Elise Posted August 31, 2010 ID:307274 Share Posted August 31, 2010 What a pain is this one, just continues to recreate itself. I want to try one other "brute force" scanner, if that doesn't work, we can create a disk so we can do some offline scanning. Please let me know if you have your XP CD at hand.DR. WEB CUREIT----------------------Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.alternate download linkNote: The file will be randomly named (i.e. 5mkuvc4z.exe).Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in Safe Mode.Scan with Dr.Web CureIt as follows:Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click No to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.Please be patient as this scan could take a long time to complete.When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.Click Select All, then choose Cure. Do NOT move incurable!!!In the top menu, click file and choose save report list.Save the DrWeb.csv report to your desktop.Exit Dr.Web Cureit when done.Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report) Link to post Share on other sites More sharing options...
dicko1981 Posted August 31, 2010 Author ID:307280 Share Posted August 31, 2010 I will do the dr.web scan and post results when it is complete.While it is doing that i have to let you know that my xp disc is no longer with me, it went missing when i moved a few years ago, is this gonna make things difficult?What sort of damage is this thing doing to my computer and off the record, what are the chances of getting rid of it?(sorry to be a pain ) Link to post Share on other sites More sharing options...
Elise Posted August 31, 2010 ID:307285 Share Posted August 31, 2010 Hi, we can do it also without an XP CD, by using a rescue disk. I want to give Kaspersky's a try.The problem with this virus is, it infects all kind of files (so far it does leave windows sytem files alone, which means there is still a good chance of recovering, although it may require you reinstall some of the applications you have in the end). We clean up components, but because there remain infected files, they recreate all active components that show in the logs.A rescue disk like Kaspersky's, scans all files off-line and with a bit of luck, is able to disinfect them. Link to post Share on other sites More sharing options...
dicko1981 Posted September 1, 2010 Author ID:307943 Share Posted September 1, 2010 Hi elsie, I have tried to run the dr web scan twice now, and both times it seems to freeze my computer up.It gets about 8 hours in, has found approx 60-70 threats and is only partway through the c drive?!?I followed your instructions to the letter, is it worth me trying to run it again or is the another option?Again, sorry for being a hassle Link to post Share on other sites More sharing options...
Elise Posted September 1, 2010 ID:307950 Share Posted September 1, 2010 Do you have your XP CD at hand? Link to post Share on other sites More sharing options...
dicko1981 Posted September 1, 2010 Author ID:307961 Share Posted September 1, 2010 nope, its been lost in transit! im useless aint i!! Link to post Share on other sites More sharing options...
Elise Posted September 1, 2010 ID:307987 Share Posted September 1, 2010 Not at all. Lets try the Avira rescue disk.Please go here: http://www.free-av.com/en/products/12/avir...cue_system.htmlAnd follow the instructions.Let it do a scan, but don't let it delete the desktoplayer.exe file since that can cause difficulties when booting, since Avira will have no possibility of accessing your registry and fixing the userinit value.To be on the safe side, you can post the scan results here before undertaking action. Link to post Share on other sites More sharing options...
dicko1981 Posted September 3, 2010 Author ID:308700 Share Posted September 3, 2010 i have done a scan using the default settings on the avira disc, it did find quite a few infected items infected items but didnt seem to include desktoplayer.exe.Was i meant to remove or repair or rename the items found?Plus I will have to run it again because i accidently rebooted and lost the results. Link to post Share on other sites More sharing options...
Elise Posted September 3, 2010 ID:308728 Share Posted September 3, 2010 As long as it didn't include the desktoplayer file, you can choose the Repair option. Let me know if it were able to repair/cure/disinfect these files. Link to post Share on other sites More sharing options...
dicko1981 Posted September 3, 2010 Author ID:308771 Share Posted September 3, 2010 the scan results were: records 85 that were not removable and warnings were 343 not completely scanned: part of multi volume archive.I couldnt figure out how to paste the entire log.hope this helps Link to post Share on other sites More sharing options...
