Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

yieldmanager pop ups

Started by am592 , Jan 30 2010 05:10 PM

  • This topic is locked This topic is locked
11 replies to this topic

#1 am592

am592

    Member

  • Members
  • PipPip
  • 43 posts

Posted 30 January 2010 - 05:10 PM

I keep getting these popups from ad.yieldmanager.com/iframe3 ... I have tried various virus scanners, but nothing shows up. I currently am running AVG 9. I ran malwarebytes and nothing shows up.

When pop-up blocker is off, I get two windows - a blank and an ad one. I tried deleting cookies, banning the sites, but the popups keep showing up. Not always but enough to be annoying. I can go to the same site, and nothing pops up about fives times, then the next it pops up.

I was running ie 7, removed it and went back to 6, then up to 8. No matter which version I keep getting the popup. I just installed Firefox, and the pops don't seem to show up.

Please help.


DDS (Ver_09-12-01.01) - FAT32x86
Run by SB at 16:47:19.93 on Sat 01/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.202 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\AGRSMMSG.exe
SVCHOST.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SB\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://mac.otpp.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
STS: MepyrinaSfc.Mepyrina: {d06075b5-6e89-4de1-bfff-57f4aceae1f2} - c:\windows\system32\mepyrina.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sb\applic~1\mozilla\firefox\profiles\vk274px8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-24 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-24 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-24 360584]
R1 NEOFLTR_640_14343;Juniper Networks TDI Filter Driver (NEOFLTR_640_14343);c:\windows\system32\drivers\NEOFLTR_640_14343.sys [2009-6-15 77096]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-24 285392]
S4 PurgProService;PurgPro XP Service;c:\program files\purgeie\PurgPro_Service.exe [2008-8-9 350672]

=============== Created Last 30 ================

2010-01-30 21:36:18 37675 ----a-w- C:\pTRUCA1-3669027dt.jpg
2010-01-29 00:02:44 54156 ---ha-w- c:\windows\QTFont.qfn
2010-01-29 00:02:44 1409 ----a-w- c:\windows\QTFont.for
2010-01-27 04:33:42 0 d-sh--w- c:\documents and settings\sb\IECompatCache
2010-01-27 04:32:51 0 d-sh--w- c:\documents and settings\sb\PrivacIE
2010-01-27 04:31:07 0 d-sh--w- c:\documents and settings\sb\IETldCache
2010-01-27 04:29:05 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-27 04:28:52 0 d-----w- c:\windows\ie8updates
2010-01-27 04:28:34 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-27 04:28:34 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-27 04:28:34 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-27 04:28:34 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-27 04:28:34 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-27 04:28:31 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-27 04:27:08 0 d--h--w- c:\windows\ie8
2010-01-26 23:22:17 0 d-----w- c:\windows\system32\LogFiles
2010-01-26 04:19:04 0 d-----w- c:\program files\LimeWire
2010-01-24 22:39:48 0 d--h--w- C:\$AVG
2010-01-24 22:15:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-24 22:15:54 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-24 22:15:48 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-24 22:15:40 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-24 22:15:28 0 d-----w- c:\program files\AVG
2010-01-24 22:15:26 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-24 18:46:59 95472 ----a-w- c:\windows\system32\Vetredir.dll
2010-01-24 18:46:59 201968 ----a-w- c:\windows\system32\Isafprod.dll
2010-01-24 18:46:59 128240 ----a-w- c:\windows\system32\Isafeif.dll
2010-01-24 18:46:54 11490 ----a-w- c:\windows\system32\entitlement.xml
2010-01-24 18:24:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2010-01-24 18:24:07 0 d-----w- c:\program files\CA
2010-01-24 15:36:32 0 d-----w- c:\program files\Panda Security
2010-01-19 00:18:43 754 ----a-w- c:\windows\wordpad.INI
2010-01-17 15:50:54 3318 ----a-w- c:\windows\system32\tmp.reg
2010-01-12 19:35:25 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 22:43:16 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-03 17:59:34 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2010-01-24 20:53:24 544 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-24 20:53:24 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-24 20:53:24 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-24 20:53:24 2168 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 05:21:02 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-12-21 19:14:06 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14:06 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:06 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:04 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:02 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

============= FINISH: 16:47:58.51 ===============

Attached Files


Edited by am592, 31 January 2010 - 09:20 AM.

 

  • BC Ads
  • BleepingComputer.com

#2 schrauber

schrauber

    Mr.Mechanic

  • Malware Response Team
  • PipPipPipPipPipPip
  • 21,625 posts
  • Gender:Male
  • Location:Munich,Germany

Posted 07 February 2010 - 11:02 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards,
schrauber

unite_blue.jpg
UBgrey.png

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware btn_donate_SM.gif

#3 am592

am592

    Member

  • Members
  • PipPip
  • 43 posts

Posted 07 February 2010 - 12:32 PM

Thank you for taking a look at my problem. Here is the info you requested.


