Jump to content

Desktop Security 2010


Recommended Posts

Hello h_bowden

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

  • 2 weeks later...

Hi Kahdah - sorry for the slow reply, I didn't expect a response so quickly!

I ran OTL.

The OTL.txt file is below;

OTL logfile created on: 10/11/2010 20:01:32 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Winxp user\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 619.00 Mb Available Physical Memory | 61.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 8.92 Gb Free Space | 23.93% Space Free | Partition Type: NTFS

Computer Name: WINXP-BE6D22B34 | User Name: Winxp user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Winxp user\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Corel\Corel Painter Essentials 4\Resources\Register\RegistrationUser.exe ()

PRC - C:\Program Files\Power Tab Software\Power Tab Editor 1.7\PowerPTEditor17080.exe ()

PRC - C:\Program Files\Firaxis Games\Civilization III Complete\Conquests\Conquests\WWII in the Pacific\Art\Units\Allied Carrier\CarrierAllied.exe ()

PRC - C:\Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe ()

PRC - C:\Documents and Settings\Winxp user\Application Data\Desktop Security\securitycenter.exe ()

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)

PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)

PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)

PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)

PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)

PRC - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)

PRC - C:\Program Files\Virgin Broadband Wireless\wpa_supplicant.exe ()

PRC - C:\Program Files\Virgin Broadband Wireless\ndis_events.exe ()

PRC - C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\WINDOWS\system32\lxcecoms.exe (Lexmark International, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Winxp user\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)

SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)

SRV - (AffinegyService) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (lxce_device) -- C:\WINDOWS\System32\lxcecoms.exe (Lexmark International, Inc.)

========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\drivers\UIUSys.sys File not found

DRV - (mcdbus) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys File not found

DRV - (AFGMp50) -- C:\WINDOWS\System32\Drivers\AFGMp50.sys File not found

DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)

DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)

DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)

DRV - (O2SCBUS) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0.01

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 01:18:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/03 20:52:31 | 000,000,000 | ---D | M]

[2009/03/03 18:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Extensions

[2009/01/26 17:54:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/03/03 18:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2010/08/30 15:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\extensions

[2010/03/16 16:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[2007/10/21 12:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2008/07/29 08:06:32 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\searchplugins\imdb.xml

[2008/05/20 18:33:44 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\searchplugins\wikipedia-en-1.xml

[2008/07/29 08:06:32 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\searchplugins\wikipedia-en.xml

[2007/06/13 14:29:57 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\searchplugins\youtube-video-search.xml

[2010/03/16 16:37:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/25 01:18:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2007/06/13 13:08:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[2010/07/25 01:18:33 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/07/25 01:18:33 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/02/02 22:57:16 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

[2010/07/25 01:18:35 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2008/10/14 20:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/01/31 17:21:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/01/31 17:21:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/01/31 17:21:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/01/31 17:21:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/01/31 17:21:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/01/31 17:21:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/01/31 17:21:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2005/08/25 14:37:14 | 003,833,856 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll

[2007/04/16 17:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

[2010/03/13 18:17:31 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/03/13 18:17:31 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/03/13 18:17:31 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/03/13 18:17:31 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/03/13 18:17:31 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/03/13 18:17:31 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/03/13 18:17:31 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/03/13 18:17:31 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AlliedCarrier] C:\Program Files\Firaxis Games\Civilization III Complete\Conquests\Conquests\WWII in the Pacific\Art\Units\Allied Carrier\CarrierAllied.exe ()

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [bbaka12] C:\Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe ()

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)

O4 - HKLM..\Run: [CarrierAllied5655] c:\Program Files\Firaxis Games\Civilization III Complete\Conquests\Conquests\WWII in the Pacific\Art\Units\Allied Carrier\CarrierAllied.exe ()

O4 - HKLM..\Run: [CorelRegRegistration] C:\Program Files\Corel\Corel Painter Essentials 4\Resources\Register\RegistrationUser.exe ()

O4 - HKLM..\Run: [CorelRegUser] c:\Program Files\Corel\Corel Painter Essentials 4\Resources\Register\RegistrationUser.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LXCECATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.DLL ()