Elise Posted September 3, 2010 ID:308774 Share Posted September 3, 2010 Can you copy a few of those to a text file and post them for me?That way I can see what they were about. Were there files that could be cleaned? Link to post Share on other sites More sharing options...
dicko1981 Posted September 3, 2010 Author ID:308775 Share Posted September 3, 2010 How would i go about copying the text across? i could right click and copy but then I cant paste it anywere until i rebooted then lost it the warnings were from video files and a lot of them appeared to be the same ones and the non removable files were all sorts. it didn't look like there were any files that could be cleaned Link to post Share on other sites More sharing options...
Elise Posted September 3, 2010 ID:308805 Share Posted September 3, 2010 What was the detection? Ramnit? If so, you have no other option than to delete them, because otherwise they will just keep reinfecting everything.The rescue disk should have a text editor in which you can copy, however, if you can't find it, just skip that part. Link to post Share on other sites More sharing options...
dicko1981 Posted September 3, 2010 Author ID:308849 Share Posted September 3, 2010 it seemed to have detected a different named virus, i will run the scan again and let you know but I really cant find the text editor at all, only a linux command line and thats way over my head.I really dont mind deleting everything off my computer apart from the essentials if it helps.p.s. sorry if im being useless Link to post Share on other sites More sharing options...
Elise Posted September 3, 2010 ID:308862 Share Posted September 3, 2010 No worries, just list me the name of the virus. Link to post Share on other sites More sharing options...
dicko1981 Posted September 4, 2010 Author ID:309263 Share Posted September 4, 2010 Hi ElsieI ran the avira disc again this morning and it seems to have removed the viruses it had picked up on yesterday.Hope this is a good sign Link to post Share on other sites More sharing options...
Elise Posted September 4, 2010 ID:309265 Share Posted September 4, 2010 Yes, time for a boot in normal mode. Please download a new copy of combofix, run it, post me the log and afterwards run another OTL quick scan and post me that log as well. Link to post Share on other sites More sharing options...
dicko1981 Posted September 4, 2010 Author ID:309304 Share Posted September 4, 2010 combo fix logComboFix 10-09-03.02 - HP_Administrator 04/09/2010 18:39:24.5.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1983.1132 [GMT 1:00]Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exeAV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\HP_Administrator\Application Data\Cibia\ufyl.exec:\program files\Internet Explorer\complete.datc:\program files\Internet Explorer\dmlconf.datL:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 ))))))))))))))))))))))))))))))).2010-08-31 07:37 . 2010-08-31 07:37 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb2010-08-29 12:43 . 2010-08-29 12:43 -------- d-----w- c:\program files\ESET2010-08-29 10:33 . 2010-08-29 10:33 -------- d-----w- C:\_OTL2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes2010-08-28 10:52 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-08-28 10:52 . 2010-08-30 11:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-08-28 10:52 . 2010-08-28 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-08-28 10:52 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-08-27 19:48 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{97D0B0DB-6D31-4E9E-810F-DC8C6DC7B60A}-demo32.exe2010-08-27 19:08 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{E46F4510-28C6-49C8-BB7F-7E25A7A2D0C3}-demo32.exe2010-08-27 18:14 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5B5792AC-466A-43DB-9379-A0D9FE29C162}-demo32.exe2010-08-27 17:07 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{DE3EA373-27A6-4FE1-BB67-2E6D71067E70}-demo32.exe2010-08-27 16:09 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{36D7BEFF-C19D-4F6A-AE3C-4BC3E609A720}-demo32.exe2010-08-27 15:12 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D01D4CF6-E3FD-4991-9A83-0F983C00489D}-demo32.exe2010-08-27 14:01 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{06C30791-2AF0-4850-BEAF-3C43B2EF37D9}-demo32.exe2010-08-27 13:09 . 2010-08-28 14:39 229376 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D4E87346-F81F-4A9B-B1B5-B917179C4549}-Flanger_Lite.dll2010-08-27 13:09 . 2010-08-28 14:39 98304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{A89EB5CE-4AF1-4229-B346-BDA3B59EEE84}-flanger.dll2010-08-27 13:09 . 2010-08-28 14:38 228864 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{404851A4-8351-4E41-8F3A-A08494C9DDE3}-flanger_lite_8x.dll2010-08-27 13:09 . 