Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help! Redirections, all browsers on XP SP2, msb.dll among others...


  • This topic is locked This topic is locked
43 replies to this topic

#1 Dellaclearing

Dellaclearing

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 11 May 2009 - 08:30 PM

Hello everyone,
I'm having big problems with my laptop at the moment, whenever I browse using firefox or internet explorer almost all links opened do so in a new tab and redirect me to various sites such as tebe.us or installtoolsforfree.com. Basically I'm being hijacked but I'm absolutely stumped as to how to remove this problem. I've tried Spybot, AVG, Trend Micro housecall, Malware bytes, Kaspersky, none of them can clean this infection out!

Part 2 of the problem is that for the last week whenever I plug a USB memory stick into my laptop Windows XP sp2 acknowledges that a drive has been inserted because I hear the little "DoDoo" jingle but it doesn't show in My Computer or in disk management, but it does show in device manager. I've tried changing drive letters to see if there was a conflict somewhere but no joy. I'm not sure if the hijacker messing around with my registry has stopped my USB drives working, but my USB mouse is working fine. Maybe the 2 problems are unrelated, but all my memory sticks were functioning perfectly until a week ago.

I have some pretty important files I need to keep and I would've just put them onto a memory stick and then re-installed windows if I could but I can't access my removable storage, CD drive is broken so it looks like I'm just gonna have to find a way to remove this malware!

I know I'll need to post hijackthis and maybe combofix reports but I don't understand what any of it means, so what I'm asking is if anyone would be so kind as to please look through my logs and guide me through the cleaning and repair process?
Thanks in advance.


DDS (Ver_09-03-16.01) - NTFSx86
Run by GINGE at 2:32:56.75 on 12/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1263.607 [GMT 1:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\system32\WService.EXE
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\\?\globalroot\systemroot\system32\rundll32.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\GINGE\Desktop\HiJackThis.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\GINGE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer provided by Wanadoo
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
TB: {8B68564D-53FD-4293-B80C-993A9F3988EE} - No File
TB: &AEVITA Save Flash: {33973600-925a-11d9-a1f6-9234c84d2622} - c:\progra~1\aevita~1\SAVEFL~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [MsServer] msfun80.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [autochk] rundll32.exe c:\docume~1\ginge\protect.dll,_IWMPEvents@16
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_03\bin\jusched.exe
mRun: [EPSON Stylus C42 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB002" /M "Stylus C42"
mRun: [WService] WService.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [BigDog305] c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles
mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRun: [<NO NAME>] c:\windows\temp\hfd56.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\hfd56.exe
dRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@16
StartupFolder: c:\docume~1\ginge\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Save F&lash with FlashCapture - c:\program files\flashcapture\fciext.dll/FCIEXT.htm
IE: Search with Wanadoo - c:\progra~1\wanadoo\wsbar\WSBar.dll/VSearch.htm
IE: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - res://c:\program files\flashcapture\fciext.dll/FCIEXT.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - {33973600-925A-11D9-A1F6-9234C84D2622} - c:\progra~1\aevita~1\SAVEFL~1.DLL
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {CCB0BC61-AA25-42AB-B0F3-9FB55D235413} = 208.67.222.222,208.67.220.220
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: karna.dat ,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ginge\applic~1\mozilla\firefox\profiles\lp6bkb9j.default\
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-5-10 226832]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]
R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2005-2-23 53248]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2003-12-3 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
S2 TwonkyMedia;TwonkyMedia;c:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-9-27 20608]
S3 CA_LIC_CLNT;CA License Client;c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [2005-3-23 126976]
S3 gkmixern;gkmixern;\??\c:\docume~1\ginge\locals~1\temp\gkmixern.sys --> c:\docume~1\ginge\locals~1\temp\gkmixern.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-9-1 40832]
S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys [2009-2-4 474368]
S3 ZD1211U(PLANET Technology Corp.);PLANET WL-U356A Driver(PLANET Technology Corp.);c:\windows\system32\drivers\ZD1211U.sys [2007-9-27 280064]
S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\drivers\usbVM305.sys [2009-2-4 1466624]

=============== Created Last 30 ================

2009-05-10 22:04 24,064 a--sh--- c:\documents and settings\ginge\protect.dll
2009-05-10 02:44 27,648 a------- c:\windows\system32\lmn_setup.exe
2009-05-10 02:44 24,064 a--sh--- c:\windows\system32\autochk.dll
2009-05-10 01:25 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-05-10 01:25 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-05-10 01:23 <DIR> --d----- c:\program files\Kaspersky Lab
2009-05-10 01:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-05-09 21:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-09 03:47 <DIR> --d----- c:\program files\CCleaner
2009-05-08 01:57 49,152 a------- c:\windows\system32\algsrvs.exe
2009-05-06 00:29 <DIR> --d----- c:\program files\common files\DivX Shared
2009-05-02 00:27 <DIR> --d----- c:\windows\system32\NtmsData
2009-05-01 00:42 1 a------- c:\windows\system32\uniq.tll
2009-04-25 09:42 <DIR> --d----- c:\docume~1\ginge\applic~1\Nowe Gadu-Gadu
2009-04-25 09:38 <DIR> --d----- c:\program files\Nowe Gadu-Gadu
2009-04-17 13:17 399,360 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-17 13:17 283,648 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-17 13:17 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-17 13:17 60,416 -c------ c:\windows\system32\dllcache\colbact.dll
2009-04-17 13:17 35,328 -c------ c:\windows\system32\dllcache\sc.exe
2009-04-17 13:17 473,088 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-17 13:17 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 13:17 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 13:17 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-17 13:17 616,960 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-17 13:15 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-10 01:35 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-05-01 00:18 51,712 a--sh--- c:\windows\system32\ribeyofe.exe
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-03 02:11 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-03 02:11 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-06 15:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-24 20:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 20:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 20:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 20:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 20:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 20:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-24 05:10 130 a---h--- c:\docume~1\ginge\applic~1\brara1985.sys
2009-02-20 19:09 78,336 a------- c:\windows\system32\ieencode.dll
2008-11-12 02:19 17,465 a------- c:\program files\common files\uvyrygyqiv.dl
2008-11-12 02:19 19,639 a------- c:\program files\common files\teruso.inf
2008-11-12 02:19 14,177 a------- c:\docume~1\alluse~1\applic~1\vacarudiv.scr
2008-11-12 02:19 13,657 a------- c:\docume~1\alluse~1\applic~1\oxuzev.pif
2008-11-12 02:19 11,312 a------- c:\docume~1\alluse~1\applic~1\ugutiwimi.pif
2006-07-22 17:51 278,528 ac------ c:\program files\common files\FDEUnInstaller.exe
2006-04-21 19:56 24,192 a------- c:\documents and settings\ginge\usbsermptxp.sys
2006-04-21 19:56 22,768 a------- c:\documents and settings\ginge\usbsermpt.sys

============= FINISH: 2:34:58.92 ===============

Attached Files


Edited by Dellaclearing, 11 May 2009 - 08:40 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:31 PM

Posted 12 May 2009 - 05:45 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Dellaclearing

Dellaclearing
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 12 May 2009 - 08:38 PM

Hi Sam, thanks for your help!

I've tried running Malware bytes but a new problem has developed today, I keep getting windows popping up telling me that various programs have to close, for example: "Malwarebytes' Anti-Malware have encountered a problem and needs to close. We are sorry for the inconvenience". This seems to happen after it has been scanning for about 8 minutes and so far had found 9 infections. One window will pop up, and then a minute or so later another window will pop up telling me something else has encountered an error and has to close.

So far I've been unsuccesful in performing a complete scan before Malware bytes terminates. This has only started happening today, so far I've had Kaspersky, Nokia music player, Malware bytes and something called Dr Watson all close on me. I don't even know what the Dr Watson thing is so it's a bit suspicious, but this laptop used to belong to my brother and could be something he installed.
I'm going to continue trying to get a scan out of Malware bytes so please be patient with me!

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:31 PM

Posted 13 May 2009 - 03:14 PM

If you're still having trouble with malwarebytes, skip it for now and just proceed with OTListIt2.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Dellaclearing

Dellaclearing
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 13 May 2009 - 09:03 PM

Hey Sam, I've tried a few times to get Malware bytes to complete a scan but without any luck I'm afraid. I booted in safe mode today and got about 9 minutes into the scan again before it encountered an error and had to close! It had found 17 infections at that point though which is more than last time. I have my windows firewall activated so maybe it's something that replicates or maybe Windows firewall isn't very good!!

As requested, here is my OTListIt scan log, I'm just glad this one didn't terminate before it finished!