DDS (Ver_09-12-01.01) - FAT32x86
Run by SB at 11:36:35.90 on Sun 02/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.110 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SB\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://mac.otpp.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
STS: MepyrinaSfc.Mepyrina: {d06075b5-6e89-4de1-bfff-57f4aceae1f2} - c:\windows\system32\mepyrina.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\SB\applic~1\mozilla\firefox\profiles\vk274px8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-24 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-24 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-24 360584]
R1 NEOFLTR_640_14343;Juniper Networks TDI Filter Driver (NEOFLTR_640_14343);c:\windows\system32\drivers\NEOFLTR_640_14343.sys [2009-6-15 77096]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-24 285392]
S4 PurgProService;PurgPro XP Service;c:\program files\purgeie\PurgPro_Service.exe [2008-8-9 350672]

=============== Created Last 30 ================

2010-01-30 21:36:18 37675 ----a-w- C:\pTRUCA1-3669027dt.jpg
2010-01-29 00:02:44 54156 ---ha-w- c:\windows\QTFont.qfn
2010-01-29 00:02:44 1409 ----a-w- c:\windows\QTFont.for
2010-01-27 04:33:42 0 d-sh--w- c:\documents and settings\SB\IECompatCache
2010-01-27 04:32:51 0 d-sh--w- c:\documents and settings\SB\PrivacIE
2010-01-27 04:31:07 0 d-sh--w- c:\documents and settings\SB\IETldCache
2010-01-27 04:29:05 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-27 04:28:52 0 d-----w- c:\windows\ie8updates
2010-01-27 04:28:34 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-27 04:28:34 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-27 04:28:34 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-27 04:28:34 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-27 04:28:34 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-27 04:28:31 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-27 04:27:08 0 d--h--w- c:\windows\ie8
2010-01-26 23:22:17 0 d-----w- c:\windows\system32\LogFiles
2010-01-26 04:19:04 0 d-----w- c:\program files\LimeWire
2010-01-24 22:39:48 0 d--h--w- C:\$AVG
2010-01-24 22:15:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-24 22:15:54 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-24 22:15:48 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-24 22:15:40 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-24 22:15:28 0 d-----w- c:\program files\AVG
2010-01-24 22:15:26 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-24 18:46:59 95472 ----a-w- c:\windows\system32\Vetredir.dll
2010-01-24 18:46:59 201968 ----a-w- c:\windows\system32\Isafprod.dll
2010-01-24 18:46:59 128240 ----a-w- c:\windows\system32\Isafeif.dll
2010-01-24 18:46:54 11490 ----a-w- c:\windows\system32\entitlement.xml
2010-01-24 18:24:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2010-01-24 18:24:07 0 d-----w- c:\program files\CA
2010-01-24 15:36:32 0 d-----w- c:\program files\Panda Security
2010-01-19 00:18:43 754 ----a-w- c:\windows\wordpad.INI
2010-01-17 15:50:54 3318 ----a-w- c:\windows\system32\tmp.reg
2010-01-12 19:35:25 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 22:43:16 0 d-----w- c:\program files\Spybot - Search & Destroy

==================== Find3M ====================

2010-02-07 16:10:48 410976 ----a-w- c:\windows\system32\deploytk.dll
2010-01-24 20:53:24 544 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-24 20:53:24 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-24 20:53:24 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-24 20:53:24 2168 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 05:21:02 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-12-21 19:14:06 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14:06 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:06 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:04 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:02 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

============= FINISH: 11:37:11.26 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-07 12:15:11
Windows 5.1.2600 Service Pack 3
Running: kxvj4h3g.exe; Driver: C:\DOCUME~1\SB\LOCALS~1\Temp\afddypog.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF8223590]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_640_14343.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_640_14343.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_640_14343.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158307c824
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158307c824@002339e28327 0xF1 0xEC 0xB8 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158307c824@002483e5439e 0x4A 0x71 0x61 0x3C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158307c824 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158307c824@002339e28327 0xF1 0xEC 0xB8 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158307c824@002483e5439e 0x4A 0x71 0x61 0x3C ...

---- EOF - GMER 1.0.15 ----

Attached Files


#4 schrauber

schrauber

    Mr.Mechanic

  • Malware Response Team
  • PipPipPipPipPipPip
  • 21,625 posts
  • Gender:Male
  • Location:Munich,Germany

Posted 07 February 2010 - 03:23 PM

Hello, am592
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards,
schrauber

unite_blue.jpg
UBgrey.png

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware btn_donate_SM.gif

#5 am592

am592

    Member

  • Members
  • PipPip
  • 43 posts

Posted 07 February 2010 - 08:10 PM

Hi Tom,

Attached is the file you requested.

FYI, while running combofix, after installing the recovery manager and starting up the scan, my computer just rebooted. During the rebooting, it found bad files in a /schrauber directory. After the reboot was done, combofix ran ok.

Attached Files


#6 schrauber

schrauber

    Mr.Mechanic

  • Malware Response Team
  • PipPipPipPipPipPip
  • 21,625 posts
  • Gender:Male
  • Location:Munich,Germany

Posted 08 February 2010 - 03:41 PM

Hi,

Please don't attach the logfiles, just post it here in your thread.

