login problems

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Page 1 of 1

You cannot start a new topic
This topic is locked

login problems

#1 Zonkers

Member

Group: Members
Posts: 27
Joined: 26-February 11

Posted 28 May 2011 - 07:26 AM

Hi there

each time I seem to load windows, I press OK to login and my floopy drive activates by itself

It never used to do this at all it even does it if I don't have the login prompt on

I don't know what info you might need so here is a quick list of my system

Win XP Pro Service pack 3

Apart from that I dont think my hardware specs would be necessary

Attached is a hijack this log if it is of any use

Thanks

Attached File(s)

hijackthis 29-05-11.log (8.05K)
Number of downloads: 3

This post has been edited by Blade Zephon: 28 May 2011 - 09:21 AM
Reason for edit: Moved to log forum. ~BZ

#2 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 09 June 2011 - 10:21 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)

Link 2 (zipped file)

Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth Code, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

NEXT:

Running OTL

We need to create a FULL OTL Report

Please download OTL from here:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 Zonkers

Member

Group: Members
Posts: 27
Joined: 26-February 11

Posted 10 June 2011 - 05:15 AM

Thanks for your reply here are the log files

Oh and just the other day this pop up came up again instead of my floopy drive scanning it did this

Application popup: Windows - No Disk : Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

Opened up on a nice popup all on its own sorry didn't get a screen shot

Cheers

rootkit Report.txt (27.93K)
Number of downloads: 2

OTL.Txt (66.21K)
Number of downloads: 2

Extras.Txt (35.01K)
Number of downloads: 1

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF6995000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12754944 bytes (NVIDIA Corporation, NVIDIA Windows XP Miniport Driver, Version 275.33 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 4198400 bytes (NVIDIA Corporation, NVIDIA Windows XP Display driver, Version 275.33 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF67A7000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF7676000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF42F0000 C:\WINDOWS\system32\DRIVERS\LVCD.sys 475136 bytes (Logitech Inc., Video Minidriver)
0xF438A000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6629000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF4475000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB7D3B000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF6915000 C:\WINDOWS\system32\DRIVERS\yk51x86.sys 294912 bytes (Marvell, NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller)
0xBD413000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7DBB000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF687A000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF66AF000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF77C0000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7649000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB78CC000 C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 180224 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB639D000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF4422000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF444D000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF776A000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF4364000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB7BD7000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF68DD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF695D000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF68BA000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB7F14000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF685A000 C:\WINDOWS\system32\drivers\aeaudio.sys 131072 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF771A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF77EE000 imagesrv.sys 131072 bytes (Ahead Software AG, Nero Image Server)
0xF7790000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF762F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7752000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF4210000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF773A000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7703000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6790000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB796A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6901000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6981000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF44CE000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF77AF000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF677F000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF78EF000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF799F000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF78DF000 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys 65536 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)
0xF796F000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF797F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF79AF000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB7ACF000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7A1F000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF786F000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF795F000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF79BF000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF78CF000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF784F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF79DF000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF787F000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7A5F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF798F000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF783F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF79CF000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF782F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7A0F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF79FF000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF785F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7A9F000 C:\WINDOWS\System32\Drivers\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF794F000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7A8F000 C:\WINDOWS\System32\Drivers\LHidUsb.Sys 36864 bytes (Logitech, Inc., Logitech USB Mouse Function Driver.)
0xF79EF000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7A3F000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB6F8A000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7A6F000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7B47000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7AEF000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7AFF000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7B4F000 C:\WINDOWS\System32\Drivers\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7AAF000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7AF7000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7B67000 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys 24576 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xF7B1F000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7AE7000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7B37000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7B27000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7B3F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AB7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7B0F000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7B17000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7B07000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7B6F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7607000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF7D0B000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7C43000 speedfan.sys 16384 bytes
0xF7C3F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF661D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7D0F000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF669B000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7D17000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF75C3000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7D57000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xF7D5F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D33000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7D69000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D5D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D35000 imagedrv.sys 8192 bytes (Ahead Software AG, NERO IMAGEDRIVE SCSI miniport)
0xF7D2F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D61000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D9F000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7D63000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D59000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7DAF000 c:\Tmp\tmp1.tmp 8192 bytes
0xF7D5B000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D31000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7F1F000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7E34000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7DF8000 giveio.sys 4096 bytes
0xF7F1D000 C:\WINDOWS\system32\drivers\msmpu401.sys 4096 bytes (Microsoft Corporation, MPU401 Adapter Driver)
0xF7F4C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7DF7000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x030F0000 Hidden Image-->Aga.Controls.dll [ EPROCESS 0x866C7358 ] PID: 1520, 167936 bytes
0x03530000 Hidden Image-->OpenHardwareMonitorLib.dll [ EPROCESS 0x866C7358 ] PID: 1520, 225280 bytes
0x03880000 Hidden Image-->IPCServer.dll [ EPROCESS 0x866C7020 ] PID: 1352, 28672 bytes
0x03890000 Hidden Image-->ISharedIPCInterface.dll [ EPROCESS 0x866C7020 ] PID: 1352, 28672 bytes
0x038B0000 Hidden Image-->AdminCmdAgent.dll [ EPROCESS 0x866C7020 ] PID: 1352, 36864 bytes
0x032F0000 Hidden Image-->FirmwareUpdateAgent.Common.dll [ EPROCESS 0x866C7020 ] PID: 1352, 380928 bytes
0x038C0000 Hidden Image-->CommonModule.dll [ EPROCESS 0x866C7020 ] PID: 1352, 610304 bytes