O4 - HKLM..\Run: [mscjmMonitor1.00] C:\Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe ()

O4 - HKLM..\Run: [PowerPower] c:\Program Files\Power Tab Software\Power Tab Editor 1.7\PowerPTEditor17080.exe ()

O4 - HKLM..\Run: [PowerPTEditor] C:\Program Files\Power Tab Software\Power Tab Editor 1.7\PowerPTEditor17080.exe ()

O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)

O4 - HKCU..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [securityCenter] C:\Documents and Settings\Winxp user\Application Data\Desktop Security\securitycenter.exe ()

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKLM..\RunServices: [AlliedCarrier] C:\Program Files\Firaxis Games\Civilization III Complete\Conquests\Conquests\WWII in the Pacific\Art\Units\Allied Carrier\CarrierAllied.exe ()

O4 - HKLM..\RunServices: [bbaka12] C:\Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe ()

O4 - HKLM..\RunServices: [CruiseMissile] c:\Program Files\Firaxis Games\Civilization III Complete\Art\Units\Cruise Missile\MissileCruise.exe ()

O4 - HKLM..\RunServices: [mscjmQuick] C:\Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe ()

O4 - HKLM..\RunServices: [ORCACM22Shutterfly] c:\Program Files\Corel\Corel Paint Shop Pro X - Installation Files\program files\Corel\Corel Paint Shop Pro X\PhotoServices\orca22Visual.exe ()

O4 - HKLM..\RunServices: [PowerEditor] C:\Program Files\Power Tab Software\Power Tab Editor 1.7\PowerPTEditor17080.exe ()

O4 - HKLM..\RunServices: [ReportingApplication] c:\Program Files\Common Files\Microsoft Shared\DW\1028\ReportingError.exe ()

O4 - HKLM..\RunServices: [userCorelReg] C:\Program Files\Corel\Corel Painter Essentials 4\Resources\Register\RegistrationUser.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: jaakrbbwfhhvhdwnvripTaskMgr = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Winxp user\My Documents\Pictures\Untitled-2.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Winxp user\My Documents\Pictures\Untitled-2.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/07/09 22:50:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{5ea984f0-4eaa-11dd-8529-0010c63b0633}\Shell - "" = AutoRun

O33 - MountPoints2\{5ea984f0-4eaa-11dd-8529-0010c63b0633}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{5ea984f0-4eaa-11dd-8529-0010c63b0633}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{5ea984f4-4eaa-11dd-8529-0010c63b0633}\Shell - "" = AutoRun

O33 - MountPoints2\{5ea984f4-4eaa-11dd-8529-0010c63b0633}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{5ea984f4-4eaa-11dd-8529-0010c63b0633}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{724d96f0-5d40-11dd-8542-0010c63b0633}\Shell - "" = AutoRun

O33 - MountPoints2\{724d96f0-5d40-11dd-8542-0010c63b0633}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{724d96f0-5d40-11dd-8542-0010c63b0633}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/10 19:58:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Winxp user\Desktop\OTL.exe

[2010/10/31 15:37:35 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Winxp user\My Documents\mbam-setup-1.46.exe

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/10 20:00:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/10 19:59:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Winxp user\Desktop\OTL.exe

[2010/11/10 19:56:58 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/10 19:56:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/10 19:56:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/31 17:42:45 | 000,401,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/31 17:42:45 | 000,062,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/31 17:02:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/31 15:04:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Winxp user\My Documents\mbam-setup-1.46.exe

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/31 17:02:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/01/11 13:26:11 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2008/05/10 19:14:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL

[2008/05/10 19:14:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL

[2008/05/10 19:12:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcevs.dll

[2008/03/29 20:21:20 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Winxp user\Local Settings\Application Data\fusioncache.dat

[2007/06/15 14:18:13 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2007/06/12 22:56:41 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2007/04/02 17:35:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/03/28 23:59:59 | 000,175,104 | ---- | C] () -- C:\Documents and Settings\Winxp user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/03/27 07:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004/07/10 17:22:05 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2004/07/10 17:22:05 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2004/07/09 23:30:18 | 000,003,840 | ---- | C] () -- C:\WINDOWS\DellBIOS.Sys

