Link to post
Share on other sites

otl fix log

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{7D6E6726-29BD-82F3-C8AB-F1B8077980FB} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D6E6726-29BD-82F3-C8AB-F1B8077980FB}\ not found.

C:\Documents and Settings\HP_Administrator\Application Data\Raidko\ekgup.exe moved successfully.

========== FILES ==========

File move failed. c:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 41 bytes

User: HP_Administrator

->Temp folder emptied: 764205 bytes

->Temporary Internet Files folder emptied: 2297955 bytes

->Java cache emptied: 38689583 bytes

->FireFox cache emptied: 80627518 bytes

->Google Chrome cache emptied: 272378744 bytes

->Apple Safari cache emptied: 14336 bytes

->Flash cache emptied: 2141171 bytes

User: LocalService

->Temp folder emptied: 65748 bytes

->Temporary Internet Files folder emptied: 82266 bytes

User: NetworkService

->Temp folder emptied: 7710 bytes

->Temporary Internet Files folder emptied: 49286 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 5505024 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 31517 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 3154934 bytes

Total Files Cleaned = 387.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08292010_113313

Files\Folders moved on Reboot...

File move failed. c:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

The latest otl log

OTL logfile created on: 29/08/2010 12:08:59 - Run 4

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 179.56 Gb Total Space | 80.22 Gb Free Space | 44.67% Space Free | Partition Type: NTFS

Drive D: | 6.73 Gb Total Space | 0.58 Gb Free Space | 8.64% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 76.33 Gb Total Space | 35.13 Gb Free Space | 46.03% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive L: | 698.64 Gb Total Space | 159.57 Gb Free Space | 22.84% Space Free | Partition Type: NTFS

Computer Name: DICKINSON

Current User Name: HP_Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/29 11:02:38 | 000,221,184 | ---- | M] () -- C:\Program Files\INITIO\EZ-DUB Finder v1.3.45\inihid.exe

PRC - [2010/08/29 11:00:35 | 001,175,552 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exe

PRC - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe

PRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2010/06/14 18:41:23 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\Bin\HiYo.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

PRC - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

PRC - [2009/02/16 13:11:44 | 000,269,824 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe

PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

PRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2008/07/11 18:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

PRC - [2008/03/05 13:18:14 | 000,910,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2008/03/05 13:18:02 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2008/03/05 13:15:30 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe

PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe

PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe

PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2007/07/28 14:36:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/10/16 22:32:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2006/09/11 07:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

PRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe

PRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe

PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe

PRC - [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe

PRC - [2003/02/17 12:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Tesco\Picture Suite\InsDetect.exe

========== Modules (SafeList) ==========

MOD - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe

MOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll

MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/08/29 11:00:35 | 001,175,552 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)

SRV - [2010/08/28 15:51:45 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)

SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)

SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)

SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)

SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)

SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)

DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)

DRV - [2010/03/01 08:57:39 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)

DRV - [2008/03/16 07:55:41 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)

DRV - [2008/03/05 13:15:42 | 000,039,208 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2008/03/05 13:15:40 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2008/03/05 13:15:36 | 000,108,328 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)

DRV - [2007/04/17 21:05:13 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)

DRV - [2007/04/17 20:59:10 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)

DRV - [2007/04/17 20:59:10 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)

DRV - [2007/04/17 20:59:10 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)

DRV - [2006/10/16 22:57:45 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)

DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)

DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)

DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)

DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)

DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)

DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)

DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)

DRV - [2006/04/05 05:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/02/27 13:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)

DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a33fa729-d155-4b23-842b-2c665ecabdb6}:2.0.2.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 12:21:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 08:27:46 | 000,000,000 | ---D | M]

[2008/08/27 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions

[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions

[2009/09/05 08:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/10 10:59:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/05/05 11:12:01 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}

[2009/04/19 08:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/04/20 07:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/08/28 08:47:55 | 001,445,888 | ---- | M] (20-20 Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NP2020Player.dll

[2010/08/28 08:47:56 | 000,151,552 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll

[2010/08/28 08:47:56 | 000,274,432 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll

[2010/08/28 08:47:56 | 000,177,664 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dll

O1 HOSTS File: ([2010/08/28 21:15:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Yahoo!