OTL logfile created on: 06/10/2011 22:07:33 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Sloth\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1023.23 Mb Total Physical Memory | 366.43 Mb Available Physical Memory | 35.81% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 75.92% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 64.72 Gb Free Space | 86.85% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 34.28 Gb Free Space | 23.00% Space Free | Partition Type: NTFS

Computer Name: BOND | User Name: Sloth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/10 22:06:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sloth\Desktop\OTL.exe
PRC - [2011/05/25 18:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/19 09:24:34 | 000,200,704 | ---- | M] () -- D:\Applications\Utils\Open Hardware Monitor\OpenHardwareMonitor.exe
PRC - [2011/05/01 10:19:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/04/29 01:24:08 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/08 01:28:48 | 004,141,056 | ---- | M] () -- D:\Applications\Utils\qlock\Qlock\qlock.exe
PRC - [2007/01/02 09:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2005/07/19 16:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2004/09/20 14:50:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/01/08 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2011/06/10 22:06:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sloth\Desktop\OTL.exe
MOD - [2010/08/24 04:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/01/08 09:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2004/01/08 09:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (HidServ)
SRV - [2011/05/25 18:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2011/03/20 11:06:15 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2011/01/13 17:23:02 | 000,129,440 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/09/14 04:24:00 | 003,511,496 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/05/28 18:25:04 | 000,233,472 | ---- | M] (Teruten) [On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (WinRing0_1_2_0)
DRV - [2011/04/27 14:19:28 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/02/17 11:41:00 | 000,297,888 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2011/01/03 20:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 20:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/01/03 20:38:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/01/03 20:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/12/21 17:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 17:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/12/21 17:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/21 17:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/12/18 23:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/05/28 18:25:04 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/25 13:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/06/08 07:37:56 | 000,132,904 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2008/06/08 07:37:46 | 000,011,304 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 21:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/31 15:23:20 | 000,131,184 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/31 15:22:28 | 000,178,736 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/08/24 08:03:16 | 000,155,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfsyn.sys -- (CTSFSYN)
DRV - [2004/08/13 17:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/02/14 10:55:12 | 000,471,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2002/09/20 09:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2001/08/18 02:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [1996/04/04 07:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1844237615-484061587-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1844237615-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1844237615-484061587-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8
FF - prefs.js..network.proxy.backup.ftp: "222.124.34.211"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "222.124.34.211"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "222.124.34.211"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "118.97.75.226"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "118.97.75.226"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "118.97.75.226"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "118.97.75.226"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 10:19:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/28 21:18:16 | 000,000,000 | ---D | M]