[2004/07/09 00:20:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2009/01/11 13:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy

[2008/01/11 14:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/04/04 14:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2010/01/31 17:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/07/19 20:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2010/11/10 19:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Affinegy

[2007/04/29 10:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Atari

[2010/09/02 17:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Desktop Security

[2007/04/29 10:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Leadertech

[2010/02/27 11:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\LimeWire

[2010/09/02 17:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\MSA

[2009/05/09 13:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\My Games

[2009/05/09 16:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Red Kawa

[2007/03/21 22:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Sports Interactive

[2007/05/11 12:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\TSO

[2010/08/23 17:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\uTorrent

[2010/01/15 18:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\WTouch

========== Purity Check ==========

< End of report >

The Extras.txt file is below;

OTL Extras logfile created on: 10/11/2010 20:01:32 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Winxp user\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 619.00 Mb Available Physical Memory | 61.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 8.92 Gb Free Space | 23.93% Space Free | Partition Type: NTFS

Computer Name: WINXP-BE6D22B34 | User Name: Winxp user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" = C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:LocalSubNet:Enabled:Wireless Manager -- (Affinegy, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:

Link to post
Share on other sites

You are welcome don't worry with the rootkit scanner for now.

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.
For you this refers to Limewire and Utorrent please uninstall those before proceeding.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKLM..\Run: [bbaka12] C:\Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe ()
    O4 - HKLM..\Run: [mscjmMonitor1.00] C:\Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe ()
    O4 - HKCU..\Run: [SecurityCenter] C:\Documents and Settings\Winxp user\Application Data\Desktop Security\securitycenter.exe ()
    O4 - HKLM..\RunServices: [bbaka12] C:\Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe ()
    O4 - HKLM..\RunServices: [mscjmQuick] C:\Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe ()
    O33 - MountPoints2\{5ea984f0-4eaa-11dd-8529-0010c63b0633}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{5ea984f4-4eaa-11dd-8529-0010c63b0633}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{724d96f0-5d40-11dd-8542-0010c63b0633}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    [2010/09/02 17:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\MSA

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\drivers\svchost.exe"=-
    "C:\Program Files\LimeWire\LimeWire.exe"=-



    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

==========

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Hello Kahdah,

OK, I have uninstalled utorrent - I uninstalled limewire a while ago but I guess there must be some sort of trace of it left on my PC; I've had a look around but haven't found anything.

Ran OTL with the code as instructed. The log file is below:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bbaka12 deleted successfully.

C:\Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mscjmMonitor1.00 deleted successfully.

File C:\Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SecurityCenter deleted successfully.

C:\Documents and Settings\Winxp user\Application Data\Desktop Security\securitycenter.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\bbaka12 deleted successfully.

File C:\Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\mscjmQuick deleted successfully.

File C:\Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ea984f0-4eaa-11dd-8529-0010c63b0633}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ea984f0-4eaa-11dd-8529-0010c63b0633}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ea984f4-4eaa-11dd-8529-0010c63b0633}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ea984f4-4eaa-11dd-8529-0010c63b0633}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{724d96f0-5d40-11dd-8542-0010c63b0633}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724d96f0-5d40-11dd-8542-0010c63b0633}\ not found.

File E:\AutoRun.exe not found.

C:\Documents and Settings\Winxp user\Application Data\MSA folder moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\drivers\svchost.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 590000 bytes

User: Winxp user

->Temp folder emptied: 5762488 bytes

->Temporary Internet Files folder emptied: 52745 bytes

->Java cache emptied: 3746599 bytes

->FireFox cache emptied: 29989753 bytes

->Flash cache emptied: 82050 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2162283 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 91453809 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 268288 bytes

Total Files Cleaned = 128.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11112010_161621

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

=========

I downloaded and ran ComboFix with no antivirus or antimalware software running, and all windows closed. However, it gets as far as the disclaimer but when I click 'yes' my PC freezes (that is, I can still move the pointer around - but nothing responds when I click on it and the windows button on my keyboard does nothing) and I have ended up having to force switch off my PC. Tried it a couple of times with the same result.

Link to post
Share on other sites

Same result in safe mode (only difference being that the hard drive light on my pc came on, although there wasn't the usual accompanying noise... weird!)