OTListIt logfile created on: 14/05/2009 01:55:25 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\GINGE\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.23 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 63.33% Memory free
1.44 Gb Paging File | 1.17 Gb Available in Paging File | 81.40% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 0.62 Gb Free Space | 2.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GINGERMAN
Current User Name: GINGE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/05/10 01:35:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2007/06/13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/09/03 23:00:18 | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2005/02/23 16:56:12 | 00,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
PRC - [2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2003/09/30 03:41:32 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\DRIVERS\WtSrv.exe
PRC - [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2009/05/10 01:35:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2004/08/04 08:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2009/04/29 12:42:14 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/13 02:04:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GINGE\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/01/25 18:33:07 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/05/10 01:35:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP [Auto | Running])
SRV - [2005/03/23 15:17:00 | 00,126,976 | ---- | M] (Computer Associates International Inc.) -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT [On_Demand | Stopped])
SRV - [2003/09/03 23:00:18 | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/21 20:34:51 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/04 08:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2005/02/23 16:56:12 | 00,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch [Auto | Running])
SRV - [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/03/31 13:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxsap.dll -- (NwSapAgent [Auto | Running])
SRV - [2008/11/11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2008/07/09 15:03:48 | 00,102,400 | ---- | M] (PacketVideo) -- C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- (TwonkyMedia [Auto | Stopped])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2003/09/30 03:41:32 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\DRIVERS\WtSrv.exe -- (WinTabService [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2003/03/13 18:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2003/11/07 16:43:12 | 00,100,109 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2003/09/14 21:16:16 | 00,324,608 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [1999/09/10 12:06:00 | 00,025,244 | R--- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2005/06/08 18:44:20 | 00,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\BRGSp50.sys -- (BRGSp50 [On_Demand | Stopped])
DRV - [2006/08/25 04:47:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Stopped])
DRV - [2006/08/25 04:47:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Stopped])
DRV - [2002/09/25 07:09:12 | 00,140,800 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2003/04/23 11:10:06 | 00,090,907 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005/01/27 01:29:00 | 00,016,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
DRV - [2005/02/11 10:19:20 | 00,055,216 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k750bus.sys -- (k750bus [On_Demand | Stopped])
DRV - [2005/02/11 10:22:48 | 00,081,728 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k750mgmt.sys -- (k750mgmt [On_Demand | Stopped])
DRV - [2005/02/11 10:24:24 | 00,079,488 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k750obex.sys -- (k750obex [On_Demand | Stopped])
DRV - [2008/07/21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
DRV - [2009/05/10 01:35:57 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2009/05/10 01:35:57 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2008/04/30 17:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Stopped])
DRV - [2006/12/14 00:39:28 | 00,040,832 | ---- | M] (Motorola Inc) -- C:\WINDOWS\system32\DRIVERS\motodrv.sys -- (MotDev [On_Demand | Stopped])
DRV - [2006/12/13 17:52:50 | 00,020,992 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2004/02/09 14:06:22 | 00,015,360 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\DRIVERS\NetMotCM.sys -- (ndiscm [On_Demand | Stopped])
DRV - [2003/01/29 14:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2004/08/04 06:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2008/09/15 07:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008/09/15 07:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2004/08/04 07:03:35 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
DRV - [2003/03/31 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
DRV - [2003/03/31 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
DRV - [2006/07/22 17:48:07 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
DRV - [2008/08/26 09:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2003/02/12 09:03:54 | 00,015,143 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\DRIVERS\tossdpci.sys -- (pciSd [On_Demand | Stopped])
DRV - [2004/04/16 07:20:14 | 00,090,700 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\P0620Vid.sys -- (PD0620VID [On_Demand | Stopped])
DRV - [2003/08/11 11:07:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Stopped])
DRV - [2004/03/30 18:29:48 | 00,374,816 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\PRISMA02.sys -- (PRISM_A02 [On_Demand | Stopped])
DRV - [2003/03/31 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/11/15 22:01:32 | 00,036,592 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/12/09 05:53:14 | 00,162,944 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\rt25usbap.sys -- (RT25USBAP [On_Demand | Stopped])
DRV - [2006/05/09 01:26:22 | 00,245,248 | R--- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\DRIVERS\rt73.sys -- (RT73 [On_Demand | Stopped])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/07/10 15:05:46 | 00,578,752 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2002/10/15 23:41:06 | 00,102,220 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys -- (sonypvs1 [On_Demand | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2009/02/25 03:03:13 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/09/23 19:59:56 | 00,002,368 | ---- | M] (AntiCracking) -- C:\WINDOWS\System32\STEC3.sys -- (STEC3 [Auto | Running])
DRV - [2000/06/13 06:32:02 | 00,015,370 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k [On_Demand | Stopped])
DRV - [2003/03/05 10:17:36 | 00,023,202 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\DRIVERS\TClass2k.sys -- (TClass2k [On_Demand | Stopped])
DRV - [2002/09/17 17:12:38 | 00,809,872 | R--- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\LTSM.sys -- (TOSHIBASoftModem [On_Demand | Stopped])
DRV - [2002/04/06 20:50:56 | 00,019,607 | ---- | M] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt [Auto | Running])
DRV - [2003/05/14 18:38:32 | 00,025,888 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tsdhd.sys -- (tsdhd [On_Demand | Stopped])
DRV - [2003/08/07 16:52:00 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALZ.SYS -- (TVALZ [Boot | Running])
DRV - [2003/03/05 08:00:44 | 00,011,090 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\DRIVERS\UCTblHid.sys -- (UCTblHid [On_Demand | Stopped])
DRV - [2004/06/11 12:31:20 | 00,135,168 | ---- | M] () -- C:\WINDOWS\UNDPX2A.exe -- (UNDPX2A [On_Demand | Stopped])
DRV - [2008/09/15 07:56:24 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2004/08/04 08:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/08/04 07:08:42 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/09/15 07:56:34 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2006/04/21 19:56:15 | 00,022,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbsermpt.sys -- (usbsermpt [On_Demand | Stopped])
DRV - [2007/02/02 22:38:22 | 00,474,368 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\system32\drivers\vvftav.sys -- (vvftav [On_Demand | Stopped])
DRV - [2006/02/23 07:52:54 | 00,280,576 | R--- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys -- (W8335XP [On_Demand | Running])
DRV - [2005/10/04 15:38:24 | 00,280,064 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211u.sys -- (ZD1211U(PLANET Technology Corp.) [On_Demand | Stopped])
DRV - [2004/10/25 13:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys -- (ZDPSp50 [On_Demand | Stopped])
DRV - [2007/03/08 20:05:32 | 01,466,624 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\System32\Drivers\usbVM305.sys -- (ZSMC0305 [On_Demand | Stopped])
DRV - [2003/04/23 11:15:06 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running])
DRV - [2003/04/23 11:14:56 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running])
DRV - [2003/04/23 11:10:12 | 00,033,335 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\wA301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Freeserve
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.orange.co.uk/all?brand=ouk&a...q={searchTerms}
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\S-1-5-21-2048593784-4278770947-2189496851-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {F929D232-8986-4E61-8888-B5D237BEB041}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 12:42:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/06 00:31:15 | 00,000,000 | ---D | M]