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt



  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

unite_blue.jpg
UBgrey.png

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware btn_donate_SM.gif

#7 am592

am592

    Member

  • Members
  • PipPip
  • 43 posts

Posted 08 February 2010 - 11:43 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3642
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/8/2010 10:25:52 PM
mbam-log-2010-02-08 (22-25-49).txt

Scan type: Full Scan (C:\|)
Objects scanned: 175739
Time elapsed: 35 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{41AF0825-6FA2-4B5C-80A2-9C945A290842}\RP398\A0065408.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{41AF0825-6FA2-4B5C-80A2-9C945A290842}\RP398\A0065500.sys (Malware.Trace) -> No action taken.


ESET
C:\Share\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application deleted - quarantined


OTL
OTL logfile created on: 2/8/2010 11:26:27 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\SB\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 104.15 Gb Free Space | 69.90% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SB
Current User Name: SB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/08 23:25:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SB\Desktop\OTL.exe
PRC - [2010/02/07 11:10:48 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/02/07 11:10:48 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2010/01/24 17:15:36 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/24 17:15:34 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/24 17:15:32 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/24 17:15:32 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/24 17:15:32 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/24 17:15:30 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/21 20:09:02 | 000,842,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2004/10/08 19:16:24 | 000,088,363 | R--- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2003/11/13 18:23:52 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/11/12 04:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/08/28 06:32:38 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2003/08/28 06:19:34 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe


========== Modules (SafeList) ==========

MOD - [2010/02/08 23:25:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SB\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/07 11:10:48 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/01/24 17:15:30 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/08/09 00:35:50 | 000,350,672 | ---- | M] (Assistance & Resources for Computing, Inc.) [Disabled | Stopped] -- C:\Program Files\PurgeIE\PurgPro_Service.exe -- (PurgProService)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/11/12 04:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/28 00:10:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/28 00:10:10 | 000,000,000 | ---D | M]