Here is the new OTL log;

OTL logfile created on: 11/11/2010 20:13:30 - Run 2

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Winxp user\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 667.00 Mb Available Physical Memory | 65.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 8.86 Gb Free Space | 23.77% Space Free | Partition Type: NTFS

Computer Name: WINXP-BE6D22B34 | User Name: Winxp user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Winxp user\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Corel\Corel Painter Essentials 4\Resources\Register\RegistrationUser.exe ()

PRC - C:\Program Files\Power Tab Software\Power Tab Editor 1.7\PowerPTEditor17080.exe ()

PRC - C:\Program Files\Firaxis Games\Civilization III Complete\Conquests\Conquests\WWII in the Pacific\Art\Units\Allied Carrier\CarrierAllied.exe ()

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)

PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)

PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)

PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)

PRC - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)

PRC - C:\Program Files\Virgin Broadband Wireless\wpa_supplicant.exe ()

PRC - C:\Program Files\Virgin Broadband Wireless\ndis_events.exe ()

PRC - C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\WINDOWS\system32\lxcecoms.exe (Lexmark International, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Winxp user\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)

SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)

SRV - (AffinegyService) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (lxce_device) -- C:\WINDOWS\System32\lxcecoms.exe (Lexmark International, Inc.)

========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\drivers\UIUSys.sys File not found

DRV - (mcdbus) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys File not found

DRV - (AFGMp50) -- C:\WINDOWS\System32\Drivers\AFGMp50.sys File not found

DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)

DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)

DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)

DRV - (O2SCBUS) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 01:18:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/03 20:52:31 | 000,000,000 | ---D | M]

[2009/03/03 18:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Extensions

[2009/03/03 18:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2010/11/10 20:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\extensions

[2010/03/16 16:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[2007/10/21 12:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2008/07/29 08:06:32 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\searchplugins\imdb.xml

[2008/05/20 18:33:44 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\searchplugins\wikipedia-en-1.xml

[2008/07/29 08:06:32 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\searchplugins\wikipedia-en.xml

[2007/06/13 14:29:57 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\searchplugins\youtube-video-search.xml

[2010/03/16 16:37:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/06/13 13:08:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[2007/04/16 17:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

[2010/03/13 18:17:31 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/03/13 18:17:31 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/03/13 18:17:31 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/03/13 18:17:31 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AlliedCarrier] C:\Program Files\Firaxis Games\Civilization III Complete\Conquests\Conquests\WWII in the Pacific\Art\Units\Allied Carrier\CarrierAllied.exe ()

O4 - HKLM..\Run: [CarrierAllied5655] c:\Program Files\Firaxis Games\Civilization III Complete\Conquests\Conquests\WWII in the Pacific\Art\Units\Allied Carrier\CarrierAllied.exe ()

O4 - HKLM..\Run: [CorelRegRegistration] C:\Program Files\Corel\Corel Painter Essentials 4\Resources\Register\RegistrationUser.exe ()

O4 - HKLM..\Run: [CorelRegUser] c:\Program Files\Corel\Corel Painter Essentials 4\Resources\Register\RegistrationUser.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [LXCECATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.DLL ()

O4 - HKLM..\Run: [PowerPower] c:\Program Files\Power Tab Software\Power Tab Editor 1.7\PowerPTEditor17080.exe ()

O4 - HKLM..\Run: [PowerPTEditor] C:\Program Files\Power Tab Software\Power Tab Editor 1.7\PowerPTEditor17080.exe ()

O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)

O4 - HKCU..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\RunServices: [AlliedCarrier] C:\Program Files\Firaxis Games\Civilization III Complete\Conquests\Conquests\WWII in the Pacific\Art\Units\Allied Carrier\CarrierAllied.exe ()

O4 - HKLM..\RunServices: [CruiseMissile] c:\Program Files\Firaxis Games\Civilization III Complete\Art\Units\Cruise Missile\MissileCruise.exe ()

O4 - HKLM..\RunServices: [ORCACM22Shutterfly] c:\Program Files\Corel\Corel Paint Shop Pro X - Installation Files\program files\Corel\Corel Paint Shop Pro X\PhotoServices\orca22Visual.exe ()