[2010/11/21 16:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sloth\Application Data\Mozilla\Extensions
[2011/03/25 09:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sloth\Application Data\Mozilla\Firefox\Profiles\dhoqsijl.default\extensions
[2011/02/18 22:42:16 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Sloth\Application Data\Mozilla\Firefox\Profiles\dhoqsijl.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/11/25 06:09:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sloth\Application Data\Mozilla\Firefox\Profiles\dhoqsijl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/08 23:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/15 10:05:12 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/08 23:10:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SLOTH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DHOQSIJL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/05/01 10:19:57 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/06/08 23:09:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 20:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/03/06 07:43:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-1844237615-484061587-725345543-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1844237615-484061587-725345543-1003..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1844237615-484061587-725345543-1003..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1844237615-484061587-725345543-1003..\Run: [OpenHardwareMonitor] D:\Applications\Utils\Open Hardware Monitor\OpenHardwareMonitor.exe ()
O4 - HKU\S-1-5-21-1844237615-484061587-725345543-1006..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\Sloth\Start Menu\Programs\Startup\qlock.lnk = D:\Applications\Utils\qlock\Qlock\qlock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-484061587-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1844237615-484061587-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1844237615-484061587-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1844237615-484061587-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1844237615-484061587-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1844237615-484061587-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1844237615-484061587-725345543-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1844237615-484061587-725345543-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1844237615-484061587-725345543-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1844237615-484061587-725345543-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290313502937 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290902245890 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - D:\internet\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/21 14:22:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/10 22:06:18 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sloth\Desktop\OTL.exe
[2011/06/10 21:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rootkit Unhooker LE
[2011/06/10 21:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sloth\Desktop\MustBeRandomlyNamed
[2011/06/10 21:52:43 | 000,719,574 | ---- | C] (UG North ) -- C:\Documents and Settings\Sloth\Desktop\RkU3.8.388.590.exe
[2011/06/08 23:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/08 23:10:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/08 23:10:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/08 23:10:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/08 23:10:08 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/08 23:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/06/04 21:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sloth\Start Menu\Programs\SpeedFan
[2011/06/04 21:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/06/04 00:20:07 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220150.dll
[2011/06/04 00:20:07 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322090.dll
[2011/05/28 21:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/05/28 21:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/05/28 20:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sloth\Application Data\go
[2011/05/28 20:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2011/05/23 17:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ryzom
[2011/05/23 10:31:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/22 11:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/05/22 11:39:23 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220140.dll
[2011/05/22 11:39:23 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322060.dll
[2011/05/22 11:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/05/22 11:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sloth\Application Data\SystemRequirementsLab
[2011/05/15 22:28:38 | 000,000,000 | ---D | C] -- C:\Temp
[2011/05/15 22:04:44 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/15 10:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/15 10:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/15 10:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2011/06/10 22:06:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sloth\Desktop\OTL.exe
[2011/06/10 21:52:08 | 000,629,057 | ---- | M] () -- C:\Documents and Settings\Sloth\Desktop\RkU3.8.388.590.rar
[2011/06/10 19:18:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/10 19:18:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/08 23:09:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/08 23:09:49 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/08 23:09:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/08 23:09:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/08 23:09:49 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/07 19:09:50 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/04 22:42:45 | 000,273,952 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/04 22:42:45 | 000,273,952 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/04 22:42:45 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/04 21:36:06 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/05/29 00:04:48 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Sloth\Desktop\HiJackThis.lnk
[2011/05/25 18:09:23 | 000,111,208 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2011/05/25 18:09:23 | 000,054,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2011/05/25 18:09:22 | 013,895,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2011/05/25 18:09:21 | 016,068,608 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2011/05/25 18:09:21 | 002,808,936 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2011/05/25 18:09:21 | 002,123,582 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2011/05/25 18:09:21 | 002,082,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2011/05/25 18:09:21 | 000,899,688 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220150.dll
[2011/05/25 18:09:21 | 000,865,896 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322090.dll
[2011/05/25 18:09:21 | 000,543,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\easyupdatusapiu.dll
[2011/05/25 18:09:21 | 000,145,000 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2011/05/25 18:09:21 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/05/25 18:09:21 | 000,003,249 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/05/25 18:09:20 | 013,004,800 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2011/05/25 18:09:20 | 012,753,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2011/05/25 18:09:20 | 005,332,992 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2011/05/25 18:09:20 | 004,198,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2011/05/25 18:09:20 | 002,328,576 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2011/05/23 17:28:44 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ryzom.lnk
[2011/05/15 22:25:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011/05/15 00:24:38 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\Sloth\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk

========== Files Created - No Company Name ==========

[2011/06/10 21:52:07 | 000,629,057 | ---- | C] () -- C:\Documents and Settings\Sloth\Desktop\RkU3.8.388.590.rar
[2011/06/04 21:36:05 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/06/04 00:20:07 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/05/23 17:28:44 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ryzom.lnk
[2011/05/15 22:25:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011/04/24 00:31:22 | 000,086,590 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1844237615-484061587-725345543-1003-0.dat
[2011/04/24 00:31:21 | 000,950,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/24 00:31:20 | 000,086,590 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/04/23 21:56:16 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/04/23 21:56:16 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/04/23 21:55:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Sloth\Application Data\$_hpcst$.hpc
[2011/04/21 22:03:10 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\Sloth\Application Data\default.pls
[2011/04/13 20:51:06 | 000,273,952 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/13 20:51:02 | 000,273,952 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/13 20:51:02 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/21 12:21:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/08 14:41:06 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/03/08 14:41:04 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/03/08 14:41:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/03/08 14:41:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/03/08 14:41:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/02/17 19:51:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/29 16:48:13 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2010/11/29 16:47:51 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/11/28 11:44:26 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/11/22 08:03:36 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/11/22 02:50:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/22 02:49:20 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/21 20:28:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/21 16:00:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/21 15:57:22 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2010/11/21 15:57:22 | 000,414,208 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2010/11/21 15:57:22 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2010/11/21 14:25:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/21 14:19:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/08 06:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/08/29 15:57:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/24 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 10:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/24 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/24 09:00:00 | 000,502,808 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/24 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/24 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/24 09:00:00 | 000,088,206 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/24 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/24 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/24 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996/04/04 07:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >

OTL Extras logfile created on: 06/10/2011 22:07:33 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Sloth\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1023.23 Mb Total Physical Memory | 366.43 Mb Available Physical Memory | 35.81% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 75.92% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 64.72 Gb Free Space | 86.85% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 34.28 Gb Free Space | 23.00% Space Free | Partition Type: NTFS