[2010/01/24 16:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\Mozilla\Extensions
[2010/01/24 16:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/28 00:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\Mozilla\Firefox\Profiles\vk274px8.default\extensions
[2010/01/28 00:10:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/12/05 22:59:22 | 000,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://mac.otpp.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O22 - SharedTaskScheduler: {D06075B5-6E89-4DE1-BFFF-57F4ACEAE1F2} - MepyrinaSfc - C:\WINDOWS\system32\mepyrina.dll ( )
O24 - Desktop WallPaper: C:\Documents and Settings\SB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/02/09 19:02:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/02/09 18:54:42 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/08 23:25:32 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SB\Desktop\OTL.exe
[2010/02/08 22:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/07 23:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SB\My Documents\My Videos - Delete
[2010/02/07 20:19:05 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/02/07 19:51:06 | 000,000,000 | ---D | C] -- C:\FOUND.000
[2010/02/07 19:47:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/07 19:47:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/07 19:47:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/07 19:47:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/07 19:47:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/07 19:46:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/07 19:46:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/07 11:30:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SB\Recent
[2010/01/30 16:49:41 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\SB\Desktop\RootRepeal.exe
[2010/01/30 12:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/01/30 09:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/30 09:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/28 19:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SB\Local Settings\Application Data\Apple Computer
[2010/01/28 19:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/01/28 00:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SB\Local Settings\Application Data\Mozilla
[2010/01/28 00:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/26 23:33:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SB\IECompatCache
[2010/01/26 23:32:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SB\PrivacIE
[2010/01/26 23:31:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SB\IETldCache
[2010/01/26 23:28:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/26 23:27:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/26 18:22:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2007/03/31 10:00:20 | 000,319,488 | ---- | C] ( ) -- C:\WINDOWS\System32\mepyrina.dll
[2007/01/13 14:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
[2006/09/19 23:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
[2004/02/09 19:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/02/09 19:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/02/09 18:56:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/02/09 18:56:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/08 23:25:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SB\Desktop\OTL.exe
[2010/02/08 20:41:08 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0FD9F4EC-D188-407D-ABD4-C88E9F1B6015}.job
[2010/02/07 23:54:24 | 000,235,008 | ---- | M] () -- C:\Documents and Settings\SB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/07 20:00:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/07 19:59:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/07 19:51:42 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\BackgroundTaskUserS-1-5-21-2636412022-791471798-114929213-1005.job
[2010/02/07 19:51:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/07 19:51:28 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/07 19:47:50 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\SB\NTUSER.DAT
[2010/02/07 19:47:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/07 19:45:04 | 003,850,968 | R--- | M] () -- C:\Documents and Settings\SB\Desktop\schrauber.exe
[2010/02/07 19:35:44 | 000,318,464 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\MBANX.XLS
[2010/02/07 11:58:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\SB\ntuser.ini
[2010/02/07 11:40:16 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\SB\Desktop\kxvj4h3g.exe
[2010/02/07 11:35:36 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\SB\Desktop\dds.scr
[2010/02/07 09:56:18 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\SD.09t
[2010/02/07 09:38:58 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StudioTax 2009.lnk
[2010/02/07 09:37:58 | 000,412,416 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/07 09:37:58 | 000,398,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/07 09:37:58 | 000,060,204 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/07 00:20:28 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/02/06 11:40:38 | 000,161,280 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\EXPENSE.XLS
[2010/02/06 10:43:28 | 000,270,848 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\MTG.XLS
[2010/02/06 10:37:26 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\RRSP.XLS
[2010/02/06 10:18:12 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\car.xls
[2010/02/06 09:58:22 | 000,015,776 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\The_Soup_2010_01_29_PDTV_XviD_MOMENTUM.torrent
[2010/01/30 16:49:38 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\SB\Desktop\RootRepeal.exe
[2010/01/28 19:02:46 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/28 19:02:46 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/01/28 00:10:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/01/28 00:10:14 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/27 00:20:56 | 000,001,327 | ---- | M] () -- C:\Limewire Music.lnk
[2010/01/26 23:22:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/26 18:44:12 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/07 19:47:42 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/07 19:47:40 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/07 19:47:02 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/07 19:47:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/07 19:47:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/07 19:47:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/07 19:47:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/07 19:45:03 | 003,850,968 | R--- | C] () -- C:\Documents and Settings\SB\Desktop\schrauber.exe
[2010/02/07 11:40:15 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\SB\Desktop\kxvj4h3g.exe
[2010/02/07 09:55:50 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\SB\My Documents\SD.09t
[2010/02/07 09:38:56 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StudioTax 2009.lnk
[2010/02/06 09:58:28 | 000,015,776 | ---- | C] () -- C:\Documents and Settings\SB\My Documents\The_Soup_2010_01_29_PDTV_XviD_MOMENTUM.torrent
[2010/01/30 16:47:02 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\SB\Desktop\dds.scr
[2010/01/30 11:47:20 | 528,011,264 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/28 19:02:44 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/28 19:02:44 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/01/28 00:10:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/28 00:10:12 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/26 23:33:41 | 000,000,428 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0FD9F4EC-D188-407D-ABD4-C88E9F1B6015}.job
[2010/01/18 19:18:43 | 000,000,754 | ---- | C] () -- C:\WINDOWS\wordpad.INI
[2009/08/22 16:54:33 | 000,373,342 | ---- | C] () -- C:\Documents and Settings\SB\Application Data\CleanUp!.log
[2009/01/20 18:19:56 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/08/09 20:05:09 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/04/09 23:41:17 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/04/09 23:41:17 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/02/23 11:25:37 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2008/02/23 01:02:57 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/23 01:02:56 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/01 16:40:46 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\SB\Local Settings\Application Data\fusioncache.dat
[2007/07/12 19:12:16 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/03/31 10:00:16 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\getmemoc.dll
[2006/06/30 23:18:24 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/17 23:21:24 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2006/06/17 15:39:08 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/06/17 15:38:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4200.ini
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2005/12/11 01:01:04 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\SB\Application Data\ViewerApp.dat
[2005/12/11 00:54:38 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/09/28 10:12:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/09/12 17:49:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2005/06/30 22:53:09 | 000,000,783 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI
[2005/06/09 22:08:03 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/01 19:24:34 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2005/06/01 19:21:40 | 000,000,382 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini
[2005/06/01 19:21:27 | 000,026,124 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2005/06/01 19:21:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2005/06/01 19:19:42 | 000,000,657 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2005/06/01 19:17:32 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/03/13 10:13:02 | 000,000,277 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
[2005/03/13 09:42:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/12 21:28:55 | 000,235,008 | ---- | C] () -- C:\Documents and Settings\SB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/12 19:28:09 | 000,000,173 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004/02/09 19:28:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/09 19:25:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/02/09 19:19:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/09 19:05:02 | 000,007,961 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/02/09 18:59:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/19 13:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980/01/01 00:00:00 | 000,000,113 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== LOP Check ==========

[2005/06/01 19:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/09/19 18:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/05/14 23:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rogers Online Protection
[2009/07/01 17:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/24 13:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/01/24 17:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2004/02/09 19:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\InterTrust
[2008/02/23 00:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\uTorrent
[2008/08/09 00:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\PurgeIE
[2008/12/09 00:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\LimeWire
[2009/03/21 17:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\Any Video Converter
[2005/06/02 18:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\Ulead Systems
[2006/06/20 17:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\EPSON
[2006/09/19 18:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\Juniper Networks
[2009/05/14 23:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\Rogers Online Protection
[2010/02/07 19:51:42 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\BackgroundTaskUserS-1-5-21-2636412022-791471798-114929213-1005.job
[2009/07/31 20:45:02 | 000,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\shutdown.job
[2010/02/08 20:41:08 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0FD9F4EC-D188-407D-ABD4-C88E9F1B6015}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2007/01/13 14:13:06 | 022,245,337 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2008/09/12 18:51:44 | 023,852,652 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2007/01/13 14:13:06 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/12 18:51:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 12:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2007/01/13 14:13:06 | 022,245,337 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2008/09/12 18:51:44 | 023,852,652 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2007/01/13 14:13:06 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/12 18:51:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/03/31 12:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2003/03/31 12:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Files - Unicode (All) ==========
[2009/12/12 23:03:06 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\?????????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/12/12 23:03:05 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\?????????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
< End of report >