Link to post
Share on other sites

No luck there. Lets do some cleaning first.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png


      There is a small chance ESET will detect/delete the userinit hijack. For that reason, make sure not to delete the following file if detected!
      c:\program files\microsoft\desktoplayer.exe
      Do not allow ESET to remove found threats at first scan. Only if you see the above mentioned file is not detected, you can do that, otherwise just post the scan log.
Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4505

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.11

30/08/2010 17:26:46

mbam-log-2010-08-30 (17-26-46).txt

Scan type: Full scan (C:\|D:\|F:\|L:\|)

Objects scanned: 393950

Time elapsed: 5 hour(s), 13 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 13

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{7d6e6726-29bd-82f3-c8ab-f1b8077980fb} (Trojan.ZbotR.Gen) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\mysql\bin\mysqld-ntSrv.exe (Heuristics.Shuriken) -> No action taken.

C:\WINDOWS\ExplorerSrv.exe (Heuristics.Shuriken) -> No action taken.

C:\_OTL\MovedFiles\08292010_113313\c_Program Files\Microsoft\DesktopLayer.exe (Heuristics.Shuriken) -> No action taken.

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32InfoSrv.exe (Spyware.Passwords) -> No action taken.

C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxxSrv.exe (Spyware.Passwords) -> No action taken.

C:\Program Files\HP DigitalMedia Archive\DMASchedulerSrv.exe (Spyware.Passwords) -> No action taken.

C:\Program Files\INITIO\EZ-DUB Finder v1.3.45\inihidSrv.exe (Spyware.Passwords) -> No action taken.

C:\Program Files\iTunes\iTunesHelperSrv.exe (Spyware.Passwords) -> No action taken.

C:\Program Files\QuickTime\QTTaskSrv.exe (Spyware.Passwords) -> No action taken.

C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOpSrv.exe (Spyware.Passwords) -> No action taken.

C:\Qoobox\Quarantine\C\Program Files\Microsoft\DesktopLayer.exe.vir (Spyware.Passwords) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\explorerSrv.exe.vir (Spyware.Passwords) -> No action taken.

C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> No action taken.

Link to post
Share on other sites

i have removed all items, rebooted and here is the latest otl log, hope this helps :blush:

OTL logfile created on: 30/08/2010 18:23:03 - Run 5

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 179.56 Gb Total Space | 79.37 Gb Free Space | 44.20% Space Free | Partition Type: NTFS

Drive D: | 6.73 Gb Total Space | 0.60 Gb Free Space | 8.85% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 76.33 Gb Total Space | 35.13 Gb Free Space | 46.03% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive L: | 698.64 Gb Total Space | 159.58 Gb Free Space | 22.84% Space Free | Partition Type: NTFS

Computer Name: DICKINSON

Current User Name: HP_Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/29 11:02:38 | 000,221,184 | ---- | M] () -- C:\Program Files\INITIO\EZ-DUB Finder v1.3.45\inihid.exe

PRC - [2010/08/29 11:00:35 | 001,175,552 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exe

PRC - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe

PRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2010/06/14 18:41:23 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\Bin\HiYo.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

PRC - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

PRC - [2009/02/16 13:11:44 | 000,269,824 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe

PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

PRC - [2008/11/04 01:44:24 | 000,435,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE

PRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2008/07/11 18:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

PRC - [2008/03/05 13:18:14 | 000,910,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2008/03/05 13:18:02 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2008/03/05 13:15:30 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe

PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe

PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe

PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2007/07/28 14:36:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/10/16 22:32:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2006/09/11 07:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

PRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe

PRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe

PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe

PRC - [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe

PRC - [2003/02/17 12:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Tesco\Picture Suite\InsDetect.exe

========== Modules (SafeList) ==========

MOD - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe

MOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll

MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/08/29 11:00:35 | 001,175,552 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)

SRV - [2010/08/28 15:51:45 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)

SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)

SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)

SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)

SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)

SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)

DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)

DRV - [2010/03/01 08:57:39 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)

DRV - [2008/03/16 07:55:41 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)

DRV - [2008/03/05 13:15:42 | 000,039,208 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2008/03/05 13:15:40 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2008/03/05 13:15:36 | 000,108,328 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)

DRV - [2007/04/17 21:05:13 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)

DRV - [2007/04/17 20:59:10 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)

DRV - [2007/04/17 20:59:10 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)

DRV - [2007/04/17 20:59:10 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)

DRV - [2006/10/16 22:57:45 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)

DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)

DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)

DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)

DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)

DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)

DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)

DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)

DRV - [2006/04/05 05:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/02/27 13:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)

DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a33fa729-d155-4b23-842b-2c665ecabdb6}:2.0.2.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 12:21:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/29 15:58:56 | 000,000,000 | ---D | M]

[2008/08/27 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions

[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions

[2009/09/05 08:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/10 10:59:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/05/05 11:12:01 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}

[2009/04/19 08:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/04/20 07:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/08/28 08:47:55 | 001,400,832 | ---- | M] (20-20 Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NP2020Player.dll

[2010/08/28 08:47:56 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll

[2010/08/28 08:47:56 | 000,229,376 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll

[2010/08/28 08:47:56 | 000,135,680 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dll

O1 HOSTS File: ([2010/08/28 21:15:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Yahoo!