O4 - HKLM..\RunServices: [PowerEditor] C:\Program Files\Power Tab Software\Power Tab Editor 1.7\PowerPTEditor17080.exe ()

O4 - HKLM..\RunServices: [ReportingApplication] c:\Program Files\Common Files\Microsoft Shared\DW\1028\ReportingError.exe ()

O4 - HKLM..\RunServices: [userCorelReg] C:\Program Files\Corel\Corel Painter Essentials 4\Resources\Register\RegistrationUser.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: jaakrbbwfhhvhdwnvripTaskMgr = 0

O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Winxp user\My Documents\Pictures\Untitled-2.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Winxp user\My Documents\Pictures\Untitled-2.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/07/09 22:50:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 20:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Winxp user\Desktop\old logs

[2010/11/11 20:02:30 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/11/11 16:34:32 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/11/11 16:16:21 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/11/10 19:58:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Winxp user\Desktop\OTL.exe

[2010/10/31 15:37:35 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Winxp user\My Documents\mbam-setup-1.46.exe

========== Files - Modified Within 30 Days ==========

[2010/11/11 20:10:13 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/11 20:10:08 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/11 20:10:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/11 16:29:26 | 003,902,849 | ---- | M] () -- C:\Documents and Settings\Winxp user\Desktop\ComboFix.exe

[2010/11/10 20:20:21 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2010/11/10 19:59:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Winxp user\Desktop\OTL.exe

[2010/11/10 19:56:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/31 17:42:45 | 000,401,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/31 17:42:45 | 000,062,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/31 17:02:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/31 15:04:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Winxp user\My Documents\mbam-setup-1.46.exe

========== Files Created - No Company Name ==========

[2010/11/11 16:28:31 | 003,902,849 | ---- | C] () -- C:\Documents and Settings\Winxp user\Desktop\ComboFix.exe

[2010/11/10 20:20:21 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2010/10/31 17:02:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/01/11 13:26:11 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2008/05/10 19:14:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL

[2008/05/10 19:14:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL

[2008/05/10 19:12:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcevs.dll

[2008/03/29 20:21:20 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Winxp user\Local Settings\Application Data\fusioncache.dat

[2007/06/15 14:18:13 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2007/06/12 22:56:41 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2007/04/02 17:35:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/03/28 23:59:59 | 000,175,104 | ---- | C] () -- C:\Documents and Settings\Winxp user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/03/27 07:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004/07/10 17:22:05 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2004/07/10 17:22:05 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2004/07/09 23:30:18 | 000,003,840 | ---- | C] () -- C:\WINDOWS\DellBIOS.Sys

[2004/07/09 00:20:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

< End of report >

Link to post
Share on other sites

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Here is the mbam log file;

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5099

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

12/11/2010 13:51:19

mbam-log-2010-11-12 (13-51-19).txt

Scan type: Quick scan

Objects scanned: 134401

Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 6

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 6

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 12

Memory Processes Infected:

C:\program files\firaxis games\civilization iii complete\conquests\conquests\wwii in the pacific\Art\Units\allied carrier\carrierallied.exe (Trojan.Agent) -> Unloaded process successfully.

C:\program files\power tab software\power tab editor 1.7\powerpteditor17080.exe (Trojan.Agent) -> Unloaded process successfully.

C:\program files\Corel\corel painter essentials 4\resources\Register\registrationuser.exe (Trojan.Agent) -> Unloaded process successfully.

C:\program files\power tab software\power tab editor 1.7\powerpteditor17080.exe (Trojan.Agent) -> Unloaded process successfully.

C:\program files\firaxis games\civilization iii complete\conquests\conquests\wwii in the pacific\Art\Units\allied carrier\carrierallied.exe (Trojan.Agent) -> Unloaded process successfully.