2010-08-28 14:38 49152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{83B04BC8-5FE1-4A02-8B97-666AC2E0F70B}-Echo.dll2010-08-27 13:09 . 2010-08-28 14:38 143360 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{389FCACF-FA8F-4D80-A6E4-DEA45B215DAB}-Filters.dll2010-08-27 13:09 . 2010-08-28 14:39 245760 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{CF0C9055-7D95-4BF7-9E4A-B697685FA106}-Cut.dll2010-08-27 13:09 . 2010-08-28 14:38 49152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{534E29EF-6F56-4936-933D-C996705DDBED}-DFV Flanger.dll2010-08-27 13:09 . 2010-08-28 14:39 557056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B1B7D4BD-5378-42C2-8A5F-7E8CF41C8AC0}-BeatGrid.dll2010-08-27 13:09 . 2010-08-28 14:38 102400 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{11B94EE1-7A13-4E9E-B4F4-783AE5F486A4}-brake.dll2010-08-27 13:09 . 2010-08-28 14:39 102400 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{A8E4A025-6C30-4C15-BD3F-2B5E9426576E}-backspin.dll2010-08-27 13:09 . 2010-08-28 14:38 28672 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{8FCB47E8-80C8-4074-8CC9-DFC3EC9283D3}-balance.dll2010-08-27 13:09 . 2010-08-28 14:38 40960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5C6BDD2A-DD07-4EA6-AACB-8B2A2017F190}-Beat break.dll2010-08-27 13:09 . 2010-08-28 14:38 36864 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6842D076-215F-4992-95FC-7FB8475C78B7}-AutoCut.dll2010-08-27 12:59 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FA7772A5-0F1E-44FB-AC79-70630B19E43A}-demo32.exe2010-08-27 12:01 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{DE6F499D-F730-4166-B32A-2DC84B318B7F}-demo32.exe2010-08-27 10:57 . 2010-08-28 14:38 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{43324295-C9D3-436C-BCE7-72679A7C1F8F}-demo32.exe2010-08-26 19:00 . 2010-08-28 14:39 528384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{AC3EB925-A6ED-4B76-B713-BC3BE6E88010}-demo32.exe2010-08-26 17:34 . 2010-08-31 17:41 -------- d-----w- c:\program files\temp2010-08-21 08:14 . 2010-08-21 08:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\fltk.org2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PCHealth2010-08-15 15:58 . 2010-08-15 15:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth2010-08-12 16:45 . 2005-09-05 10:21 362944 ----a-w- c:\windows\system32\drivers\WG11TND5.sys2010-08-12 16:45 . 2005-07-27 20:15 149392 ----a-w- c:\windows\system32\drivers\ar5523.bin2010-08-12 08:28 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe2010-08-12 08:19 . 2010-08-12 08:19 -------- d-----w- c:\program files\Microsoft Security Essentials.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-09-04 17:52 . 2008-08-17 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki2010-09-04 11:10 . 2009-05-02 20:13 -------- d-----w- c:\program files\DVD Shrink2010-09-02 11:52 . 2010-04-08 23:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Cibia2010-09-02 07:45 . 2008-06-02 08:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ovitez2010-09-01 16:03 . 2009-09-22 12:45 -------- d-----w- c:\program files\Microsoft2010-09-01 13:45 . 2010-06-22 18:54 -------- d-----w- c:\program files\iTunes2010-08-31 20:02 . 2009-04-19 07:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus2010-08-31 18:57 . 2010-07-16 17:18 452104 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\Update\setup3.12\setup.exe2010-08-31 07:33 . 2009-10-29 20:24 315392 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportSystemDlls\13837\RapportSystemDlls.dll2010-08-31 07:33 . 2010-07-01 11:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll2010-08-31 07:33 . 2010-03-01 07:57 249856 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll2010-08-30 16:54 . 2007-06-03 09:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azdix2010-08-30 16:18 . 2009-02-13 10:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Utenk2010-08-29 15:27 . 2009-04-19 10:35 -------- d-----w- c:\program files\Zipeg2010-08-29 15:27 . 2008-11-26 17:00 -------- d-----w- c:\program files\YASAMP4Converter2010-08-29 15:27 . 2007-08-06 13:24 -------- d-----w- c:\program files\Xvid2010-08-29 15:25 . 2009-04-19 07:01 -------- d-----w- c:\program files\Vuze2010-08-29 15:24 . 2009-04-24 16:55 -------- d-----w- c:\program files\VirtualDJ2010-08-29 15:19 . 2010-05-31 11:20 -------- d-----w- c:\program files\QuickTime2010-08-29 15:19 . 2009-03-14 15:21 -------- d-----w- c:\program files\Qloud2010-08-29 15:19 . 2006-10-16 21:47 -------- d-----w- c:\program files\PC-Doctor 5 for Windows2010-08-29 14:54 . 2008-09-12 16:32 -------- d-----w- c:\program files\MediaCoderSE2010-08-29 14:48 . 2006-10-16 21:32 -------- d-----w- c:\program files\HP DigitalMedia Archive2010-08-29 14:41 . 2009-08-30 11:03 -------- d-----w- c:\program files\Guitar Pro 52010-08-29 14:40 . 2006-10-16 21:01 -------- d-----w- c:\program files\GemMaster2010-08-29 14:39 . 