[2008/11/27 13:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GINGE\Application Data\mozilla\Extensions
[2008/11/27 13:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GINGE\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/09 03:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GINGE\Application Data\mozilla\Firefox\Profiles\lp6bkb9j.default\extensions
[2009/05/13 02:34:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 12:42:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/01 00:12:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{F929D232-8986-4E61-8888-B5D237BEB041}
[2009/04/29 12:42:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 12:42:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/29 12:42:25 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/04/29 12:42:25 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/29 12:42:25 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/04/29 12:42:25 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/29 12:42:25 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/04/29 12:42:25 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/29 12:42:25 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/29 12:42:25 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (&AEVITA Save Flash) - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\Program Files\AEVITA Save Flash\saveflash.dll ()
O3 - HKLM\..\Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 ( )
O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
O4 - HKU\.DEFAULT..\Run: [] C:\WINDOWS\TEMP\hfd56.exe ()
O4 - HKU\.DEFAULT..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 ( )
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\hfd56.exe ()
O4 - HKU\S-1-5-18..\Run: [] C:\WINDOWS\TEMP\hfd56.exe ()
O4 - HKU\S-1-5-18..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 ( )
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\hfd56.exe ()
O4 - Startup: C:\Documents and Settings\GINGE\Start Menu\Programs\Startup\ChkDisk.dll ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm (Dreamingsoft, Inc.)
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\Program Files\AEVITA Save Flash\saveflash.dll ()
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (Dreamingsoft, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (karna.dat) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/03 13:09:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/10 01:34:28 | 00,000,055 | -HS- | M] () - C:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{23d5b205-dcbf-11dc-ad01-00080d1fa5fa}\Shell\Auto\command - "" = G:\fun.xls.exe -- File not found
O33 - MountPoints2\{23d5b205-dcbf-11dc-ad01-00080d1fa5fa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8f59c37e-8349-11db-ac3f-00080d1fa5fa}\Shell\Auto\command - "" = E:\fun.xls.exe -- File not found
O33 - MountPoints2\{8f59c37e-8349-11db-ac3f-00080d1fa5fa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b09db27f-ec5a-11dd-9df0-00080d1fa5fa}\Shell\Auto\command - "" = G:\fun.xls.exe -- File not found
O33 - MountPoints2\{b09db27f-ec5a-11dd-9df0-00080d1fa5fa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f1bbf905-24e7-11dd-9c58-00080d1fa5fa}\Shell\Auto\command - "" = E:\fun.xls.exe -- File not found
O33 - MountPoints2\{f1bbf905-24e7-11dd-9c58-00080d1fa5fa}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2009/05/13 14:51:20 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/13 14:51:19 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/13 14:51:17 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/13 14:51:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/13 14:50:22 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\GINGE\Desktop\mbam-setup(2).exe
[2009/05/13 03:04:33 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/13 03:00:40 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/13 02:24:20 | 00,024,064 | -HS- | C] ( ) -- C:\Documents and Settings\GINGE\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/13 02:24:20 | 00,000,649 | -HS- | C] () -- C:\Documents and Settings\GINGE\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/13 02:04:46 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GINGE\Desktop\OTListIt2.exe
[2009/05/12 02:32:31 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\dds.scr
[2009/05/11 20:58:24 | 00,001,384 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Buy DivX for Windows.lnk
[2009/05/11 13:46:18 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\GINGE\Desktop\HiJackThis.exe
[2009/05/10 02:44:59 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\lmn_setup.exe
[2009/05/10 02:44:30 | 00,024,064 | -HS- | C] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/10 01:25:20 | 00,101,287 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/05/10 01:25:20 | 00,089,601 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/05/10 01:23:15 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/05/10 01:23:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/05/10 01:22:46 | 00,226,832 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/05/09 22:53:22 | 64,470,784 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\GINGE\Desktop\avg_free_stf_en_85_325a1500.exe
[2009/05/09 21:49:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/05/09 10:51:49 | 00,000,488 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\New Wordpad Document.doc
[2009/05/09 04:06:33 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\GINGE\Desktop\setup-spybotsd162.exe
[2009/05/09 03:50:21 | 00,585,918 | ---- | C] () -- C:\Documents and Settings\GINGE\My Documents\cc_20090509_035009.reg
[2009/05/09 03:47:50 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/09 03:46:02 | 03,227,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\GINGE\Desktop\ccsetup219.exe
[2009/05/09 03:39:03 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\GooredFix.exe
[2009/05/09 02:55:45 | 00,827,876 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\havannas price list.php
[2009/05/08 02:27:06 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\Shortcut to iexplore.lnk
[2009/05/08 01:57:16 | 00,049,152 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\algsrvs.exe
[2009/05/06 00:31:06 | 00,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/05/06 00:29:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/05/05 01:52:37 | 01,144,998 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\LifeGuardinthePool.wmv
[2009/05/05 01:52:14 | 03,058,176 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\_Állati
[2009/05/05 01:23:30 | 00,025,691 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\setmenuandcreditcrunch.pdf
[2009/05/02 00:27:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/01 13:47:32 | 00,175,104 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\management_application_may08.doc
[2009/05/01 01:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GINGE\Desktop\Garmin XT SatNav stuff
[2009/05/01 00:42:19 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/25 09:42:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GINGE\Application Data\Nowe Gadu-Gadu
[2009/04/25 09:38:17 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu
[2009/04/23 13:06:50 | 00,588,116 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\39.jpg
[2009/04/20 12:50:03 | 00,000,220 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\Irek Mechanic.doc
[2009/04/17 13:17:22 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/17 13:17:22 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/17 13:17:22 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/17 13:17:22 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/17 13:17:22 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/17 13:17:21 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/17 13:17:21 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/17 13:17:21 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/17 13:17:20 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/17 13:17:20 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/17 13:15:15 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/02/25 03:03:08 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/04 23:51:40 | 00,000,900 | ---- | C] () -- C:\WINDOWS\rm305.ini
[2009/02/04 18:37:52 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\vmcoinst_vc0305.dll
[2008/10/28 16:52:00 | 00,003,584 | ---- | C] () -- C:\WINDOWS\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/06 22:52:33 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/18 16:16:55 | 00,000,001 | ---- | C] () -- C:\WINDOWS\pvc11.dll
[2007/07/22 20:44:29 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\svighost.dll
[2007/07/22 20:29:09 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\ispnet.dll
[2007/03/01 17:07:12 | 01,117,184 | ---- | C] () -- C:\WINDOWS\System32\swfExt.dll
[2007/03/01 17:07:12 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\flash_lib.dll
[2007/01/24 16:09:14 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/01/11 17:49:18 | 00,006,556 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2007/01/11 17:49:18 | 00,001,907 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2006/12/30 22:08:33 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/24 17:57:42 | 00,053,693 | ---- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2006/12/24 17:25:56 | 00,003,563 | ---- | C] () -- C:\WINDOWS\DNAPrinters.ini
[2006/12/09 14:15:02 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/11/15 22:01:35 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/05/01 17:12:24 | 00,000,327 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/04/18 16:14:17 | 00,000,021 | ---- | C] () -- C:\WINDOWS\ME_setup.ini
[2006/01/08 20:40:13 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/01/07 14:13:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2005/12/07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/10/25 20:23:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/09/23 20:08:00 | 00,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2005/09/11 16:17:31 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2005/07/12 14:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/05/29 02:45:43 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2004/03/23 16:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/12/04 12:40:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/04 12:29:11 | 00,006,202 | ---- | C] () -- C:\WINDOWS\TcdsASCD.ini
[2003/12/04 12:28:45 | 00,006,679 | ---- | C] () -- C:\WINDOWS\Tcds.ini
[2003/12/03 16:45:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2003/12/03 16:45:35 | 00,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2003/12/03 16:28:16 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2003/12/03 16:28:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2003/12/03 16:28:16 | 00,010,256 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2003/12/03 16:28:16 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2003/12/03 16:22:27 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/12/03 13:56:20 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/12/03 13:16:25 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/03 11:56:17 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/12/03 11:55:52 | 00,000,881 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/12/03 11:55:49 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/09/23 13:14:42 | 01,099,264 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2003/08/10 15:59:20 | 00,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2003/08/09 01:28:16 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2001/10/09 03:54:34 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2000/11/29 10:50:40 | 00,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/14 01:29:08 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/14 01:29:07 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/14 01:28:31 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\GINGE\Local Settings\desktop.ini
[2009/05/14 01:28:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/14 01:28:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 14:51:20 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/13 14:50:41 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\GINGE\Desktop\mbam-setup(2).exe
[2009/05/13 13:31:13 | 00,000,881 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/13 13:31:13 | 00,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/13 13:31:13 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/05/13 13:28:20 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/13 03:04:33 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/13 02:24:21 | 00,000,649 | -HS- | M] () -- C:\Documents and Settings\GINGE\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/13 02:24:20 | 00,024,064 | -HS- | M] ( ) -- C:\Documents and Settings\GINGE\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/13 02:04:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GINGE\Desktop\OTListIt2.exe
[2009/05/12 02:32:31 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\dds.scr
[2009/05/11 20:58:24 | 00,001,384 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Buy DivX for Windows.lnk
[2009/05/11 13:46:18 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\GINGE\Desktop\HiJackThis.exe
[2009/05/10 22:17:08 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\lmn_setup.exe
[2009/05/10 21:59:43 | 00,024,064 | -HS- | M] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/10 14:16:11 | 00,049,152 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\algsrvs.exe
[2009/05/10 01:35:57 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/05/10 01:35:57 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys
[2009/05/10 01:35:56 | 00,101,287 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/05/10 01:35:56 | 00,089,601 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/05/10 01:34:28 | 00,000,055 | -HS- | M] () -- C:\AUTORUN.INF
[2009/05/09 23:04:07 | 64,470,784 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\GINGE\Desktop\avg_free_stf_en_85_325a1500.exe
[2009/05/09 22:57:24 | 00,000,488 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\New Wordpad Document.doc
[2009/05/09 04:07:37 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\GINGE\Desktop\setup-spybotsd162.exe
[2009/05/09 03:50:46 | 00,585,918 | ---- | M] () -- C:\Documents and Settings\GINGE\My Documents\cc_20090509_035009.reg
[2009/05/09 03:46:12 | 03,227,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\GINGE\Desktop\ccsetup219.exe
[2009/05/09 03:39:04 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\GooredFix.exe
[2009/05/09 02:55:49 | 00,827,876 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\havannas price list.php
[2009/05/08 02:27:06 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\Shortcut to iexplore.lnk
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 00:31:06 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/05/05 01:54:19 | 03,058,176 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\_Állati
[2009/05/05 01:53:49 | 01,144,998 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\LifeGuardinthePool.wmv
[2009/05/05 01:23:35 | 00,025,691 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\setmenuandcreditcrunch.pdf
[2009/05/01 13:47:32 | 00,175,104 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\management_application_may08.doc
[2009/05/01 00:56:28 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\yisirefo
[2009/05/01 00:42:19 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/05/01 00:18:35 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\System32\ribeyofe.exe
[2009/04/26 10:47:44 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/04/20 13:44:32 | 00,000,220 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\Irek Mechanic.doc
[2009/04/18 11:32:52 | 00,570,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/18 11:32:52 | 00,475,404 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/18 11:32:52 | 00,086,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 03:15:47 | 00,003,541 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\3 and Orange upgrade stuff.doc
< End of report >

There was also another Notepad file that popped up called Extras.Txt, will you need that one as well?

Dan.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:31 PM

Posted 14 May 2009 - 10:52 AM

This log will do just fine for now.


Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 ( )
    O4 - HKU\.DEFAULT..\Run: [] C:\WINDOWS\TEMP\hfd56.exe ()
    O4 - HKU\.DEFAULT..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 ( )
    O4 - HKU\.DEFAULT..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\hfd56.exe ()
    O4 - HKU\S-1-5-18..\Run: [] C:\WINDOWS\TEMP\hfd56.exe ()
    O4 - HKU\S-1-5-18..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 ( )
    O4 - HKU\S-1-5-18..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\hfd56.exe ()
    O4 - Startup: C:\Documents and Settings\GINGE\Start Menu\Programs\Startup\ChkDisk.dll ( )
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O33 - MountPoints2\{23d5b205-dcbf-11dc-ad01-00080d1fa5fa}\Shell\Auto\command - "" = G:\fun.xls.exe -- File not found
    O33 - MountPoints2\{23d5b205-dcbf-11dc-ad01-00080d1fa5fa}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8f59c37e-8349-11db-ac3f-00080d1fa5fa}\Shell\Auto\command - "" = E:\fun.xls.exe -- File not found
    O33 - MountPoints2\{8f59c37e-8349-11db-ac3f-00080d1fa5fa}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b09db27f-ec5a-11dd-9df0-00080d1fa5fa}\Shell\Auto\command - "" = G:\fun.xls.exe -- File not found
    O33 - MountPoints2\{b09db27f-ec5a-11dd-9df0-00080d1fa5fa}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f1bbf905-24e7-11dd-9c58-00080d1fa5fa}\Shell\Auto\command - "" = E:\fun.xls.exe -- File not found
    O33 - MountPoints2\{f1bbf905-24e7-11dd-9c58-00080d1fa5fa}\Shell\AutoRun - "" = Auto&Play
    
    :Files
    C:\WINDOWS\System32\lmn_setup.exe
    C:\WINDOWS\System32\autochk.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

=================


Immediately after rebooting, try to run Malwarebytes once again. Make sure you are running just the quick scan.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Dellaclearing

Dellaclearing
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 14 May 2009 - 06:24 PM

Hi sam.
I entered the code you gave me into OTList and let it run. After I rebooted, this log popped up as soon as windows loaded...