C:\program files\Corel\corel painter essentials 4\resources\Register\registrationuser.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\carrierallied5655 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\alliedcarrier (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\powerpower (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\powerpteditor (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\corelreguser (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\corelregregistration (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\program files\firaxis games\civilization iii complete\conquests\conquests\wwii in the pacific\Art\Units\allied carrier\carrierallied.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\program files\power tab software\power tab editor 1.7\powerpteditor17080.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\program files\Corel\corel painter essentials 4\resources\Register\registrationuser.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Winxp user\Application Data\Desktop Security\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\Winxp user\Application Data\Desktop Security\securityhelper.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

C:\Documents and Settings\Winxp user\Application Data\Desktop Security\taskmgr.dll (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

C:\Documents and Settings\Winxp user\Start Menu\Programs\Desktop Security.LNK (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

C:\Documents and Settings\Winxp user\Start Menu\Programs\Desktop Security\Activate Desktop Security.lnk (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

C:\Documents and Settings\Winxp user\Start Menu\Programs\Desktop Security\Desktop Security.lnk (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

C:\Documents and Settings\Winxp user\Start Menu\Programs\Desktop Security\Help Desktop Security.lnk (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

C:\Documents and Settings\Winxp user\Start Menu\Programs\Desktop Security\How to Activate Desktop Security.lnk (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

C:\Documents and Settings\Winxp user\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Security.LNK (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

===========

Here is the ESET log file - I left both option boxes unchecked (uninstall application on close; delete quarantined files);

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=ba9e0a69e910224b92e0de630a64603a

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-11-12 02:37:16

# local_time=2010-11-12 02:37:16 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 3764 3764 0 0

# scanned=65903

# found=5

# cleaned=5

# scan_time=2314

C:\Program Files\Common Files\Microsoft Shared\DW\1028\ReportingError.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Corel\Corel Paint Shop Pro X - Installation Files\program files\Corel\Corel Paint Shop Pro X\PhotoServices\orca22Visual.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Firaxis Games\Civilization III Complete\Art\Units\Cruise Missile\MissileCruise.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\11112010_161621\C_Documents and Settings\Winxp user\Application Data\Desktop Security\securitycenter.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\11112010_161621\C_Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Cheers

Link to post
Share on other sites

All seems to be running ok now.

Here's the latest OTL log;

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=ba9e0a69e910224b92e0de630a64603a

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-11-12 02:37:16

# local_time=2010-11-12 02:37:16 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 3764 3764 0 0

# scanned=65903

# found=5

# cleaned=5

# scan_time=2314

C:\Program Files\Common Files\Microsoft Shared\DW\1028\ReportingError.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Corel\Corel Paint Shop Pro X - Installation Files\program files\Corel\Corel Paint Shop Pro X\PhotoServices\orca22Visual.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Firaxis Games\Civilization III Complete\Art\Units\Cruise Missile\MissileCruise.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\11112010_161621\C_Documents and Settings\Winxp user\Application Data\Desktop Security\securitycenter.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\11112010_161621\C_Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

All seems to be running ok now.

Here's the latest OTL log;

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=ba9e0a69e910224b92e0de630a64603a

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-11-12 02:37:16

# local_time=2010-11-12 02:37:16 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 3764 3764 0 0

# scanned=65903

# found=5

# cleaned=5

# scan_time=2314

C:\Program Files\Common Files\Microsoft Shared\DW\1028\ReportingError.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Corel\Corel Paint Shop Pro X - Installation Files\program files\Corel\Corel Paint Shop Pro X\PhotoServices\orca22Visual.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Firaxis Games\Civilization III Complete\Art\Units\Cruise Missile\MissileCruise.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\11112010_161621\C_Documents and Settings\Winxp user\Application Data\Desktop Security\securitycenter.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\11112010_161621\C_Documents and Settings\Winxp user\Application Data\MSA\bbaka12.exe a variant of Win32/Kryptik.GMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Whoops - apologies!

Here is the OTL log;

OTL logfile created on: 12/11/2010 15:26:37 - Run 3

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Winxp user\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 530.00 Mb Available Physical Memory | 52.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 8.70 Gb Free Space | 23.36% Space Free | Partition Type: NTFS

Computer Name: WINXP-BE6D22B34 | User Name: Winxp user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Winxp user\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)

PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)

PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)

PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)

PRC - C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)

PRC - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)

PRC - C:\Program Files\Virgin Broadband Wireless\wpa_supplicant.exe ()

PRC - C:\Program Files\Virgin Broadband Wireless\ndis_events.exe ()

PRC - C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\WINDOWS\system32\lxcecoms.exe (Lexmark International, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Winxp user\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)

SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)

SRV - (AffinegyService) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (lxce_device) -- C:\WINDOWS\System32\lxcecoms.exe (Lexmark International, Inc.)