OTL Extras logfile created on: 2/8/2010 11:26:28 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\SB\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 104.15 Gb Free Space | 69.90% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SB
Current User Name: SB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Juniper Networks)
"C:\Documents and Settings\SB\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\SB\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead DVD MovieFactory 3 SE
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{316CDA1E-4760-4772-94B0-0FFC56D85700}" = RPS CRT
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{34E95EA8-EEED-469A-A5C6-4BCFE33CA1B7}" = StudioTax 2008
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F9301C3-F016-450D-97A1-B376DB98E967}" = RPS CRT
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8441D243-8B1D-4E39-AF5E-5307E2E0C4B1}" = StudioTax 2009
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{A987FEC8-5616-49BD-BCA6-ACFFFE7403FE}" = IKEA Home Planner
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AVG9Uninstall" = AVG Free 9.0
"bitRipper" = bitRipper
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"ExtractNow_is1" = ExtractNow
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"Hauppauge WinTV-PVR 150 Drivers" = Hauppauge WinTV-PVR 150 Drivers
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker 6.5 Gold
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LimeWire" = LimeWire 5.3.6
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PurgeIE Pro_is1" = PurgeIE Pro - 4.01
"RealPlayer 6.0" = RealPlayer
"Silent Package Run-Time Sample" = EPSON CX 4200 4800 Guide
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3c
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2010 2:57:29 PM | Computer Name = SB | Source = UmxAgent | ID = 99
Description =

Error - 1/24/2010 4:38:18 PM | Computer Name = SB | Source = UmxAgent | ID = 99
Description =

Error - 1/24/2010 4:56:15 PM | Computer Name = SB | Source = UmxAgent | ID = 99
Description =

Error - 1/24/2010 6:06:27 PM | Computer Name = SB | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application outlook.exe, version 10.0.4024.0, faulting module
unknown, version 0.0.0.0, fault address 0x005e001f.

Error - 1/27/2010 12:12:57 AM | Computer Name = SB | Source = MsiInstaller | ID = 11334
Description = Product: Microsoft .NET Framework 1.1 -- Error 1334.The file 'FL_mscorees_dll_ENU_X86.3643236F_FC70_11D3_A536_0090278A1BB8'
cannot be installed because the file cannot be found in cabinet file 'PCW_CAB_NDP'.
This could indicate a network error, an error reading from the CD-ROM, or a problem
with this package.

Error - 1/27/2010 12:12:58 AM | Computer Name = SB | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{EBC491BC-BB34-4269-B391-DD3D36B869FE}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\SB\LOCALS~1\Temp\MSIb426f.LOG.

Error - 1/27/2010 12:13:28 AM | Computer Name = SB | Source = MsiInstaller | ID = 11334
Description = Product: Microsoft .NET Framework 1.1 -- Error 1334.The file 'FL_mscorees_dll_ENU_X86.3643236F_FC70_11D3_A536_0090278A1BB8'
cannot be installed because the file cannot be found in cabinet file 'PCW_CAB_NDP'.
This could indicate a network error, an error reading from the CD-ROM, or a problem
with this package.

Error - 1/27/2010 12:13:29 AM | Computer Name = SB | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{EBC491BC-BB34-4269-B391-DD3D36B869FE}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\SB\LOCALS~1\Temp\MSIbd20c.LOG.

Error - 1/27/2010 8:30:45 PM | Computer Name = SB | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/28/2010 11:36:57 PM | Computer Name = SB | Source = Application Error | ID = 1000
Description = Faulting application avgwdsvc.exe, version 9.0.0.663, faulting module
unknown, version 0.0.0.0, fault address 0x00000804.

[ System Events ]
Error - 1/17/2010 12:04:16 PM | Computer Name = SB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/26/2010 7:32:51 PM | Computer Name = SB | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
HY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{003EA2C5-6355-4B40-89.
The
master browser is stopping or an election is being forced.

Error - 1/29/2010 4:47:07 PM | Computer Name = SB | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
HOME-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{003EA2C5-6355-4B40-8. The master browser is stopping or an election
is being forced.

Error - 1/29/2010 9:44:10 PM | Computer Name = SB | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
HOME-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{003EA2C5-6355-4B40-8. The master browser is stopping or an election
is being forced.

Error - 1/30/2010 11:41:04 AM | Computer Name = SB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/30/2010 12:28:44 PM | Computer Name = SB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/30/2010 12:41:50 PM | Computer Name = SB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/30/2010 12:46:36 PM | Computer Name = SB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/2/2010 12:23:34 AM | Computer Name = SB | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{003EA2C5-6355-4B40-8982-A78CAEC88DD8}. The
backup browser is stopping.