Link to post
Share on other sites

Please delete your old copy of combofix and download a new one.

Then, run OTL, and copy/paste the following text into the runbox:

:commands
[emptytemp]

. Click Run Fix and immediately after the reboot, run Combofix as follows:

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

File::
L:\0969b4bf15330f14cd54\i386\filterpipelineprintproc.dll
L:\0969b4bf15330f14cd54\i386\mxdwdrv.dll
L:\0969b4bf15330f14cd54\i386\xpssvcs.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 10-08-29.04 - HP_Administrator 30/08/2010 20:39:33.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1983.1205 [GMT 1:00]

Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\HP_Administrator\My Documents\Downloads\CFScript.txt

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

* Created a new restore point

FILE ::

"l:\0969b4bf15330f14cd54\i386\filterpipelineprintproc.dll"

"l:\0969b4bf15330f14cd54\i386\mxdwdrv.dll"

"l:\0969b4bf15330f14cd54\i386\xpssvcs.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Internet Explorer\complete.dat

c:\program files\Internet Explorer\dmlconf.dat

c:\program files\Microsoft\DesktopLayer.exe

l:\0969b4bf15330f14cd54\i386\filterpipelineprintproc.dll

l:\0969b4bf15330f14cd54\i386\mxdwdrv.dll

l:\0969b4bf15330f14cd54\i386\xpssvcs.dll

.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))

.

2010-08-29 12:43 . 2010-08-29 12:43 -------- d-----w- c:\program files\ESET

2010-08-29 10:33 . 2010-08-29 10:33 -------- d-----w- C:\_OTL

2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2010-08-28 10:52 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-28 10:52 . 2010-08-30 11:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-28 10:52 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-27 19:48 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{97D0B0DB-6D31-4E9E-810F-DC8C6DC7B60A}-demo32.exe

2010-08-27 19:08 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{E46F4510-28C6-49C8-BB7F-7E25A7A2D0C3}-demo32.exe

2010-08-27 18:14 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5B5792AC-466A-43DB-9379-A0D9FE29C162}-demo32.exe

2010-08-27 17:07 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{DE3EA373-27A6-4FE1-BB67-2E6D71067E70}-demo32.exe

2010-08-27 16:09 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{36D7BEFF-C19D-4F6A-AE3C-4BC3E609A720}-demo32.exe

2010-08-27 15:12 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D01D4CF6-E3FD-4991-9A83-0F983C00489D}-demo32.exe

2010-08-27 14:01 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{06C30791-2AF0-4850-BEAF-3C43B2EF37D9}-demo32.exe

2010-08-27 13:09 . 2010-08-28 14:39 229376 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D4E87346-F81F-4A9B-B1B5-B917179C4549}-Flanger_Lite.dll

2010-08-27 13:09 . 2010-08-28 14:39 98304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{A89EB5CE-4AF1-4229-B346-BDA3B59EEE84}-flanger.dll

2010-08-27 13:09 . 2010-08-28 14:38 228864 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{404851A4-8351-4E41-8F3A-A08494C9DDE3}-flanger_lite_8x.dll

2010-08-27 13:09 . 2010-08-28 14:38 49152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{83B04BC8-5FE1-4A02-8B97-666AC2E0F70B}-Echo.dll

2010-08-27 13:09 . 2010-08-28 14:38 143360 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{389FCACF-FA8F-4D80-A6E4-DEA45B215DAB}-Filters.dll

2010-08-27 13:09 . 2010-08-28 14:39 245760 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{CF0C9055-7D95-4BF7-9E4A-B697685FA106}-Cut.dll

2010-08-27 13:09 . 2010-08-28 14:38 49152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{534E29EF-6F56-4936-933D-C996705DDBED}-DFV Flanger.dll

2010-08-27 13:09 . 2010-08-28 14:39 557056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B1B7D4BD-5378-42C2-8A5F-7E8CF41C8AC0}-BeatGrid.dll

2010-08-27 13:09 . 2010-08-28 14:38 102400 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{11B94EE1-7A13-4E9E-B4F4-783AE5F486A4}-brake.dll