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8B68564D-53FD-4293-B80C-993A9F3988EE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B68564D-53FD-4293-B80C-993A9F3988EE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\autochk deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\autochk.DLL
C:\WINDOWS\system32\autochk.DLL NOT unregistered.
C:\WINDOWS\system32\autochk.DLL moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\WINDOWS\TEMP\hfd56.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\autochk deleted successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\LocalService\protect.dll
C:\Documents and Settings\LocalService\protect.dll NOT unregistered.
C:\Documents and Settings\LocalService\protect.dll moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\uidenhiufgsduiazghs deleted successfully.
File C:\WINDOWS\TEMP\hfd56.exe not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File C:\WINDOWS\TEMP\hfd56.exe not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\autochk not found.
File rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\uidenhiufgsduiazghs not found.
File C:\WINDOWS\TEMP\hfd56.exe not found.
DllUnregisterServer procedure not found in C:\Documents and Settings\GINGE\Start Menu\Programs\Startup\ChkDisk.dll
C:\Documents and Settings\GINGE\Start Menu\Programs\Startup\ChkDisk.dll NOT unregistered.
C:\Documents and Settings\GINGE\Start Menu\Programs\Startup\ChkDisk.dll moved successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23d5b205-dcbf-11dc-ad01-00080d1fa5fa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23d5b205-dcbf-11dc-ad01-00080d1fa5fa}\ not found.
File G:\fun.xls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23d5b205-dcbf-11dc-ad01-00080d1fa5fa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23d5b205-dcbf-11dc-ad01-00080d1fa5fa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f59c37e-8349-11db-ac3f-00080d1fa5fa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f59c37e-8349-11db-ac3f-00080d1fa5fa}\ not found.
File E:\fun.xls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f59c37e-8349-11db-ac3f-00080d1fa5fa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f59c37e-8349-11db-ac3f-00080d1fa5fa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b09db27f-ec5a-11dd-9df0-00080d1fa5fa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b09db27f-ec5a-11dd-9df0-00080d1fa5fa}\ not found.
File G:\fun.xls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b09db27f-ec5a-11dd-9df0-00080d1fa5fa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b09db27f-ec5a-11dd-9df0-00080d1fa5fa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1bbf905-24e7-11dd-9c58-00080d1fa5fa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1bbf905-24e7-11dd-9c58-00080d1fa5fa}\ not found.
File E:\fun.xls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1bbf905-24e7-11dd-9c58-00080d1fa5fa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1bbf905-24e7-11dd-9c58-00080d1fa5fa}\ not found.
========== FILES ==========
C:\WINDOWS\System32\lmn_setup.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\autochk.dll
C:\WINDOWS\System32\autochk.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\autochk.dll scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\GINGE\Local Settings\Temp\etilqs_WOGB0sIFbbCjssvBH2bb scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\GINGE\Local Settings\Temp\nsrbgxod.bak scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.7 log created on 05142009_235701

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\WINDOWS\System32\autochk.dll
C:\WINDOWS\System32\autochk.dll NOT unregistered.
C:\WINDOWS\System32\autochk.dll moved successfully.
File C:\Documents and Settings\GINGE\Local Settings\Temp\etilqs_WOGB0sIFbbCjssvBH2bb not found!
C:\Documents and Settings\GINGE\Local Settings\Temp\nsrbgxod.bak moved successfully.

Registry entries deleted on Reboot...



I then tried to run Malwarebytes but again it terminated.
I ran another scan of OTList, heres the log:


OTListIt logfile created on: 15/05/2009 00:10:52 - Run 2
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\GINGE\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.23 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 69.15% Memory free
1.44 Gb Paging File | 1.23 Gb Available in Paging File | 85.69% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 2.83 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GINGERMAN
Current User Name: GINGE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/05/10 01:35:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2003/09/03 23:00:18 | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2005/02/23 16:56:12 | 00,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
PRC - [2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2003/09/30 03:41:32 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\DRIVERS\WtSrv.exe
PRC - [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2007/06/13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/05/10 01:35:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2009/05/10 01:35:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2009/02/06 17:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/05/13 02:04:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GINGE\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/01/25 18:33:07 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/05/10 01:35:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP [Auto | Running])
SRV - [2005/03/23 15:17:00 | 00,126,976 | ---- | M] (Computer Associates International Inc.) -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT [On_Demand | Stopped])
SRV - [2003/09/03 23:00:18 | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/21 20:34:51 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/04 08:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2005/02/23 16:56:12 | 00,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch [Auto | Running])
SRV - [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/03/31 13:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxsap.dll -- (NwSapAgent [Auto | Running])
SRV - [2008/11/11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2008/07/09 15:03:48 | 00,102,400 | ---- | M] (PacketVideo) -- C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- (TwonkyMedia [Auto | Stopped])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2003/09/30 03:41:32 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\DRIVERS\WtSrv.exe -- (WinTabService [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2003/03/13 18:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2003/11/07 16:43:12 | 00,100,109 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2003/09/14 21:16:16 | 00,324,608 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [1999/09/10 12:06:00 | 00,025,244 | R--- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2005/06/08 18:44:20 | 00,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\BRGSp50.sys -- (BRGSp50 [On_Demand | Stopped])
DRV - [2006/08/25 04:47:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Stopped])
DRV - [2006/08/25 04:47:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Stopped])
DRV - [2002/09/25 07:09:12 | 00,140,800 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2003/04/23 11:10:06 | 00,090,907 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005/01/27 01:29:00 | 00,016,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
DRV - [2005/02/11 10:19:20 | 00,055,216 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k750bus.sys -- (k750bus [On_Demand | Stopped])
DRV - [2005/02/11 10:22:48 | 00,081,728 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k750mgmt.sys -- (k750mgmt [On_Demand | Stopped])
DRV - [2005/02/11 10:24:24 | 00,079,488 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k750obex.sys -- (k750obex [On_Demand | Stopped])
DRV - [2008/07/21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
DRV - [2009/05/10 01:35:57 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2009/05/10 01:35:57 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2008/04/30 17:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Stopped])
DRV - [2006/12/14 00:39:28 | 00,040,832 | ---- | M] (Motorola Inc) -- C:\WINDOWS\system32\DRIVERS\motodrv.sys -- (MotDev [On_Demand | Stopped])
DRV - [2006/12/13 17:52:50 | 00,020,992 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2004/02/09 14:06:22 | 00,015,360 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\DRIVERS\NetMotCM.sys -- (ndiscm [On_Demand | Stopped])
DRV - [2003/01/29 14:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2004/08/04 06:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2008/09/15 07:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008/09/15 07:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2004/08/04 07:03:35 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
DRV - [2003/03/31 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
DRV - [2003/03/31 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
DRV - [2006/07/22 17:48:07 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
DRV - [2008/08/26 09:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2003/02/12 09:03:54 | 00,015,143 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\DRIVERS\tossdpci.sys -- (pciSd [On_Demand | Stopped])
DRV - [2004/04/16 07:20:14 | 00,090,700 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\P0620Vid.sys -- (PD0620VID [On_Demand | Stopped])
DRV - [2003/08/11 11:07:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Stopped])
DRV - [2004/03/30 18:29:48 | 00,374,816 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\PRISMA02.sys -- (PRISM_A02 [On_Demand | Stopped])
DRV - [2003/03/31 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/11/15 22:01:32 | 00,036,592 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/12/09 05:53:14 | 00,162,944 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\rt25usbap.sys -- (RT25USBAP [On_Demand | Stopped])
DRV - [2006/05/09 01:26:22 | 00,245,248 | R--- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\DRIVERS\rt73.sys -- (RT73 [On_Demand | Stopped])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/07/10 15:05:46 | 00,578,752 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2002/10/15 23:41:06 | 00,102,220 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys -- (sonypvs1 [On_Demand | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2009/02/25 03:03:13 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/09/23 19:59:56 | 00,002,368 | ---- | M] (AntiCracking) -- C:\WINDOWS\System32\STEC3.sys -- (STEC3 [Auto | Running])
DRV - [2000/06/13 06:32:02 | 00,015,370 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k [On_Demand | Stopped])
DRV - [2003/03/05 10:17:36 | 00,023,202 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\DRIVERS\TClass2k.sys -- (TClass2k [On_Demand | Stopped])
DRV - [2002/09/17 17:12:38 | 00,809,872 | R--- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\LTSM.sys -- (TOSHIBASoftModem [On_Demand | Stopped])
DRV - [2002/04/06 20:50:56 | 00,019,607 | ---- | M] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt [Auto | Running])
DRV - [2003/05/14 18:38:32 | 00,025,888 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tsdhd.sys -- (tsdhd [On_Demand | Stopped])
DRV - [2003/08/07 16:52:00 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALZ.SYS -- (TVALZ [Boot | Running])
DRV - [2003/03/05 08:00:44 | 00,011,090 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\DRIVERS\UCTblHid.sys -- (UCTblHid [On_Demand | Stopped])
DRV - [2004/06/11 12:31:20 | 00,135,168 | ---- | M] () -- C:\WINDOWS\UNDPX2A.exe -- (UNDPX2A [On_Demand | Stopped])
DRV - [2008/09/15 07:56:24 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2004/08/04 08:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/08/04 07:08:42 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/09/15 07:56:34 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2006/04/21 19:56:15 | 00,022,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbsermpt.sys -- (usbsermpt [On_Demand | Stopped])
DRV - [2007/02/02 22:38:22 | 00,474,368 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\system32\drivers\vvftav.sys -- (vvftav [On_Demand | Stopped])
DRV - [2006/02/23 07:52:54 | 00,280,576 | R--- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys -- (W8335XP [On_Demand | Running])
DRV - [2005/10/04 15:38:24 | 00,280,064 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211u.sys -- (ZD1211U(PLANET Technology Corp.) [On_Demand | Stopped])
DRV - [2004/10/25 13:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys -- (ZDPSp50 [On_Demand | Stopped])
DRV - [2007/03/08 20:05:32 | 01,466,624 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\System32\Drivers\usbVM305.sys -- (ZSMC0305 [On_Demand | Stopped])
DRV - [2003/04/23 11:15:06 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running])
DRV - [2003/04/23 11:14:56 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running])
DRV - [2003/04/23 11:10:12 | 00,033,335 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\wA301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Freeserve
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.orange.co.uk/all?brand=ouk&a...q={searchTerms}
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\S-1-5-21-2048593784-4278770947-2189496851-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {F929D232-8986-4E61-8888-B5D237BEB041}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 12:42:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/06 00:31:15 | 00,000,000 | ---D | M]