2009-07-17 07:27 -------- d-----w- c:\program files\Free MKV Video2Dvd2010-08-29 14:37 . 2006-10-16 21:01 -------- d-----w- c:\program files\EnglishOtto2010-08-29 14:36 . 2009-05-02 17:46 -------- d-----w- c:\program files\DVD2one V22010-08-29 14:36 . 2008-03-06 16:43 -------- d-----w- c:\program files\DVD Decrypter2010-08-29 14:34 . 2008-07-03 13:08 -------- d-----w- c:\program files\Coupon Printer2010-08-29 14:34 . 2006-10-16 21:33 -------- d-----w- c:\program files\Common Files\SureThing Shared2010-08-29 14:33 . 2006-10-16 21:28 -------- d-----w- c:\program files\Common Files\Sonic Shared2010-08-29 14:31 . 2008-04-13 15:39 -------- d-----w- c:\program files\Common Files\Macromedia2010-08-29 14:31 . 2006-10-16 21:34 -------- d---a-w- c:\program files\Common Files\LightScribe2010-08-29 14:24 . 2010-05-21 18:02 -------- d-----w- c:\program files\AutoGK2010-08-29 14:24 . 2009-08-31 08:17 -------- d-----w- c:\program files\AmazingMIDI2010-08-29 14:24 . 2010-01-19 18:14 -------- d-----w- c:\program files\AIM2010-08-29 14:23 . 2009-07-24 18:53 -------- d-----w- c:\program files\ABC Amber LIT Converter2010-08-29 14:23 . 2009-04-21 19:16 -------- d-----w- c:\program files\7-Zip2010-08-29 13:18 . 2010-06-06 13:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Facebook2010-08-29 10:33 . 2007-10-05 18:54 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Raidko2010-08-29 09:45 . 2007-08-02 11:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Avmii2010-08-28 20:13 . 2010-07-27 05:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Tiapc2010-08-28 19:49 . 2010-03-05 21:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Goix2010-08-28 14:46 . 2009-11-08 11:49 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll2010-08-28 14:46 . 2010-01-10 09:59 340480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll2010-08-28 14:46 . 2010-01-10 09:59 346624 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll2010-08-28 14:46 . 2009-05-05 10:12 51200 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dll2010-08-28 14:46 . 2009-05-05 10:12 114688 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\npmozax.dll2010-08-28 14:46 . 2010-01-10 09:59 43008 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll2010-08-28 14:46 . 2010-01-10 09:59 872960 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll2010-08-28 14:46 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll2010-08-28 14:38 . 2010-08-27 19:55 102400 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9425048F-740E-448D-A074-75C1D43CBF53}-karaoke.dll2010-08-28 11:12 . 2008-05-15 04:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ygfehi2010-08-28 11:03 . 2008-11-19 15:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Regou2010-08-27 13:45 . 2008-12-22 00:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Izzyfa2010-08-27 09:20 . 2009-05-30 13:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ogni2010-08-26 19:36 . 2006-10-16 21:33 -------- d-----w- c:\program files\Sonic2010-08-26 17:30 . 2008-05-05 20:08 -------- d-----w- c:\program files\FileZilla FTP Client2010-08-17 20:23 . 2009-09-13 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-08-12 16:45 . 2006-10-16 21:23 -------- d--h--w- c:\program files\InstallShield Installation Information2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\program files\Common Files\Symantec Shared2010-08-12 08:07 . 2006-10-16 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec2010-08-12 07:23 . 2006-10-16 21:56 -------- d-----w- c:\program files\Symantec2010-08-12 07:10 . 2010-04-11 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton2010-06-22 18:30 . 2010-06-22 18:30 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe2010-06-22 18:16 . 2010-06-22 18:16 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe2010-06-14 14:30 . 2004-08-10 04:00 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe2010-06-14 12:20 . 2009-02-22 10:04 427376 ----a-w- c:\documents and settings\HP_Administrator\Application Data\HiYo\Data\hiyo_install.exe2009-04-19 10:46 . 2009-04-19 10:46 5723432 ----a-w- c:\program files\AdvrCntr42005-05-26 14:35 . 2010-03-13 05:08 1422 ----a-w- c:\program files\ReadMe.txt.((((((((((((((((((((((((((((( SnapShot@2010-08-30_19.49.23 ))))))))))))))))))))))))))))))))))))))))).+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\Temp\Perflib_Perfdata_2e78.dat+ 2010-09-04 16:43 . 2010-09-04 16:43 16384 c:\windows\Temp\Perflib_Perfdata_7cc.dat+ 2010-09-04 16:41 . 2010-09-04 16:41 16384 c:\windows\Temp\Perflib_Perfdata_788.dat+ 2010-09-02 09:46 . 2010-09-02 09:46 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe+ 2009-02-03 02:15 . 2010-09-02 09:46 5969360 c:\windows\system32\Macromed\Flash\NPSWF32.