2010-08-27 13:09 . 2010-08-28 14:39 102400 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{A8E4A025-6C30-4C15-BD3F-2B5E9426576E}-backspin.dll

2010-08-27 13:09 . 2010-08-28 14:38 28672 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8FCB47E8-80C8-4074-8CC9-DFC3EC9283D3}-balance.dll

2010-08-27 13:09 . 2010-08-28 14:38 40960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5C6BDD2A-DD07-4EA6-AACB-8B2A2017F190}-Beat break.dll

2010-08-27 13:09 . 2010-08-28 14:38 36864 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6842D076-215F-4992-95FC-7FB8475C78B7}-AutoCut.dll

2010-08-27 12:59 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FA7772A5-0F1E-44FB-AC79-70630B19E43A}-demo32.exe

2010-08-27 12:01 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{DE6F499D-F730-4166-B32A-2DC84B318B7F}-demo32.exe

2010-08-27 10:57 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{43324295-C9D3-436C-BCE7-72679A7C1F8F}-demo32.exe

2010-08-26 19:00 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{AC3EB925-A6ED-4B76-B713-BC3BE6E88010}-demo32.exe

2010-08-26 17:34 . 2010-08-30 14:03 -------- d-----w- c:\program files\temp

2010-08-21 08:14 . 2010-08-21 08:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\fltk.org

2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PCHealth

2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-08-12 16:45 . 2005-09-05 10:21 362944 ----a-w- c:\windows\system32\drivers\WG11TND5.sys

2010-08-12 16:45 . 2005-07-27 20:15 149392 ----a-w- c:\windows\system32\drivers\ar5523.bin

2010-08-12 08:28 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-08-12 08:19 . 2010-08-12 08:19 -------- d-----w- c:\program files\Microsoft Security Essentials

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-30 19:49 . 2008-08-17 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki

2010-08-30 19:48 . 2009-09-22 12:45 -------- d-----w- c:\program files\Microsoft

2010-08-30 16:59 . 2010-06-22 18:54 -------- d-----w- c:\program files\iTunes

2010-08-30 16:54 . 2007-06-03 09:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azdix

2010-08-30 16:18 . 2009-02-13 10:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Utenk

2010-08-29 15:27 . 2009-04-19 10:35 -------- d-----w- c:\program files\Zipeg

2010-08-29 15:27 . 2008-11-26 17:00 -------- d-----w- c:\program files\YASAMP4Converter

2010-08-29 15:27 . 2007-08-06 13:24 -------- d-----w- c:\program files\Xvid

2010-08-29 15:25 . 2009-04-19 07:01 -------- d-----w- c:\program files\Vuze

2010-08-29 15:24 . 2009-04-24 16:55 -------- d-----w- c:\program files\VirtualDJ

2010-08-29 15:19 . 2010-05-31 11:20 -------- d-----w- c:\program files\QuickTime

2010-08-29 15:19 . 2009-03-14 15:21 -------- d-----w- c:\program files\Qloud

2010-08-29 15:19 . 2006-10-16 21:47 -------- d-----w- c:\program files\PC-Doctor 5 for Windows

2010-08-29 14:54 . 2008-09-12 16:32 -------- d-----w- c:\program files\MediaCoderSE

2010-08-29 14:48 . 2006-10-16 21:32 -------- d-----w- c:\program files\HP DigitalMedia Archive

2010-08-29 14:41 . 2009-08-30 11:03 -------- d-----w- c:\program files\Guitar Pro 5

2010-08-29 14:40 . 2006-10-16 21:01 -------- d-----w- c:\program files\GemMaster

2010-08-29 14:39 . 2009-07-17 07:27 -------- d-----w- c:\program files\Free MKV Video2Dvd

2010-08-29 14:37 . 2006-10-16 21:01 -------- d-----w- c:\program files\EnglishOtto

2010-08-29 14:36 . 2009-05-02 17:46 -------- d-----w- c:\program files\DVD2one V2

2010-08-29 14:36 . 2008-03-06 16:43 -------- d-----w- c:\program files\DVD Decrypter

2010-08-29 14:34 . 2008-07-03 13:08 -------- d-----w- c:\program files\Coupon Printer

2010-08-29 14:34 . 2006-10-16 21:33 -------- d-----w- c:\program files\Common Files\SureThing Shared

2010-08-29 14:33 . 2006-10-16 21:28 -------- d-----w- c:\program files\Common Files\Sonic Shared