Error - 2/7/2010 8:52:15 PM | Computer Name = SB | Source = System Error | ID = 1003
Description = Error code 00000019, parameter1 00000020, parameter2 822c6288, parameter3
822c6a98, parameter4 1b02003a.


< End of report >

#8 schrauber

schrauber

    Mr.Mechanic

  • Malware Response Team
  • PipPipPipPipPipPip
  • 21,625 posts
  • Gender:Male
  • Location:Munich,Germany

Posted 09 February 2010 - 03:07 PM

Hi,


Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case LimeWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."





Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 18...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.





Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    [2010/02/07 20:19:05 | 000,000,000 | -HSD | C] -- C:\Recycled
    [2007/03/31 10:00:20 | 000,319,488 | ---- | C] ( ) -- C:\WINDOWS\System32\mepyrina.dll
    [2009/12/12 23:03:06 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\?????????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
    [2009/12/12 23:03:05 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\?????????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards,
schrauber

unite_blue.jpg
UBgrey.png

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware btn_donate_SM.gif

#9 am592

am592

    Member

  • Members
  • PipPip
  • 43 posts

Posted 09 February 2010 - 07:13 PM

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
C:\Recycled folder moved successfully.
C:\WINDOWS\system32\mepyrina.dll moved successfully.
C:\WINDOWS\system32\㩃停潲牧浡䘠汩獥剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩 moved successfully.
File C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩 not found.

OTL by OldTimer - Version 3.1.28.0 log created on 02092010_185710

OTL logfile created on: 2/9/2010 7:00:58 PM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\SB\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 104.03 Gb Free Space | 69.81% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SB
Current User Name: SB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\SB\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\SB\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PurgProService) -- C:\Program Files\PurgeIE\PurgPro_Service.exe (Assistance & Resources for Computing, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (NEOFLTR_640_14343) Juniper Networks TDI Filter Driver (NEOFLTR_640_14343) -- C:\WINDOWS\system32\drivers\NEOFLTR_640_14343.sys (Juniper Networks)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (StMp3Rec) -- C:\WINDOWS\system32\drivers\StMp3Rec.sys (Generic)
DRV - (hcwPP2) -- C:\WINDOWS\system32\drivers\hcwPP2.sys (Hauppauge Computer Works, Inc.)
DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Windows ® 2000 DDK provider)
DRV - (Point32) -- C:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (cdrbsvsd) -- C:\WINDOWS\system32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ENUM1394) -- C:\WINDOWS\system32\drivers\enum1394.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/02/09 18:54:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/28 00:10:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/28 00:10:10 | 000,000,000 | ---D | M]