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]2008-12-09 17:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Tesco Insert Detect"="c:\program files\Tesco\Picture Suite\InsDetect.exe" [2003-02-17 262144]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-03-05 148776]"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-16 180269]"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2010-08-28 249856]"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"ftutil2"="ftutil2.dll" [2004-06-07 106496]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-05 161064]"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-03-05 1057064]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-28 421888]"Hiyo"="c:\program files\HiYo\Bin\bin\HiYo.exe" [2010-06-14 255344]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]c:\documents and settings\All Users\Start Menu\Programs\Startup\Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2009-2-16 269824]EZ-DUB Finder.lnk - c:\program files\INITIO\EZ-DUB Finder v1.3.45\inihid.exe [2010-3-13 176128]c:\documents and settings\Default User\Start Menu\Programs\Startup\ogydu.exe [2010-8-30 139776]Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-16 27136]PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-16 27136]umby.exe [2010-8-31 139776][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Kontiki\\KService.exe"="c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\AIM\\aim.exe"="c:\\Program Files\\Vuze\\Azureus.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"=R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [16/03/2008 07:55 15172]R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [01/08/2009 21:30 9600]R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 08:57 390528]R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [19/04/2009 08:01 464264]R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [19/04/2009 08:02 234888]R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [16/10/2007 15:16 17149]S2 gupdate1c9a98eff5a8023;Google Update Service (gupdate1c9a98eff5a8023);c:\program files\Google\Update\GoogleUpdate.exe [20/03/2009 20:06 133104]S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [17/04/2007 20:59 30464]S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [17/04/2007 20:59 12672]S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [17/04/2007 20:59 40320]S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [17/04/2007 20:59 32000][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder2010-09-04 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-17 12:10]2010-09-04 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.co.uk/uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktopuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktopuInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktopuInternet Settings,ProxyOverride = <local>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.comFF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.startup.homepage - www.google.comFF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dllFF - plugin: c:\documents and settings\HP_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dllFF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dllFF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dllFF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NP2020Player.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npcpbrkuk7.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npcsau7.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dllFF - plugin: c:\windows\system32\20-20 Technologies\3D Room Planner\NP2020Player.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----FF - user.js: network.cookie.cookieBehavior - 0FF - user.js: privacy.clearOnShutdown.cookies - falseFF - user.js: security.warn_viewing_mixed - falseFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: security.warn_submit_insecure - falseFF - user.js: security.warn_submit_insecure.show_once - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);.- - - - ORPHANS REMOVED - - - -HKCU-Run-{7D6E6726-29BD-82F3-C8AB-F1B8077980FB} - c:\documents and settings\HP_Administrator\Application Data\Cibia\ufyl.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-09-04 18:52Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\docume~1\HP_ADM~1\LOCALS~1\Temp\catchme.dllscan completed successfullyhidden files: 1**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-3016895886-430028113-3949317508-1007\Software\SecuROM\License information*]"datasecu"=hex:3c,9c,d1,1e,08,60,0c,29,3e,51,7f,3c,d7,46,05,33,06,2a,fd,5d,38, dc,c2,db,f3,6c,e9,a5,5f,be,0a,4a,95,35,30,e0,12,1b,85,22,98,b2,08,f1,d5,02,\"rkeysecu"=hex:72,6e,f2,2e,93,c6,fc,19,f3,84,65,38,d0,80,f5,3a.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(816)c:\windows\system32\Ati2evxx.dll.Completion time: 2010-09-04 18:56:30ComboFix-quarantined-files.txt 2010-09-04 17:56ComboFix2.txt 2010-08-30 19:53ComboFix3.txt 2010-08-28 20:31ComboFix4.txt 2010-08-28 15:28Pre-Run: 113,884,229,632 bytes freePost-Run: 113,867,096,064 bytes free- - End Of File - - B601D6167034263567DA4176C15B2F63 Link to post Share on other sites More sharing options...