Computer Name: BOND | User Name: Sloth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1844237615-484061587-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\games\Xsyon\Xsyon Launcher.exe" = D:\games\Xsyon\Xsyon Launcher.exe:*:Enabled:Xsyon
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"D:\games\Subagames\Pristontale\XTrap\XTrap.xt" = D:\games\Subagames\Pristontale\XTrap\XTrap.xt:*:Enabled:XTrap.xt
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"D:\games\Ryzom\client_ryzom_rd.exe" = D:\games\Ryzom\client_ryzom_rd.exe:*:Enabled:client_ryzom_rd.exe -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 2.9.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9FFC925-E27E-436E-A2DF-652324D51033}" = Nero 8
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = Digital Audio MB
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"QcDrv" = Logitech® Camera Driver
"Ryzom" = Ryzom
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1844237615-484061587-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Wurm Online 2.7.5g" = Wurm Online 2.7.5g
"Wurm Online 3.0.0-3088 [unstable]" = Wurm Online 3.0.0-3088 [unstable]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/04/2011 05:23:16 | Computer Name = BOND | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 06/04/2011 06:36:51 | Computer Name = BOND | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 06/04/2011 17:36:33 | Computer Name = BOND | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 06/05/2011 18:27:08 | Computer Name = BOND | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 06/07/2011 03:06:48 | Computer Name = BOND | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 06/07/2011 06:37:49 | Computer Name = BOND | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.3.0.111, faulting module
skype.exe, version 5.3.0.111, fault address 0x005dd938.

Error - 06/08/2011 03:05:47 | Computer Name = BOND | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 06/08/2011 06:31:42 | Computer Name = BOND | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 06/09/2011 02:58:22 | Computer Name = BOND | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 06/10/2011 03:18:56 | Computer Name = BOND | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ System Events ]
Error - 05/28/2011 05:02:10 | Computer Name = BOND | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 f4127000, parameter2 00000001, parameter3
bd05454a, parameter4 00000000.

Error - 05/28/2011 05:18:17 | Computer Name = BOND | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service nosGetPlusHelper
with arguments "" in order to run the server: {B0BCB3C3-479E-49FD-BB47-5FC0D340AB98}

Error - 05/28/2011 05:18:18 | Computer Name = BOND | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service nosGetPlusHelper
with arguments "" in order to run the server: {B0BCB3C3-479E-49FD-BB47-5FC0D340AB98}

Error - 05/28/2011 05:20:06 | Computer Name = BOND | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service nosGetPlusHelper
with arguments "" in order to run the server: {B0BCB3C3-479E-49FD-BB47-5FC0D340AB98}

Error - 05/28/2011 05:20:06 | Computer Name = BOND | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service nosGetPlusHelper
with arguments "" in order to run the server: {B0BCB3C3-479E-49FD-BB47-5FC0D340AB98}

Error - 05/28/2011 18:07:03 | Computer Name = BOND | Source = Cdrom | ID = 262159
Description = The device, \Device\CdRom2, is not ready for access yet.

Error - 06/01/2011 03:45:48 | Computer Name = BOND | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 f4107000, parameter2 00000001, parameter3
bd05454a, parameter4 00000000.

Error - 06/04/2011 05:23:52 | Computer Name = BOND | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00052919, parameter2 000000ff, parameter3
00000001, parameter4 806f0c10.

Error - 06/04/2011 06:37:46 | Computer Name = BOND | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 b735c382, parameter2 00000001, parameter3
bd05486a, parameter4 00000000.

Error - 06/04/2011 18:02:28 | Computer Name = BOND | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bd0545ca, parameter3
b7452a38, parameter4 00000000.

< End of report >

This post has been edited by SweetTech: 10 June 2011 - 08:50 AM
Reason for edit: expanded logs.--ST

#4 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 10 June 2011 - 08:54 AM

Hi!

For future logs please note the follow item in my intro speech;

Quote

Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.

Did you set these proxies in Firefox?

Quote

FF - prefs.js..network.proxy.backup.ftp: "222.124.34.211"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "222.124.34.211"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "222.124.34.211"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "118.97.75.226"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "118.97.75.226"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "118.97.75.226"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "118.97.75.226"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
DRV - File not found [Kernel | On_Demand | Running] -- -- (WinRing0_1_2_0)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1844237615-484061587-725345543-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1844237615-484061587-725345543-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1844237615-484061587-725345543-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1844237615-484061587-725345543-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#5 Zonkers

Member

Group: Members
Posts: 27
Joined: 26-February 11

Posted 11 June 2011 - 04:36 AM

Quote

Did you set these proxies in Firefox?