[2010/01/24 16:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\Mozilla\Extensions
[2010/01/28 00:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SB\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/01/24 16:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/28 00:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SB\Application Data\Mozilla\Firefox\Profiles\vk274px8.default\extensions
[2010/01/28 00:10:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/28 00:10:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/09 18:55:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/01/15 22:09:52 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/01/15 22:09:52 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/01/15 22:09:54 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/02/09 18:54:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/01/15 19:13:04 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/15 19:13:04 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/01/15 19:13:04 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/15 19:13:04 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/15 19:13:04 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/15 19:13:04 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/15 19:13:04 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/12/05 22:59:22 | 000,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://mac.otpp.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {D06075B5-6E89-4DE1-BFFF-57F4ACEAE1F2} - MepyrinaSfc - C:\WINDOWS\System32\mepyrina.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\SB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/02/09 19:02:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/09 18:57:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/09 18:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/09 18:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/09 18:55:02 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/09 18:55:01 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/09 18:55:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/09 18:55:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/09 18:48:45 | 016,254,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\SB\Desktop\jre-6u18-windows-i586.exe
[2010/02/08 23:25:32 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SB\Desktop\OTL.exe
[2010/02/08 22:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/07 23:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SB\My Documents\My Videos - Delete
[2010/02/07 19:51:06 | 000,000,000 | ---D | C] -- C:\FOUND.000
[2010/02/07 19:47:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/07 19:47:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/07 19:47:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/07 19:47:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/07 19:47:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/07 19:46:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/07 19:46:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/07 11:30:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SB\Recent
[2010/01/30 16:49:41 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\SB\Desktop\RootRepeal.exe
[2010/01/30 12:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/01/30 09:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/30 09:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/28 19:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SB\Local Settings\Application Data\Apple Computer
[2010/01/28 19:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/01/28 00:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SB\Local Settings\Application Data\Mozilla
[2010/01/28 00:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/26 23:33:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SB\IECompatCache
[2010/01/26 23:32:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SB\PrivacIE
[2010/01/26 23:31:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SB\IETldCache
[2010/01/26 23:28:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/26 23:28:34 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/01/26 23:28:34 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/01/26 23:28:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/01/26 23:28:31 | 011,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/01/26 23:27:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/26 18:22:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/01/25 23:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/01/24 17:39:48 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/01/24 17:15:55 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/24 17:15:54 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/24 17:15:48 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/24 17:15:47 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/24 17:15:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/01/24 17:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/01/24 17:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/24 16:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SB\My Documents\LimeWire
[2010/01/24 16:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SB\Application Data\Mozilla
[2010/01/24 13:46:59 | 000,201,968 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\Isafprod.dll
[2010/01/24 13:46:59 | 000,128,240 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\Isafeif.dll
[2010/01/24 13:46:59 | 000,095,472 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\Vetredir.dll
[2010/01/24 13:46:56 | 000,000,000 | ---D | C] -- C:\Config.msi
[2010/01/24 13:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/01/24 13:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2010/01/24 10:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/01/12 14:35:25 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2007/01/13 14:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
[2006/09/19 23:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
[2004/02/09 19:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/02/09 19:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/02/09 18:56:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/02/09 18:56:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/09 18:54:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/09 18:54:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/09 18:54:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/09 18:54:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/09 18:54:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/09 18:53:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\BackgroundTaskUserS-1-5-21-2636412022-791471798-114929213-1005.job
[2010/02/09 18:52:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/09 18:52:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/09 18:52:42 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/09 18:51:58 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\SB\NTUSER.DAT
[2010/02/09 18:51:52 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/02/09 18:51:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\SB\ntuser.ini
[2010/02/09 18:48:52 | 016,254,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\SB\Desktop\jre-6u18-windows-i586.exe
[2010/02/09 18:47:28 | 055,361,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/09 18:46:52 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0FD9F4EC-D188-407D-ABD4-C88E9F1B6015}.job
[2010/02/08 23:25:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SB\Desktop\OTL.exe
[2010/02/07 23:54:24 | 000,235,008 | ---- | M] () -- C:\Documents and Settings\SB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/07 19:59:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/07 19:47:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/07 19:45:04 | 003,850,968 | R--- | M] () -- C:\Documents and Settings\SB\Desktop\schrauber.exe
[2010/02/07 19:35:44 | 000,318,464 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\MBANX.XLS
[2010/02/07 11:40:16 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\SB\Desktop\kxvj4h3g.exe
[2010/02/07 11:35:36 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\SB\Desktop\dds.scr
[2010/02/07 09:56:18 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\SD.09t
[2010/02/07 09:38:58 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StudioTax 2009.lnk
[2010/02/07 09:37:58 | 000,412,416 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/07 09:37:58 | 000,398,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/07 09:37:58 | 000,060,204 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/06 11:40:38 | 000,161,280 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\EXPENSE.XLS
[2010/02/06 10:43:28 | 000,270,848 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\MTG.XLS
[2010/02/06 10:37:26 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\RRSP.XLS
[2010/02/06 10:18:12 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\car.xls
[2010/02/06 09:58:22 | 000,015,776 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\The_Soup_2010_01_29_PDTV_XviD_MOMENTUM.torrent
[2010/01/30 16:49:38 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\SB\Desktop\RootRepeal.exe
[2010/01/28 19:02:46 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/28 19:02:46 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/01/28 00:10:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/01/28 00:10:14 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/27 00:20:56 | 000,001,327 | ---- | M] () -- C:\Limewire Music.lnk
[2010/01/26 23:22:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/26 18:44:12 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/25 23:19:22 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\SB\Desktop\LimeWire 5.3.6.lnk
[2010/01/24 17:15:56 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/24 17:15:56 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/24 17:15:56 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/01/24 17:15:50 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/24 17:15:48 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/24 17:15:48 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/24 17:15:42 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/24 17:15:42 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/24 17:15:42 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/24 15:53:24 | 000,002,168 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/01/24 15:53:24 | 000,000,544 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/01/24 15:53:24 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/01/24 15:53:24 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/01/24 13:46:56 | 000,011,490 | ---- | M] () -- C:\WINDOWS\System32\entitlement.xml
[2010/01/24 12:36:40 | 000,002,303 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IKEA Home Planner.lnk
[2010/01/24 12:21:24 | 000,086,168 | ---- | M] () -- C:\Documents and Settings\SB\My Documents\kitchen11.fpf
[2010/01/18 19:18:44 | 000,000,754 | ---- | M] () -- C:\WINDOWS\wordpad.INI
[2010/01/17 11:21:10 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/07 19:47:42 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/07 19:47:40 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/07 19:47:02 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/07 19:47:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/07 19:47:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/07 19:47:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/07 19:47:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/07 19:45:03 | 003,850,968 | R--- | C] () -- C:\Documents and Settings\SB\Desktop\schrauber.exe
[2010/02/07 11:40:15 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\SB\Desktop\kxvj4h3g.exe
[2010/02/07 09:55:50 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\SB\My Documents\SD.09t
[2010/02/07 09:38:56 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StudioTax 2009.lnk
[2010/02/06 09:58:28 | 000,015,776 | ---- | C] () -- C:\Documents and Settings\SB\My Documents\The_Soup_2010_01_29_PDTV_XviD_MOMENTUM.torrent
[2010/01/30 16:47:02 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\SB\Desktop\dds.scr
[2010/01/30 11:47:20 | 528,011,264 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/28 19:02:44 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/28 19:02:44 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/01/28 00:10:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/28 00:10:12 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/26 23:33:41 | 000,000,428 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0FD9F4EC-D188-407D-ABD4-C88E9F1B6015}.job
[2010/01/24 17:15:55 | 000,001,415 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/01/24 17:15:47 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/24 17:15:40 | 055,361,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/24 17:15:40 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/24 17:15:40 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/24 17:15:40 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/24 13:46:54 | 000,011,490 | ---- | C] () -- C:\WINDOWS\System32\entitlement.xml
[2010/01/24 12:21:17 | 000,086,168 | ---- | C] () -- C:\Documents and Settings\SB\My Documents\kitchen11.fpf
[2010/01/18 19:18:43 | 000,000,754 | ---- | C] () -- C:\WINDOWS\wordpad.INI
[2010/01/17 11:21:08 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/08/22 16:54:33 | 000,373,342 | ---- | C] () -- C:\Documents and Settings\SB\Application Data\CleanUp!.log
[2009/01/20 18:19:56 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/08/09 20:05:09 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/04/09 23:41:17 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/04/09 23:41:17 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/02/23 11:25:37 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2008/02/23 01:02:57 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/23 01:02:56 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/01 16:40:46 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\SB\Local Settings\Application Data\fusioncache.dat
[2007/07/12 19:12:16 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/03/31 10:00:16 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\getmemoc.dll
[2006/06/30 23:18:24 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/17 23:21:24 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2006/06/17 15:39:08 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/06/17 15:38:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4200.ini
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2005/12/11 01:01:04 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\SB\Application Data\ViewerApp.dat
[2005/12/11 00:54:38 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/09/28 10:12:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/09/12 17:49:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2005/06/30 22:53:09 | 000,000,783 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI
[2005/06/09 22:08:03 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/01 19:24:34 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2005/06/01 19:21:40 | 000,000,382 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini
[2005/06/01 19:21:27 | 000,026,124 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2005/06/01 19:21:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2005/06/01 19:19:42 | 000,000,657 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2005/06/01 19:17:32 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/03/13 10:13:02 | 000,000,277 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
[2005/03/13 09:42:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/12 21:28:55 | 000,235,008 | ---- | C] () -- C:\Documents and Settings\SB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/12 19:28:09 | 000,000,173 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004/02/09 19:28:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/09 19:25:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/02/09 19:19:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/09 19:05:02 | 000,007,961 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/02/09 18:59:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/19 13:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980/01/01 00:00:00 | 000,000,113 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
< End of report >