Elise Posted September 4, 2010 ID:309307 Share Posted September 4, 2010 I'll wait for the OTL log. Link to post Share on other sites More sharing options...
dicko1981 Posted September 4, 2010 Author ID:309311 Share Posted September 4, 2010 whoops thought i'd posted it, thatll be the beer i had for lunch OTL logfile created on: 04/09/2010 19:20:35 - Run 7OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\DownloadsWindows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 179.56 Gb Total Space | 106.09 Gb Free Space | 59.09% Space Free | Partition Type: NTFSDrive D: | 6.73 Gb Total Space | 0.60 Gb Free Space | 8.85% Space Free | Partition Type: FAT32E: Drive not present or media not loadedDrive F: | 76.33 Gb Total Space | 35.13 Gb Free Space | 46.03% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive L: | 698.64 Gb Total Space | 169.80 Gb Free Space | 24.30% Space Free | Partition Type: NTFSComputer Name: DICKINSONCurrent User Name: HP_AdministratorLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/08/28 20:35:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL (1).exePRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exePRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exePRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exePRC - [2010/06/14 18:41:23 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\Bin\HiYo.exePRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exePRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exePRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exePRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exePRC - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exePRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEPRC - [2009/02/16 13:11:44 | 000,269,824 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exePRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exePRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exePRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exePRC - [2008/07/11 18:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exePRC - [2008/03/05 13:18:14 | 000,910,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exePRC - [2008/03/05 13:18:02 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exePRC - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exePRC - [2008/03/05 13:15:30 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exePRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exePRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exePRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exePRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exePRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exePRC - [2007/07/28 14:36:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2006/10/16 22:32:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2006/09/11 07:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exePRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exePRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exePRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exePRC - [2005/11/10 20:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exePRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exePRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exePRC - [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exePRC - [2003/02/17 12:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Tesco\Picture Suite\InsDetect.exe========== Modules (SafeList) ==========MOD - [2010/08/28 20:35:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL (1).exeMOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dllMOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dllMOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)SRV - [2010/08/29 11:00:36 | 001,130,496 | ---- | M] () [Auto | Stopped] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)SRV - [2010/08/28 15:51:45 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)SRV - [2009/04/21 11:38:22 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)SRV - [2008/03/05 13:15:44 | 000,864,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)DRV - [2010/03/01 08:57:39 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)DRV - [2008/03/16 07:55:41 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)DRV - [2008/03/05 13:15:42 | 000,039,208 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)DRV - [2008/03/05 13:15:40 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)DRV - [2008/03/05 13:15:36 | 000,108,328 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)DRV - [2007/04/17 21:05:13 