========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\drivers\UIUSys.sys File not found

DRV - (mcdbus) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys File not found

DRV - (AFGMp50) -- C:\WINDOWS\System32\Drivers\AFGMp50.sys File not found

DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)

DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)

DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)

DRV - (O2SCBUS) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 01:18:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/03 20:52:31 | 000,000,000 | ---D | M]

[2009/03/03 18:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Extensions

[2009/03/03 18:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2010/11/12 14:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\extensions

[2010/03/16 16:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[2007/10/21 12:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2008/07/29 08:06:32 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\searchplugins\imdb.xml

[2008/05/20 18:33:44 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\searchplugins\wikipedia-en-1.xml

[2008/07/29 08:06:32 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\searchplugins\wikipedia-en.xml

[2007/06/13 14:29:57 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\Winxp user\Application Data\Mozilla\Firefox\Profiles\6bri0ytj.default\searchplugins\youtube-video-search.xml

[2010/03/16 16:37:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/06/13 13:08:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[2007/04/16 17:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

[2010/03/13 18:17:31 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/03/13 18:17:31 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/03/13 18:17:31 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/03/13 18:17:31 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [LXCECATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.DLL ()

O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)

O4 - HKCU..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\RunServices: [AlliedCarrier] C:\program files\firaxis games\civilization iii complete\conquests\conquests\wwii in the pacific\art\units\allied carrier\carrierallied.exe File not found

O4 - HKLM..\RunServices: [PowerEditor] C:\program files\power tab software\power tab editor 1.7\powerpteditor17080.exe File not found

O4 - HKLM..\RunServices: [userCorelReg] C:\program files\corel\corel painter essentials 4\resources\register\registrationuser.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: jaakrbbwfhhvhdwnvripTaskMgr = 0

O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Winxp user\My Documents\Pictures\Untitled-2.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Winxp user\My Documents\Pictures\Untitled-2.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/07/09 22:50:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/12 13:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/11/11 20:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Winxp user\Desktop\old logs

[2010/11/11 20:02:30 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/11/11 16:34:32 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/11/11 16:16:21 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/11/10 19:58:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Winxp user\Desktop\OTL.exe

[2010/10/31 15:37:35 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Winxp user\My Documents\mbam-setup-1.46.exe

========== Files - Modified Within 30 Days ==========

[2010/11/12 15:00:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/12 13:52:54 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/12 13:52:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/11 16:29:26 | 003,902,849 | ---- | M] () -- C:\Documents and Settings\Winxp user\Desktop\ComboFix.exe

[2010/11/10 20:20:21 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2010/11/10 19:59:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Winxp user\Desktop\OTL.exe

[2010/11/10 19:56:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/31 17:42:45 | 000,401,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/31 17:42:45 | 000,062,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/31 17:02:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/31 15:04:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Winxp user\My Documents\mbam-setup-1.46.exe

========== Files Created - No Company Name ==========

[2010/11/11 16:28:31 | 003,902,849 | ---- | C] () -- C:\Documents and Settings\Winxp user\Desktop\ComboFix.exe

[2010/11/10 20:20:21 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2010/10/31 17:02:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/01/11 13:26:11 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2008/05/10 19:14:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL

[2008/05/10 19:14:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL

[2008/05/10 19:12:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcevs.dll

[2008/03/29 20:21:20 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Winxp user\Local Settings\Application Data\fusioncache.dat

[2007/06/15 14:18:13 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2007/06/12 22:56:41 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2007/04/02 17:35:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/03/28 23:59:59 | 000,175,104 | ---- | C] () -- C:\Documents and Settings\Winxp user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/03/27 07:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004/07/10 17:22:05 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2004/07/10 17:22:05 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2004/07/09 23:30:18 | 000,003,840 | ---- | C] () -- C:\WINDOWS\DellBIOS.Sys

[2004/07/09 00:20:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

< End of report >

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.