#10 schrauber

schrauber

    Mr.Mechanic

  • Malware Response Team
  • PipPipPipPipPipPip
  • 21,625 posts
  • Gender:Male
  • Location:Munich,Germany

Posted 10 February 2010 - 02:07 PM

Hi,


Delete ComboFix and Clean Up
Click Start > Run > type combofix /Uninstall > OK (Note the space between combofix and /Uninstall)
Please advise if this step is missed for any reason as it performs some important actions.



Please run OTL one more time and hit Cleanup. This will remove OTL and all helper tools.





Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean smile.gif



Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.


Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  1. If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.

  2. If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.

  3. If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.

  4. If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites

  5. Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.

  6. Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.

  7. When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.

  8. Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.

  9. Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.

  10. DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Make Internet Explorer 7 more secure
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    1. Change the Download signed ActiveX controls to Prompt
    2. Change the Download unsigned ActiveX controls to Disable
    3. Change the Initialize and script ActiveX controls not marked as safe to Disable
    4. Change the Installation of desktop items to Prompt
    5. Change the Launching programs and files in an IFRAME to Prompt
    6. Change the Navigate sub-frames across different domains to Prompt
    7. When all these settings have been made, click on the OK button.
    8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  5. Next press the Apply button and then the OK to exit the Internet Properties page.

Use an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


Install SpywareBlaster

SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

regards,
schrauber

unite_blue.jpg
UBgrey.png

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware btn_donate_SM.gif

#11 am592

am592

    Member

  • Members
  • PipPip
  • 43 posts

Posted 11 February 2010 - 08:52 AM

Thank you for all your help. I assume it's ok to delete the GMER app and the schrauber directory that are left over on my PC. There's also a c:/config.msi directory, and files c:/boot.bak and cmdlr, I never noticed before, can I delete these?

I won't be able to verify that the virus is gone for a few days. I'll report back next week.

#12 schrauber

schrauber

    Mr.Mechanic

  • Malware Response Team
  • PipPipPipPipPipPip
  • 21,625 posts
  • Gender:Male
  • Location:Munich,Germany

Posted 13 February 2010 - 12:06 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

regards,
schrauber

unite_blue.jpg
UBgrey.png

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware btn_donate_SM.gif

Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·