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)DRV - [2007/04/17 20:59:10 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)DRV - [2007/04/17 20:59:10 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)DRV - [2007/04/17 20:59:10 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)DRV - [2006/10/16 22:57:45 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)DRV - [2006/04/05 05:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2006/02/27 13:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GoogleIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Google"FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="FF - prefs.js..browser.startup.homepage: "www.google.com"FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/02 10:42:10 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/02 10:42:10 | 000,000,000 | ---D | M][2008/08/27 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions[2010/09/02 18:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions[2010/09/02 10:57:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/01/10 10:59:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2009/05/05 11:12:01 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}[2009/04/19 08:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o54ydzgj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}[2010/09/02 10:57:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2007/04/20 07:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2010/08/28 08:47:55 | 001,400,832 | ---- | M] (20-20 Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NP2020Player.dll[2010/08/28 08:47:56 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll[2010/08/28 08:47:56 | 000,229,376 | ---- | M] (Couponstar Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrkuk7.dll[2010/08/28 08:47:56 | 000,135,680 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcsau7.dll[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xmlO1 HOSTS File: ([2010/09/04 18:52:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not foundO2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O3 - HKLM\..\Toolbar: (Yahoo! Link to post Share on other sites More sharing options...
Elise Posted September 4, 2010 ID:309316 Share Posted September 4, 2010 thatll be the beer i had for lunchYou sure deserve that, because finally I see no signs any components of the infection were regenerated. Time for an update: how are things running now?Also, do another scan with ESET and post me the log. Link to post Share on other sites More sharing options...
dicko1981 Posted September 4, 2010 Author ID:309326 Share Posted September 4, 2010 how are things running now?it all seems to be a bit quicker, but i've not really done much since its been infected. I will run the eset scan and post results when its done. Does this mean my computer will be virus free if things keep going as they are?Plus i'm pretty sure you deserve the beer, your doing all the hard work!! Link to post Share on other sites More sharing options...
Elise Posted September 4, 2010 ID:309336 Share Posted September 4, 2010 Depending a bit on what ESET still detects, you will need to update XP to service pack 3 (which only should be done when the active infection is gone), and Java should be updated.I also recommend you uninstall the Ask Toolbar using Add/Remove programs.After the ESET results, I'll give you more detailed instructions on this. Link to post Share on other sites More sharing options...
dicko1981 Posted September 5, 2010 Author ID:309487 Share Posted September 5, 2010 no threats found Link to post Share on other sites More sharing options...
Elise Posted September 5, 2010 ID:309513 Share Posted September 5, 2010 Okay, then its time for some updating. Please launch also MBAM, update it and run a full scan. Post me the resulting log.UPDATE XP--------------Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".Then go here to check for & install updates to Microsoft applications.Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.Please reboot and repeat the update process until there are no more updates to install.UPDATE JAVA------------------Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.Look for "JDK 6 Update 21 (JDK or JRE)".Click the "Download JRE" button to the right.Select your Platform: "Windows".Select your Language: "Multi-language".Read the License Agreement, and then check the box that says: "Accept License Agreement".Click Continue and the page will refresh.Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.When the Java Setup - Welcome window opens, click the Install > button.If offered to install a Toolbar, just uncheck the box before continuing unless you want it.-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer. Link to post Share on other sites More sharing options...
Recommended Posts