[2008/11/27 13:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GINGE\Application Data\mozilla\Extensions
[2008/11/27 13:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GINGE\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/09 03:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GINGE\Application Data\mozilla\Firefox\Profiles\lp6bkb9j.default\extensions
[2009/05/14 01:59:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 12:42:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/01 00:12:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{F929D232-8986-4E61-8888-B5D237BEB041}
[2009/04/29 12:42:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 12:42:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/29 12:42:25 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/04/29 12:42:25 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/29 12:42:25 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/04/29 12:42:25 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/29 12:42:25 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/04/29 12:42:25 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/29 12:42:25 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/29 12:42:25 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (&AEVITA Save Flash) - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\Program Files\AEVITA Save Flash\saveflash.dll ()
O4 - HKLM..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 File not found
O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm (Dreamingsoft, Inc.)
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\Program Files\AEVITA Save Flash\saveflash.dll ()
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (Dreamingsoft, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (karna.dat) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/03 13:09:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/10 01:34:28 | 00,000,055 | -HS- | M] () - C:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2009/05/14 23:57:01 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/13 14:51:20 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/13 14:51:19 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/13 14:51:17 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/13 14:51:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/13 14:50:22 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\GINGE\Desktop\mbam-setup(2).exe
[2009/05/13 03:04:33 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/13 03:00:40 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/13 02:24:20 | 00,000,649 | -HS- | C] () -- C:\Documents and Settings\GINGE\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/13 02:04:46 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GINGE\Desktop\OTListIt2.exe
[2009/05/12 02:32:31 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\dds.scr
[2009/05/11 20:58:24 | 00,001,384 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Buy DivX for Windows.lnk
[2009/05/11 13:46:18 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\GINGE\Desktop\HiJackThis.exe
[2009/05/10 01:25:20 | 00,101,287 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/05/10 01:25:20 | 00,089,601 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/05/10 01:23:15 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/05/10 01:23:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/05/10 01:22:46 | 00,226,832 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/05/09 22:53:22 | 64,470,784 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\GINGE\Desktop\avg_free_stf_en_85_325a1500.exe
[2009/05/09 21:49:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/05/09 10:51:49 | 00,000,488 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\New Wordpad Document.doc
[2009/05/09 04:06:33 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\GINGE\Desktop\setup-spybotsd162.exe
[2009/05/09 03:50:21 | 00,585,918 | ---- | C] () -- C:\Documents and Settings\GINGE\My Documents\cc_20090509_035009.reg
[2009/05/09 03:47:50 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/09 03:46:02 | 03,227,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\GINGE\Desktop\ccsetup219.exe
[2009/05/09 03:39:03 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\GooredFix.exe
[2009/05/09 02:55:45 | 00,827,876 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\havannas price list.php
[2009/05/08 02:27:06 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\Shortcut to iexplore.lnk
[2009/05/08 01:57:16 | 00,049,152 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\algsrvs.exe
[2009/05/06 00:31:06 | 00,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/05/06 00:29:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/05/05 01:52:37 | 01,144,998 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\LifeGuardinthePool.wmv
[2009/05/05 01:52:14 | 03,058,176 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\_Állati
[2009/05/05 01:23:30 | 00,025,691 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\setmenuandcreditcrunch.pdf
[2009/05/02 00:27:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/01 13:47:32 | 00,175,104 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\management_application_may08.doc
[2009/05/01 01:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GINGE\Desktop\Garmin XT SatNav stuff
[2009/05/01 00:42:19 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/25 09:42:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GINGE\Application Data\Nowe Gadu-Gadu
[2009/04/25 09:38:17 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu
[2009/04/23 13:06:50 | 00,588,116 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\39.jpg
[2009/04/20 12:50:03 | 00,000,220 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\Irek Mechanic.doc
[2009/04/17 13:17:22 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/17 13:17:22 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/17 13:17:22 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/17 13:17:22 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/17 13:17:22 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/17 13:17:21 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/17 13:17:21 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/17 13:17:21 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/17 13:17:20 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/17 13:17:20 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/17 13:15:15 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/02/25 03:03:08 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/04 23:51:40 | 00,000,900 | ---- | C] () -- C:\WINDOWS\rm305.ini
[2009/02/04 18:37:52 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\vmcoinst_vc0305.dll
[2008/10/28 16:52:00 | 00,003,584 | ---- | C] () -- C:\WINDOWS\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/06 22:52:33 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/18 16:16:55 | 00,000,001 | ---- | C] () -- C:\WINDOWS\pvc11.dll
[2007/07/22 20:44:29 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\svighost.dll
[2007/07/22 20:29:09 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\ispnet.dll
[2007/03/01 17:07:12 | 01,117,184 | ---- | C] () -- C:\WINDOWS\System32\swfExt.dll
[2007/03/01 17:07:12 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\flash_lib.dll
[2007/01/24 16:09:14 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/01/11 17:49:18 | 00,006,556 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2007/01/11 17:49:18 | 00,001,907 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2006/12/30 22:08:33 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/24 17:57:42 | 00,053,693 | ---- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2006/12/24 17:25:56 | 00,003,563 | ---- | C] () -- C:\WINDOWS\DNAPrinters.ini
[2006/12/09 14:15:02 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/11/15 22:01:35 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/05/01 17:12:24 | 00,000,327 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/04/18 16:14:17 | 00,000,021 | ---- | C] () -- C:\WINDOWS\ME_setup.ini
[2006/01/08 20:40:13 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/01/07 14:13:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2005/12/07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/10/25 20:23:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/09/23 20:08:00 | 00,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2005/09/11 16:17:31 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2005/07/12 14:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/05/29 02:45:43 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2004/03/23 16:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/12/04 12:40:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/04 12:29:11 | 00,006,202 | ---- | C] () -- C:\WINDOWS\TcdsASCD.ini
[2003/12/04 12:28:45 | 00,006,679 | ---- | C] () -- C:\WINDOWS\Tcds.ini
[2003/12/03 16:45:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2003/12/03 16:45:35 | 00,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2003/12/03 16:28:16 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2003/12/03 16:28:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2003/12/03 16:28:16 | 00,010,256 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2003/12/03 16:28:16 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2003/12/03 16:22:27 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/12/03 13:56:20 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/12/03 13:16:25 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/03 11:56:17 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/12/03 11:55:52 | 00,000,881 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/12/03 11:55:49 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/09/23 13:14:42 | 01,099,264 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2003/08/10 15:59:20 | 00,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2003/08/09 01:28:16 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2001/10/09 03:54:34 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2000/11/29 10:50:40 | 00,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/15 00:10:11 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/15 00:09:39 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/15 00:09:34 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\GINGE\Local Settings\desktop.ini
[2009/05/15 00:09:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/15 00:09:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 14:51:20 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/13 14:50:41 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\GINGE\Desktop\mbam-setup(2).exe
[2009/05/13 13:31:13 | 00,000,881 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/13 13:31:13 | 00,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/13 13:31:13 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/05/13 13:28:20 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/13 03:04:33 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/13 02:24:21 | 00,000,649 | -HS- | M] () -- C:\Documents and Settings\GINGE\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/13 02:04:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GINGE\Desktop\OTListIt2.exe
[2009/05/12 02:32:31 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\dds.scr
[2009/05/11 20:58:24 | 00,001,384 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Buy DivX for Windows.lnk
[2009/05/11 13:46:18 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\GINGE\Desktop\HiJackThis.exe
[2009/05/10 14:16:11 | 00,049,152 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\algsrvs.exe
[2009/05/10 01:35:57 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/05/10 01:35:57 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys
[2009/05/10 01:35:56 | 00,101,287 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/05/10 01:35:56 | 00,089,601 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/05/10 01:34:28 | 00,000,055 | -HS- | M] () -- C:\AUTORUN.INF
[2009/05/09 23:04:07 | 64,470,784 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\GINGE\Desktop\avg_free_stf_en_85_325a1500.exe
[2009/05/09 22:57:24 | 00,000,488 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\New Wordpad Document.doc
[2009/05/09 04:07:37 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\GINGE\Desktop\setup-spybotsd162.exe
[2009/05/09 03:50:46 | 00,585,918 | ---- | M] () -- C:\Documents and Settings\GINGE\My Documents\cc_20090509_035009.reg
[2009/05/09 03:46:12 | 03,227,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\GINGE\Desktop\ccsetup219.exe
[2009/05/09 03:39:04 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\GooredFix.exe
[2009/05/09 02:55:49 | 00,827,876 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\havannas price list.php
[2009/05/08 02:27:06 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\Shortcut to iexplore.lnk
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 00:31:06 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/05/05 01:54:19 | 03,058,176 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\_Állati
[2009/05/05 01:53:49 | 01,144,998 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\LifeGuardinthePool.wmv
[2009/05/05 01:23:35 | 00,025,691 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\setmenuandcreditcrunch.pdf
[2009/05/01 13:47:32 | 00,175,104 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\management_application_may08.doc
[2009/05/01 00:56:28 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\yisirefo
[2009/05/01 00:42:19 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/05/01 00:18:35 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\System32\ribeyofe.exe
[2009/04/26 10:47:44 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/04/20 13:44:32 | 00,000,220 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\Irek Mechanic.doc
[2009/04/18 11:32:52 | 00,570,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/18 11:32:52 | 00,475,404 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/18 11:32:52 | 00,086,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 03:15:47 | 00,003,541 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\3 and Orange upgrade stuff.doc
< End of report >
.

Also, I've been getting the blue screen of death quite frequently and windows just shuts down. I imagine it's related because it wasn't happening at all until the last couple of days.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:31 PM

Posted 15 May 2009 - 09:19 AM

Go ahead and uninstall Malwarebytes.



Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    O32 - AutoRun File - [2009/05/10 01:34:28 | 00,000,055 | -HS- | M] () - C:\AUTORUN.INF -- [ NTFS ]
    O20 - AppInit_DLLs: (karna.dat) - File not found
    O4 - HKLM..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 File not found
    
    :Files
    C:\WINDOWS\System32\ribeyofe.exe
    C:\WINDOWS\System32\algsrvs.exe
    C:\AUTORUN.INF
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

================


Download and scan with the free 15 day trial of Counterspy
Save the report when it's finished:
  • Once Counterspy has done scanning,the 'Scan Results' box will appear.
  • Click on 'View Results'.
  • Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to Remove.
  • Then click on Take Action.
  • Once everything has been removed,click on View Details.
  • Copy and Paste those details into your next reply here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Dellaclearing

Dellaclearing
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 15 May 2009 - 11:22 AM

Heres my latest OTListit log, Counterspy log to follow shortly...

OTListIt logfile created on: 15/05/2009 17:17:09 - Run 3
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\GINGE\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.23 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 72.36% Memory free
1.44 Gb Paging File | 1.26 Gb Available in Paging File | 87.42% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 2.74 Gb Free Space | 9.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GINGERMAN
Current User Name: GINGE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/06/13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/05/10 01:35:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2003/09/03 23:00:18 | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2005/02/23 16:56:12 | 00,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
PRC - [2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2003/09/30 03:41:32 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\DRIVERS\WtSrv.exe
PRC - [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2004/08/04 08:56:54 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2009/05/10 01:35:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2009/05/13 02:04:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GINGE\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/01/25 18:33:07 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/05/10 01:35:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP [Auto | Running])
SRV - [2005/03/23 15:17:00 | 00,126,976 | ---- | M] (Computer Associates International Inc.) -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT [On_Demand | Stopped])
SRV - [2003/09/03 23:00:18 | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/21 20:34:51 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/04 08:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2005/02/23 16:56:12 | 00,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch [Auto | Running])
SRV - [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/03/31 13:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxsap.dll -- (NwSapAgent [Auto | Running])
SRV - [2008/11/11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2008/07/09 15:03:48 | 00,102,400 | ---- | M] (PacketVideo) -- C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- (TwonkyMedia [Auto | Stopped])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2003/09/30 03:41:32 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\DRIVERS\WtSrv.exe -- (WinTabService [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2003/03/13 18:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2003/11/07 16:43:12 | 00,100,109 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2003/09/14 21:16:16 | 00,324,608 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [1999/09/10 12:06:00 | 00,025,244 | R--- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2005/06/08 18:44:20 | 00,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\BRGSp50.sys -- (BRGSp50 [On_Demand | Stopped])
DRV - [2006/08/25 04:47:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Stopped])
DRV - [2006/08/25 04:47:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Stopped])
DRV - [2002/09/25 07:09:12 | 00,140,800 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2003/04/23 11:10:06 | 00,090,907 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005/01/27 01:29:00 | 00,016,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
DRV - [2005/02/11 10:19:20 | 00,055,216 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k750bus.sys -- (k750bus [On_Demand | Stopped])
DRV - [2005/02/11 10:22:48 | 00,081,728 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k750mgmt.sys -- (k750mgmt [On_Demand | Stopped])
DRV - [2005/02/11 10:24:24 | 00,079,488 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k750obex.sys -- (k750obex [On_Demand | Stopped])
DRV - [2008/07/21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
DRV - [2009/05/10 01:35:57 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2009/05/10 01:35:57 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2008/04/30 17:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2006/12/14 00:39:28 | 00,040,832 | ---- | M] (Motorola Inc) -- C:\WINDOWS\system32\DRIVERS\motodrv.sys -- (MotDev [On_Demand | Stopped])
DRV - [2006/12/13 17:52:50 | 00,020,992 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2004/02/09 14:06:22 | 00,015,360 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\DRIVERS\NetMotCM.sys -- (ndiscm [On_Demand | Stopped])
DRV - [2003/01/29 14:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2004/08/04 06:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2008/09/15 07:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008/09/15 07:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2004/08/04 07:03:35 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
DRV - [2003/03/31 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
DRV - [2003/03/31 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
DRV - [2006/07/22 17:48:07 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
DRV - [2008/08/26 09:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2003/02/12 09:03:54 | 00,015,143 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\DRIVERS\tossdpci.sys -- (pciSd [On_Demand | Stopped])
DRV - [2004/04/16 07:20:14 | 00,090,700 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\P0620Vid.sys -- (PD0620VID [On_Demand | Stopped])
DRV - [2003/08/11 11:07:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Stopped])
DRV - [2004/03/30 18:29:48 | 00,374,816 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\PRISMA02.sys -- (PRISM_A02 [On_Demand | Stopped])
DRV - [2003/03/31 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/11/15 22:01:32 | 00,036,592 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/12/09 05:53:14 | 00,162,944 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\rt25usbap.sys -- (RT25USBAP [On_Demand | Stopped])
DRV - [2006/05/09 01:26:22 | 00,245,248 | R--- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\DRIVERS\rt73.sys -- (RT73 [On_Demand | Stopped])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/07/10 15:05:46 | 00,578,752 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2002/10/15 23:41:06 | 00,102,220 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys -- (sonypvs1 [On_Demand | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2009/02/25 03:03:13 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/09/23 19:59:56 | 00,002,368 | ---- | M] (AntiCracking) -- C:\WINDOWS\System32\STEC3.sys -- (STEC3 [Auto | Running])
DRV - [2000/06/13 06:32:02 | 00,015,370 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k [On_Demand | Stopped])
DRV - [2003/03/05 10:17:36 | 00,023,202 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\DRIVERS\TClass2k.sys -- (TClass2k [On_Demand | Stopped])
DRV - [2002/09/17 17:12:38 | 00,809,872 | R--- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\LTSM.sys -- (TOSHIBASoftModem [On_Demand | Stopped])
DRV - [2002/04/06 20:50:56 | 00,019,607 | ---- | M] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt [Auto | Running])
DRV - [2003/05/14 18:38:32 | 00,025,888 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tsdhd.sys -- (tsdhd [On_Demand | Stopped])
DRV - [2003/08/07 16:52:00 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALZ.SYS -- (TVALZ [Boot | Running])
DRV - [2003/03/05 08:00:44 | 00,011,090 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\DRIVERS\UCTblHid.sys -- (UCTblHid [On_Demand | Stopped])
DRV - [2004/06/11 12:31:20 | 00,135,168 | ---- | M] () -- C:\WINDOWS\UNDPX2A.exe -- (UNDPX2A [On_Demand | Stopped])
DRV - [2008/09/15 07:56:24 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2004/08/04 08:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/08/04 07:08:42 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/09/15 07:56:34 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2006/04/21 19:56:15 | 00,022,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbsermpt.sys -- (usbsermpt [On_Demand | Stopped])
DRV - [2007/02/02 22:38:22 | 00,474,368 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\system32\drivers\vvftav.sys -- (vvftav [On_Demand | Stopped])
DRV - [2006/02/23 07:52:54 | 00,280,576 | R--- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys -- (W8335XP [On_Demand | Running])
DRV - [2005/10/04 15:38:24 | 00,280,064 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211u.sys -- (ZD1211U(PLANET Technology Corp.) [On_Demand | Stopped])
DRV - [2004/10/25 13:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys -- (ZDPSp50 [On_Demand | Stopped])
DRV - [2007/03/08 20:05:32 | 01,466,624 | ---- | M] (Vimicro Corporation) -- C:\WINDOWS\System32\Drivers\usbVM305.sys -- (ZSMC0305 [On_Demand | Stopped])
DRV - [2003/04/23 11:15:06 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running])
DRV - [2003/04/23 11:14:56 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running])
DRV - [2003/04/23 11:10:12 | 00,033,335 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\wA301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Freeserve
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.orange.co.uk/all?brand=ouk&a...q={searchTerms}
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\S-1-5-21-2048593784-4278770947-2189496851-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {F929D232-8986-4E61-8888-B5D237BEB041}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 12:42:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/06 00:31:15 | 00,000,000 | ---D | M]