2010-08-29 14:31 . 2008-04-13 15:39 -------- d-----w- c:\program files\Common Files\Macromedia

2010-08-29 14:31 . 2006-10-16 21:34 -------- d---a-w- c:\program files\Common Files\LightScribe

2010-08-29 14:24 . 2010-05-21 18:02 -------- d-----w- c:\program files\AutoGK

2010-08-29 14:24 . 2009-08-31 08:17 -------- d-----w- c:\program files\AmazingMIDI

2010-08-29 14:24 . 2010-01-19 18:14 -------- d-----w- c:\program files\AIM

2010-08-29 14:23 . 2009-07-24 18:53 -------- d-----w- c:\program files\ABC Amber LIT Converter

2010-08-29 14:23 . 2009-04-21 19:16 -------- d-----w- c:\program files\7-Zip

2010-08-29 13:18 . 2010-06-06 13:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Facebook

2010-08-29 10:33 . 2007-10-05 18:54 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Raidko

2010-08-29 09:45 . 2007-08-02 11:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Avmii

2010-08-28 20:13 . 2010-07-27 05:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Tiapc

2010-08-28 19:49 . 2010-03-05 21:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Goix

2010-08-28 14:46 . 2009-11-08 11:49 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2010-08-28 14:46 . 2010-01-10 09:59 340480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-08-28 14:46 . 2010-01-10 09:59 346624 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-08-28 14:46 . 2009-05-05 10:12 51200 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dll

2010-08-28 14:46 . 2009-05-05 10:12 114688 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\npmozax.dll

2010-08-28 14:46 . 2010-01-10 09:59 43008 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-08-28 14:46 . 2010-01-10 09:59 872960 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-08-28 14:46 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll

2010-08-28 14:38 . 2010-08-27 19:55 102400 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9425048F-740E-448D-A074-75C1D43CBF53}-karaoke.dll

2010-08-28 11:12 . 2008-05-15 04:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ygfehi

2010-08-28 11:03 . 2008-11-19 15:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Regou

2010-08-27 13:45 . 2008-12-22 00:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Izzyfa

2010-08-27 09:20 . 2009-05-30 13:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ogni

2010-08-26 19:36 . 2006-10-16 21:33 -------- d-----w- c:\program files\Sonic

2010-08-26 17:30 . 2008-05-05 20:08 -------- d-----w- c:\program files\FileZilla FTP Client

2010-08-26 17:22 . 2009-04-19 07:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus

2010-08-21 18:55 . 2010-07-16 17:18 452104 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\Update\setup3.12\setup.exe

2010-08-17 20:23 . 2009-09-13 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-12 16:45 . 2006-10-16 21:23 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-08-12 07:23 . 2006-10-16 21:56 -------- d-----w- c:\program files\Symantec

2010-08-12 07:10 . 2010-04-11 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll

2010-06-22 18:30 . 2010-06-22 18:30 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-22 18:16 . 2010-06-22 18:16 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

2010-06-14 14:30 . 2004-08-10 04:00 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 12:20 . 2009-02-22 10:04 427376 ----a-w- c:\documents and settings\HP_Administrator\Application Data\HiYo\Data\hiyo_install.exe

2010-06-06 13:26 . 2010-06-06 13:26 50354 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Facebook\uninstall.exe

2009-04-19 10:46 . 2009-04-19 10:46 5723432 ----a-w- c:\program files\AdvrCntr4

2005-05-26 14:35 . 2010-03-13 05:08 1422 ----a-w- c:\program files\ReadMe.txt

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-12-09 17:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Tesco Insert Detect"="c:\program files\Tesco\Picture Suite\InsDetect.exe" [2003-02-17 262144]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-03-05 148776]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-16 180269]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2010-08-28 249856]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"ftutil2"="ftutil2.dll" [2004-06-07 106496]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]

"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-05 161064]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-03-05 1057064]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-28 421888]

"Hiyo"="c:\program files\HiYo\Bin\bin\HiYo.exe" [2010-06-14 255344]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2009-2-16 269824]

EZ-DUB Finder.lnk - c:\program files\INITIO\EZ-DUB Finder v1.3.45\inihid.exe [2010-3-13 221184]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 303104]

McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2010-8-12 884840]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

ogydu.exe [2010-8-30 139776]

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-16 27136]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-16 27136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"=

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [16/03/2008 07:55 15172]

R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [01/08/2009 21:30 9600]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 08:57 390528]

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [19/04/2009 08:01 464264]

R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [19/04/2009 08:02 234888]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [16/10/2007 15:16 17149]