I think I had tried a couple of free proxy servers once to test access to web sites I had trouble with at the time my ISP was having problems

Quote

OTL Fix

before I paste log file, when my pc rebooted it got to the POST screen, did the auto scan for the hard drives then scaned for USB mass storage devices said there were 2 (and some other words, I forgot to write down). I only have a USB camera and mouse attached. Then said warning cpu fan stopped or words to that effect, press F1 to continue. My CPU fan was spinning fine tho. My PC got about half way loading windows then reboot by itself, no blue screen. I picked the boot normally option and the desktop came up. Floopy drive started to check about 5 times at different time intervals tho.

Anyway here is this log file

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service WinRing0_1_2_0 stopped successfully!
Service WinRing0_1_2_0 deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1844237615-484061587-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1844237615-484061587-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1844237615-484061587-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1844237615-484061587-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== REGISTRY ==========
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Sloth\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sloth\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Unable to start service SrService!
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Sloth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4100471 bytes
->Java cache emptied: 18282140 bytes
->FireFox cache emptied: 123172397 bytes
->Flash cache emptied: 65538 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49596 bytes
Session Manager Temp folder emptied: 38246800 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 176.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
User: Sloth
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.23.0 log created on 06112011_195237

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Quote

Malwarebytes' Anti-Malware

I choose to use their trial full version on the update

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6833

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/11/2011 20:09:22
mbam-log-2011-06-11 (20-09-22).txt

Scan type: Quick scan
Objects scanned: 160515
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Quote

ESET Online Scanner

This ran first time for only 7 + min for about 3-4000 files which seemed strange so I restarted it and then this is the screen shot of the last page no export option..

Quote

Security Check

 Results of screen317's Security Check version 0.99.13  
 Windows XP Service Pack 3  
 Internet Explorer 8  
[b]`````````````````````````````` 
[u]Antivirus/Firewall Check:[/u][/b] 
 Windows Firewall Enabled!  
 ESET Online Scanner v3   
 [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] 
[b]``````````````````````````````` 
[u]Anti-malware/Other Utilities Check:[/u][/b] 
 Malwarebytes' Anti-Malware    
 Java(TM) 6 Update 26  
 Adobe Flash Player 	10.3.181.22  
Adobe Reader X (10.0.1) 
[b]```````````````````````````````` 
Process Check:  
[u]objlist.exe by Laurent[/u][/b] 
 Malwarebytes' Anti-Malware mbamservice.exe  
[b]``````````End of Log````````````[/b]

#6 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 11 June 2011 - 09:09 AM

Hi!

Quote

I think I had tried a couple of free proxy servers once to test access to web sites I had trouble with at the time my ISP was having problems

Okay.

Quote

Okay. I'm going to have you post in the Windows XP forum for this issue. Please be sure to include a link to this thread, so that they can see what we've done so far.

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

No Anti-Virus Present

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors

Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
avast! 6 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.
Copy and Paste the following code into the textbox.
```
:Commands
[ClearAllRestorePoints]
```
Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

NEXT:

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.

Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Extra Goodies

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:
- Open Malwarebytes' Anti-Malware
- Select the Update tab
- Click Check for Updates
Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for Chrome and Opera.
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

#7 Zonkers

Member

Group: Members
Posts: 27
Joined: 26-February 11

Posted 11 June 2011 - 04:23 PM

thanks again for your help I'll post to this now

#8 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 11 June 2011 - 04:27 PM

You're more than welcome! I'm glad that we were able to work together to solve the issues you were experiencing with your computer.

Please take care!

Kindest Regards,
SweetTech.

____________________________________________________

Since it appears that the issues you were experiencing with your computer have been resolved, I am going to close this thread. If you should need the thread re-opened please send me a Private Message (PM) with a request to re-open the thread, as well as the link to the thread in question, and I'd be happy to re-open the thread.