[2008/11/27 13:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GINGE\Application Data\mozilla\Extensions
[2008/11/27 13:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GINGE\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/09 03:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GINGE\Application Data\mozilla\Firefox\Profiles\lp6bkb9j.default\extensions
[2009/05/15 15:18:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 12:42:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/01 00:12:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{F929D232-8986-4E61-8888-B5D237BEB041}
[2009/04/29 12:42:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 12:42:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/29 12:42:25 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/04/29 12:42:25 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/29 12:42:25 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/04/29 12:42:25 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/29 12:42:25 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/04/29 12:42:25 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/29 12:42:25 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/29 12:42:25 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (&AEVITA Save Flash) - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\Program Files\AEVITA Save Flash\saveflash.dll ()
O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm (Dreamingsoft, Inc.)
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\Program Files\AEVITA Save Flash\saveflash.dll ()
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (Dreamingsoft, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2048593784-4278770947-2189496851-1006\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\mzvkbd.dll) - c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll) - c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/03 13:09:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2009/05/15 16:41:17 | 12,130,384 | ---- | C] (Sunbelt Software ) -- C:\Documents and Settings\GINGE\Desktop\counterspy.exe
[2009/05/14 23:57:01 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/13 14:50:22 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\GINGE\Desktop\mbam-setup(2).exe
[2009/05/13 03:04:33 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/13 03:00:40 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/13 02:24:20 | 00,000,649 | -HS- | C] () -- C:\Documents and Settings\GINGE\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/13 02:04:46 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GINGE\Desktop\OTListIt2.exe
[2009/05/12 02:32:31 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\dds.scr
[2009/05/11 20:58:24 | 00,001,384 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Buy DivX for Windows.lnk
[2009/05/11 13:46:18 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\GINGE\Desktop\HiJackThis.exe
[2009/05/10 01:25:20 | 00,101,287 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/05/10 01:25:20 | 00,089,601 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/05/10 01:23:15 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/05/10 01:23:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/05/10 01:22:46 | 00,226,832 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/05/09 22:53:22 | 64,470,784 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\GINGE\Desktop\avg_free_stf_en_85_325a1500.exe
[2009/05/09 21:49:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/05/09 10:51:49 | 00,000,488 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\New Wordpad Document.doc
[2009/05/09 04:06:33 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\GINGE\Desktop\setup-spybotsd162.exe
[2009/05/09 03:50:21 | 00,585,918 | ---- | C] () -- C:\Documents and Settings\GINGE\My Documents\cc_20090509_035009.reg
[2009/05/09 03:47:50 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/09 03:46:02 | 03,227,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\GINGE\Desktop\ccsetup219.exe
[2009/05/09 03:39:03 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\GooredFix.exe
[2009/05/09 02:55:45 | 00,827,876 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\havannas price list.php
[2009/05/08 02:27:06 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\Shortcut to iexplore.lnk
[2009/05/06 00:31:06 | 00,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/05/06 00:29:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/05/05 01:52:37 | 01,144,998 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\LifeGuardinthePool.wmv
[2009/05/05 01:52:14 | 03,058,176 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\_Állati
[2009/05/05 01:23:30 | 00,025,691 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\setmenuandcreditcrunch.pdf
[2009/05/02 00:27:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/01 13:47:32 | 00,175,104 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\management_application_may08.doc
[2009/05/01 01:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GINGE\Desktop\Garmin XT SatNav stuff
[2009/05/01 00:42:19 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/25 09:42:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GINGE\Application Data\Nowe Gadu-Gadu
[2009/04/25 09:38:17 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu
[2009/04/23 13:06:50 | 00,588,116 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\39.jpg
[2009/04/20 12:50:03 | 00,000,220 | ---- | C] () -- C:\Documents and Settings\GINGE\Desktop\Irek Mechanic.doc
[2009/04/17 13:17:22 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/17 13:17:22 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/17 13:17:22 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/17 13:17:22 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/17 13:17:22 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/17 13:17:21 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/17 13:17:21 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/17 13:17:21 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/17 13:17:20 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/17 13:17:20 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/17 13:15:15 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/02/25 03:03:08 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/04 23:51:40 | 00,000,900 | ---- | C] () -- C:\WINDOWS\rm305.ini
[2009/02/04 18:37:52 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\vmcoinst_vc0305.dll
[2008/10/28 16:52:00 | 00,003,584 | ---- | C] () -- C:\WINDOWS\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/06 22:52:33 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/18 16:16:55 | 00,000,001 | ---- | C] () -- C:\WINDOWS\pvc11.dll
[2007/07/22 20:44:29 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\svighost.dll
[2007/07/22 20:29:09 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\ispnet.dll
[2007/03/01 17:07:12 | 01,117,184 | ---- | C] () -- C:\WINDOWS\System32\swfExt.dll
[2007/03/01 17:07:12 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\flash_lib.dll
[2007/01/24 16:09:14 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/01/11 17:49:18 | 00,006,556 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2007/01/11 17:49:18 | 00,001,907 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2006/12/30 22:08:33 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/24 17:57:42 | 00,053,693 | ---- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2006/12/24 17:25:56 | 00,003,563 | ---- | C] () -- C:\WINDOWS\DNAPrinters.ini
[2006/12/09 14:15:02 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/11/15 22:01:35 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/05/01 17:12:24 | 00,000,327 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/04/18 16:14:17 | 00,000,021 | ---- | C] () -- C:\WINDOWS\ME_setup.ini
[2006/01/08 20:40:13 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/01/07 14:13:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2005/12/07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/10/25 20:23:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/09/23 20:08:00 | 00,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2005/09/11 16:17:31 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2005/07/12 14:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/05/29 02:45:43 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2004/03/23 16:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/12/04 12:40:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/04 12:29:11 | 00,006,202 | ---- | C] () -- C:\WINDOWS\TcdsASCD.ini
[2003/12/04 12:28:45 | 00,006,679 | ---- | C] () -- C:\WINDOWS\Tcds.ini
[2003/12/03 16:45:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2003/12/03 16:45:35 | 00,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2003/12/03 16:28:16 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2003/12/03 16:28:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2003/12/03 16:28:16 | 00,010,256 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2003/12/03 16:28:16 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2003/12/03 16:22:27 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/12/03 13:56:20 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/12/03 13:16:25 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/03 11:56:17 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/12/03 11:55:52 | 00,000,881 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/12/03 11:55:49 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/09/23 13:14:42 | 01,099,264 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2003/08/10 15:59:20 | 00,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2003/08/09 01:28:16 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2001/10/09 03:54:34 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2000/11/29 10:50:40 | 00,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/15 17:09:13 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/15 17:08:58 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/15 17:08:41 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\GINGE\Local Settings\desktop.ini
[2009/05/15 17:08:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/15 17:08:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/15 16:44:01 | 12,130,384 | ---- | M] (Sunbelt Software ) -- C:\Documents and Settings\GINGE\Desktop\counterspy.exe
[2009/05/13 14:50:41 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\GINGE\Desktop\mbam-setup(2).exe
[2009/05/13 13:31:13 | 00,000,881 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/13 13:31:13 | 00,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/13 13:31:13 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/05/13 13:28:20 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/13 03:04:33 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/13 02:24:21 | 00,000,649 | -HS- | M] () -- C:\Documents and Settings\GINGE\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/13 02:04:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GINGE\Desktop\OTListIt2.exe
[2009/05/12 02:32:31 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\dds.scr
[2009/05/11 20:58:24 | 00,001,384 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Buy DivX for Windows.lnk
[2009/05/11 13:46:18 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\GINGE\Desktop\HiJackThis.exe
[2009/05/10 01:35:57 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/05/10 01:35:57 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys
[2009/05/10 01:35:56 | 00,101,287 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/05/10 01:35:56 | 00,089,601 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/05/09 23:04:07 | 64,470,784 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\GINGE\Desktop\avg_free_stf_en_85_325a1500.exe
[2009/05/09 22:57:24 | 00,000,488 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\New Wordpad Document.doc
[2009/05/09 04:07:37 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\GINGE\Desktop\setup-spybotsd162.exe
[2009/05/09 03:50:46 | 00,585,918 | ---- | M] () -- C:\Documents and Settings\GINGE\My Documents\cc_20090509_035009.reg
[2009/05/09 03:46:12 | 03,227,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\GINGE\Desktop\ccsetup219.exe
[2009/05/09 03:39:04 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\GooredFix.exe
[2009/05/09 02:55:49 | 00,827,876 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\havannas price list.php
[2009/05/08 02:27:06 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\Shortcut to iexplore.lnk
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 00:31:06 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/05/05 01:54:19 | 03,058,176 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\_Állati
[2009/05/05 01:53:49 | 01,144,998 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\LifeGuardinthePool.wmv
[2009/05/05 01:23:35 | 00,025,691 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\setmenuandcreditcrunch.pdf
[2009/05/01 13:47:32 | 00,175,104 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\management_application_may08.doc
[2009/05/01 00:56:28 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\yisirefo
[2009/05/01 00:42:19 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/26 10:47:44 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/04/20 13:44:32 | 00,000,220 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\Irek Mechanic.doc
[2009/04/18 11:32:52 | 00,570,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/18 11:32:52 | 00,475,404 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/18 11:32:52 | 00,086,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 03:15:47 | 00,003,541 | ---- | M] () -- C:\Documents and Settings\GINGE\Desktop\3 and Orange upgrade stuff.doc
< End of report >

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:31 PM

Posted 15 May 2009 - 02:30 PM

Looks good. Just post back with the Counterspy log when you have it.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Dellaclearing

Dellaclearing
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 15 May 2009 - 08:14 PM

Hi Sam, I'm not entirely sure if this is what you wanted me to post from CounterSpy but these are the details...

I tried to run it a few times but the laptop kept restarting itself, blue screen of death. Eventually managed to complete a "quick scan", it found 19 problems, I set it to "remove" and clicked "clean", all items were removed but I then got a pop up saying that another infection had been detected whilst removing the other problems and I was advised to perform a full scan straight away so I did. The following are the risk details from the "quick scan":


Risk name: LinkMedia
Source: Scanner
Risk level: Elevated
Risk category: Browser Plug-in

Description: A Browser Plug-in is a software module that is attached to the browser, usually Internet Explorer, and that works within the browser to provide additional functionality. Browser Plug-ins may be installed with adware and used to display advertising as well as redirect the browser to alternate sites and alternate search results. Many Browser Plug-ins also monitor user web surfing and search data to facilitate targeted, contextual advertising. A toolbar is one type of Browser Plug-in.

Advice: This is an elevated risk and should be removed or quarantined as it may compromise your privacy and security, make unwanted changes to your computer's settings, and negatively impact your computer's performance and stability.

________________________________________


Risk name: TrojanDropper-Win32.Opachki.A
Source: Scanner
Risk level: High
Risk category: Trojan Downloader

Description: A Trojan Downloader is a program typically installed through an exploit or some other deceptive means and that facilitates the download and installation of other malware and unwanted software onto a victim's PC. A Trojan Downloader may download adware, spyware or other malware from multiple servers or sources on the internet.

Advice: This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.


The following are the risk details from the full system scan that I was advised to perform as soon as the quick scan had finished...:

Risk name: Trojan.Win32.Patch.B
Source: Scanner
Risk level: High
Risk category: Trojan

Description: Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.

Advice: This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.
____________________________________

Risk name: Trojan.VB.I
Source: Scanner
Risk level: High
Risk category: Trojan

Description: Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.

Advice: This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.
_______________________________________

Risk name: Backdoor.Prorat.JYP
Source: Scanner
Risk level: High
Risk category: Backdoor

Description: A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

Advice: This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.
_______________________________________

Risk name: TrojanDropper-Win32.Opachki.A
Source: Scanner
Risk level: High
Risk category: Trojan Downloader

Description: A Trojan Downloader is a program typically installed through an exploit or some other deceptive means and that facilitates the download and installation of other malware and unwanted software onto a victim's PC. A Trojan Downloader may download adware, spyware or other malware from multiple servers or sources on the internet.