S2 gupdate1c9a98eff5a8023;Google Update Service (gupdate1c9a98eff5a8023);c:\program files\Google\Update\GoogleUpdate.exe [20/03/2009 20:06 133104]

S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [17/04/2007 20:59 30464]

S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [17/04/2007 20:59 12672]

S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [17/04/2007 20:59 40320]

S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [17/04/2007 20:59 32000]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-17 12:10]

2010-08-30 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktop

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - www.google.com

FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-30 20:49

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3016895886-430028113-3949317508-1007\Software\SecuROM\License information*]

"datasecu"=hex:3c,9c,d1,1e,08,60,0c,29,3e,51,7f,3c,d7,46,05,33,06,2a,fd,5d,38,

dc,c2,db,f3,6c,e9,a5,5f,be,0a,4a,95,35,30,e0,12,1b,85,22,98,b2,08,f1,d5,02,\

"rkeysecu"=hex:72,6e,f2,2e,93,c6,fc,19,f3,84,65,38,d0,80,f5,3a

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-08-30 20:53:05

ComboFix-quarantined-files.txt 2010-08-30 19:52

ComboFix2.txt 2010-08-28 20:31

ComboFix3.txt 2010-08-28 15:28

Pre-Run: 85,341,618,176 bytes free

Post-Run: 85,430,849,536 bytes free

- - End Of File - - 9E11A865E11637BD4BECF046EE60BE41

Link to post
Share on other sites

im getting good at these :)

OTL logfile created on: 31/08/2010 07:35:11 - Run 6

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 179.56 Gb Total Space | 79.52 Gb Free Space | 44.29% Space Free | Partition Type: NTFS

Drive D: | 6.73 Gb Total Space | 0.60 Gb Free Space | 8.85% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 76.33 Gb Total Space | 35.13 Gb Free Space | 46.03% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive L: | 698.64 Gb Total Space | 159.58 Gb Free Space | 22.84% Space Free | Partition Type: NTFS

Computer Name: DICKINSON

Current User Name: HP_Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/29 11:02:38 | 000,221,184 | ---- | M] () -- C:\Program Files\INITIO\EZ-DUB Finder v1.3.45\inihid.exe

PRC - [2010/08/29 11:00:35 | 001,175,552 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exe

PRC - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe

PRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2010/06/14 18:41:23 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\Bin\HiYo.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

PRC - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

PRC - [2009/02/16 13:11:44 | 000,269,824 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe

PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

PRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2008/07/11 18:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

PRC - [2008/03/05 13:18:02 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2008/03/05 13:15:30 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe

PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe

PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe

PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2007/07/28 14:36:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/10/16 22:32:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2006/09/11 07:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

PRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe

PRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe

PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe

PRC - [2003/02/17 12:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Tesco\Picture Suite\InsDetect.exe

========== Modules (SafeList) ==========

MOD - [2010/08/28 15:49:37 | 000,617,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe

MOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll

MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/08/29 11:00:35 | 001,175,552 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)

SRV - [2010/08/28 15:51:45 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)

SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)

SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)

SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)

SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)

SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)

DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)

DRV - [2010/03/01 08:57:39 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)

DRV - [2008/03/16 07:55:41 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)

DRV - [2008/03/05 13:15:42 | 000,039,208 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2008/03/05 13:15:40 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2008/03/05 13:15:36 | 000,108,328 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)

DRV - [2007/04/17 21:05:13 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)

DRV - [2007/04/17 20:59:10 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)

DRV - [2007/04/17 20:59:10 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)

DRV - [2007/04/17 20:59:10 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)

DRV - [2006/10/16 22:57:45 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)

DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)

DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)

DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)

DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)

DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)

DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)

DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)

DRV - [2006/04/05 05:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/02/27 13:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)

DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a33fa729-d155-4b23-842b-2c665ecabdb6}:2.0.2.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 12:21:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/29 15:58:56 | 000,000,000 | ---D | M]

[2008/08/27 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions

[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions

[2009/09/05 08:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/10 10:59:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/05/05 11:12:01 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}

[2009/04/19 08:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2010/02/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/04/20 07:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/08/28 08:47:55 | 001,400,832 | ---- | M] (20-20 Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NP2020Player.dll

[2010/08/28 08:47:56 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll

[2010/08/28 08:47:56 | 000,229,376 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll

[2010/08/28 08:47:56 | 000,135,680 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dll

O1 HOSTS File: ([2010/08/30 20:49:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Yahoo!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.