Advice: This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.
________________________________________

I'll leave CounterSpy open for as long as my laptop stays on just incase these results aren't the ones you needed, some of the commands you told me to look for were labelled or titled differently, maybe it's a newer version of CounterSpy?

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:31 PM

Posted 16 May 2009 - 02:09 PM

That's not exactly what I was looking for. Is there a log that will show the exact item that was detected? That's what I need.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Dellaclearing

Dellaclearing
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 16 May 2009 - 03:02 PM

If there is a log I'm sorry but I can't find it. If I go into the programs history, it shows the 2 scans I performed, the quick scan and then the deep scan, I can look at what was found during those scans, and the "risk details" button shows the edetails that I posted in my last reply.

Like I said, some of the things you asked me to click on just weren't there, for example,

* Once Counterspy has done scanning,the 'Scan Results' box will appear.
* Click on 'View Results'. there was no "view results" button, they just appeared
* Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to Remove.
* Then click on Take Action.there wasn't a take Action" option, it just said "clean"
* Once everything has been removed,click on View Details.The only thing was "Risk Details", this is what I clicked to get the results that I posted earlier
* Copy and Paste those details into your next reply here.

This is what made me think that maybe I've downloaded a newer version than the one your used to using? If it isn't a new version then I have no idea. I downloaded the 15 day trial from the link you provided me with. Would you link me to try to post a few screen grabs?

My computer is still acting strange, I'm still being redirected to wrong websites, and whenever I start windows a whole load of windows pop up saying the system had recovered from a serious error, and that whatever program has encountered an error and has to close. Kaspersky is usually the first one to fail.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:31 PM

Posted 16 May 2009 - 03:09 PM

I think you're right. They've updated on me. That's ok.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Dellaclearing

Dellaclearing
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 16 May 2009 - 04:54 PM

Well, that took a lot longer than I thought it would! "Pev.cfexe encountered an error and needs to close" popped up both times I opened ComboFix, computer crashed the first time I tried to scan, had to restart and try again. Got through it this time, heres the log!

ComboFix 09-05-16.03 - GINGE 16/05/2009 22:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1263.902 [GMT 1:00]
Running from: c:\documents and settings\GINGE\Desktop\Combo-Fix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\GINGE\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\windows\system32\drivers\ovfsthqvoyejixmiwkephhtomsiykosuvjkunc.sys
c:\windows\system32\ovfsthgjjxijdxyorxxqpahqluliwjexljglim.dll
c:\windows\system32\ovfsthindlnqjjtrklpkclxkosxcudiieetwwl.dat
c:\windows\system32\ovfsthjafajknjqgsyydjbxxnyedibqlhhbbbm.dll
c:\windows\system32\ovfsthltgkmntmpxjpuduhewtcslrokldpqekg.dat
c:\windows\system32\ovfsthoqroeknofltsvfuqovwpfqfrpnhemacg.dll
c:\windows\system32\uniq.tll
c:\windows\system32\wservice.exe
c:\windows\ynh.dx

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthitpiqohswarxpeddeckqiusumtdotlli
-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-16 21:09 . 2009-05-16 21:25 172064 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-16 21:09 . 2009-05-16 21:25 1007136 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-15 16:21 . 2009-05-15 16:21 -------- d-----w c:\documents and settings\GINGE\Application Data\Sunbelt
2009-05-15 16:21 . 2009-05-15 16:21 -------- d-----w c:\documents and settings\All Users\Application Data\Sunbelt
2009-05-15 16:20 . 2009-05-15 16:20 -------- d-----w c:\program files\Sunbelt Software
2009-05-14 22:57 . 2009-05-14 22:57 -------- d-----w C:\_OTListIt
2009-05-10 00:25 . 2009-05-10 00:35 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-10 00:25 . 2009-05-10 00:35 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-10 00:23 . 2009-05-10 00:23 -------- d-----w c:\program files\Kaspersky Lab
2009-05-10 00:23 . 2009-05-16 21:32 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-09 20:49 . 2009-05-09 20:49 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-09 02:47 . 2009-05-09 02:47 -------- d-----w c:\program files\CCleaner
2009-05-05 23:29 . 2009-05-05 23:30 -------- d-----w c:\program files\Common Files\DivX Shared
2009-05-01 23:27 . 2009-05-05 23:46 -------- d-----w c:\windows\system32\NtmsData
2009-04-25 08:42 . 2009-04-25 08:56 -------- d-----w c:\documents and settings\GINGE\Application Data\Nowe Gadu-Gadu
2009-04-25 08:38 . 2009-04-25 08:40 -------- d-----w c:\program files\Nowe Gadu-Gadu
2009-04-17 12:17 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 12:17 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-17 12:17 . 2009-02-06 16:54 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-17 12:17 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 12:17 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 12:17 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 12:17 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 12:17 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 12:17 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 12:17 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 12:15 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 21:34 . 2009-05-16 21:09 9060 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-16 21:25 . 2009-05-16 21:09 1668 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-10 00:35 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-09 22:28 . 2007-05-24 00:09 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-09 21:40 . 2007-08-23 03:49 -------- d-----w c:\program files\Nokia
2009-05-09 21:38 . 2008-10-28 01:56 -------- d-----w c:\program files\Guitar Speed Trainer
2009-05-09 21:06 . 2006-01-29 20:45 -------- d-----w c:\program files\AviSynth 2.5
2009-05-09 03:02 . 2007-08-21 23:25 -------- d-----w c:\program files\Cleaner 5 EZ
2009-05-05 23:31 . 2006-12-05 18:34 -------- d-----w c:\program files\DivX
2009-04-03 01:11 . 2009-04-03 01:11 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-03 01:11 . 2009-04-03 01:11 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-03 00:10 . 2006-01-29 20:47 46880 ----a-w c:\documents and settings\GINGE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-03 00:03 . 2009-04-02 23:19 224824 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-02 23:46 . 2007-08-23 03:53 -------- d-----w c:\program files\Common Files\Nokia
2009-04-02 23:37 . 2009-04-02 23:37 -------- d-----w c:\program files\Common Files\muvee Technologies
2009-04-02 23:17 . 2009-04-02 23:17 -------- d-----w c:\program files\MSBuild
2009-04-02 23:17 . 2009-04-02 23:17 -------- d-----w c:\program files\Reference Assemblies
2009-04-02 23:14 . 2009-04-02 23:14 -------- d-----w c:\program files\MSXML 6.0
2009-03-17 12:26 . 2009-03-17 12:26 65320 ----a-w c:\windows\system32\sbbd.exe
2009-03-06 14:44 . 2003-12-03 10:55 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-02-24 13:26 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-25 02:03 . 2009-02-25 02:03 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-24 04:10 . 2008-04-24 20:13 130 ---ha-w c:\documents and settings\GINGE\Application Data\brara1985.sys
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
2008-11-12 01:19 . 2008-11-12 01:19 17465 ----a-w c:\program files\Common Files\uvyrygyqiv.dl
2008-11-12 01:19 . 2008-11-12 01:19 19639 ----a-w c:\program files\Common Files\teruso.inf
2006-07-22 16:51 . 2006-04-18 16:05 278528 -c--a-w c:\program files\Common Files\FDEUnInstaller.exe
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-05-10 206088]
"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2009-03-17 681256]
"SBRegRebootCleaner"="c:\program files\Sunbelt Software\CounterSpy\SBRC.exe" [2009-03-17 197928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^C&W Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\C&W Utility.lnk
backup=c:\windows\pss\C&W Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PLANET WL-U356A Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PLANET WL-U356A Utility.lnk
backup=c:\windows\pss\PLANET WL-U356A Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^GINGE^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\GINGE\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^GINGE^Start Menu^Programs^Startup^ChkDisk.lnk]
path=c:\documents and settings\GINGE\Start Menu\Programs\Startup\ChkDisk.lnk
backup=c:\windows\pss\ChkDisk.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^GINGE^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\GINGE\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [27/09/2007 23:14 20608]
S3 gkmixern;gkmixern;\??\c:\docume~1\GINGE\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\GINGE\LOCALS~1\Temp\gkmixern.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [01/09/2007 19:43 40832]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [22/10/2008 17:08 92464]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - AVP
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CFSvcs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - gusvc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTPFilter
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - LogWatch
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SBAMSvc
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - TwonkyMedia
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WinTabService
*Deregistered* - WMDM PMSP Service
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-05-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-07 19:34]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Wdf01000.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
IE: Save F&lash with FlashCapture - c:\program files\FlashCapture\fciext.dll/FCIEXT.htm
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
FF - ProfilePath - c:\documents and settings\GINGE\Application Data\Mozilla\Firefox\Profiles\lp6bkb9j.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\prograM\plugins\npdivx32.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 22:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1DF69C22937147347A264CEAF504D87B]
"ImagePath"="cmd /k start /i \"/d%systemdrive%\" \"c:\combo-fix\HIDEC.exe\" \"c:\combo-fix\SWREG.EXE\" ACL \"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep\" /RESET /Q"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2048593784-4278770947-2189496851-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2B9E443-5928-D410-DCF1-8B4F245F8631}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahlhpjfehmhacgcal"=hex:69,61,69,63,63,64,6b,67,66,6d,62,63,6e,61,66,61,6d,67,
00,00
"haflonhohhpnhklp"=hex:69,61,69,63,63,64,6b,67,66,6d,62,63,6e,61,66,61,6d,67,
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4076)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe
c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\drivers\WtSrv.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\SoftwareDistribution\Download\b3e9e7327f38776a4eeeb084da3eff5a\update\update.exe
.
**************************************************************************
.
Completion time: 2009-05-16 22:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-16 21:48

Pre-Run: 2,363,981,824 bytes free
Post-Run: 2,147,762,176 bytes free

290




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users