Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PopUp Ads continue dispite attempts to remove virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 theo4

theo4

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 11 July 2009 - 02:47 PM

Dear BC team,

Initial problem was the McAfee AV scan programme has been blocked from working though an update was allowed to perform. Since the downloading of Limewire the internet has become slower and there are ads that pop up all the time labelled Conceptads. When I look at my history there are a lot more sites that I have apparently visited but these have not been entered by me nor have they necessarily appeared.

After some assistance from aommaster I was advised to do run the following:

ATF-Cleaner.exe --> OTMoveIt3 --> HijackThis --> GMER --> Rootkit --> Kaspersky Online Scanner

and then rerun the RSIT programme with the HIJack this log showing the following:


Logfile of random's system information tool 1.06 (written by random/random)
Run by 041413 at 2009-06-16 15:36:04
Microsoft Windows XP Professional Service Pack 2
System drive C: has 24 GB (63%) free of 38 GB
Total RAM: 1014 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:47, on 16/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\PatchLink\Update Agent\GRAVITIXSERVICE.exe
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\WINDOWS\System32\TpScrLk.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PatchLink\Update Agent\pddm.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Quickres\QKRES2K.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\041413\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\041413.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.vaa.vtg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.vaa.vtg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin Atlantic Airways
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://svaabc01.uk.vtg:8081/accelerated_pac_base.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.VTG;10.*.*.*;*.vtg.local;SVAA*;194.100.100.1;204.26.248.*;204.26.249.*;192.168
.*.*;*ebusiness.virgin-atlantic.com;ebus*.virgin-atlantic.com;195.6.25.194;https://services.airbusworld.com;*.2vshares.com;*.vsshares.com;172.30.84.83;https://pass.virgin-atlantic.com;10.20.7.81;<local>
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [UniPrint] C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe
O4 - HKLM\..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QUICKRES.lnk = C:\Program Files\Quickres\QKRES2K.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://intranet.vaa.vtg
O15 - Trusted Zone: http://*.81.201.138.81
O15 - Trusted Zone: http://*.airnav
O15 - Trusted Zone: http://uk.cibt.com
O15 - Trusted Zone: http://*.eman
O15 - Trusted Zone: http://*.uk.vtg
O15 - Trusted Zone: http://*.vaa.vtg
O15 - Trusted Zone: http://www.vga.com
O15 - Trusted Zone: *.virgin-atlantic.com
O15 - Trusted Zone: http://*.vga.com
O15 - Trusted Zone: http://*.vga.com
O15 - Trusted Zone: http://*.vaa.vtg.local
O15 - Trusted Zone: http://*.airnav (HKLM)
O15 - Trusted Zone: http://uk.cibt.com (HKLM)
O15 - Trusted Zone: http://*.eman (HKLM)
O15 - Trusted Zone: http://*.uk.vtg (HKLM)
O15 - Trusted Zone: http://*.vaa.vtg (HKLM)
O15 - Trusted Zone: http://www.vga.com (HKLM)
O15 - Trusted Zone: *.vga.com (HKLM)
O15 - Trusted Zone: http://*.vga.com (HKLM)
O15 - Trusted Zone: http://*.vga.com (HKLM)
O15 - Trusted Zone: http://*.vaa.vtg.local (HKLM)
O15 - Trusted IP range: http://*.81.201.138.81
O15 - Trusted IP range: http://*.81.201.138.81 (HKLM)
O15 - ESC Trusted Zone: *.svaaoffpatch1 (HKLM)


DDR was run too....

DDS (Ver_09-06-26.01) - NTFSx86
Run by 041413 at 20:36:56.31 on 11/07/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1014.462 [GMT 1:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\PatchLink\Update Agent\GRAVITIXSERVICE.exe
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\WINDOWS\System32\TpScrLk.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PatchLink\Update Agent\pddm.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Quickres\QKRES2K.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\041413\Desktop\dds.pif

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Virgin Atlantic Airways
uStart Page = hxxp://intranet.vaa.vtg/
mDefault_Page_URL = hxxp://intranet.vaa.vtg
uInternet Settings,ProxyOverride = *.VTG;10.*.*.*;*.vtg.local;SVAA*;194.100.100.1;204.26.248.*;204.26.249.*;192.168.*.*;*ebusiness.virgin-atlantic.com;ebus*.virgin-atlantic.com;195.6.25.194;https://services.airbusworld.com;*.2vshares.com;*.vsshares.com;172.30.84.83;https://pass.virgin-atlantic.com;10.20.7.81;<local>;*.local
uInternet Settings,ProxyServer = 127.0.0.1:80
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: TBSB05288 Class: {6714adbd-c6c1-42a8-bd84-9c9339059421} - c:\program files\ietoolbar\eco bar\ecobar.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: ECO Bar: {10000000-1000-1000-1000-100000000000} - c:\program files\ietoolbar\eco bar\ecobar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ares] "c:\program files\ares\Ares.exe" -h
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [AMSG] c:\progra~1\thinkv~1\amsg\Amsg.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [UniPrint] c:\progra~1\uniprint\client\SetDfltSettings.exe
mRun: [PDDM] c:\program files\patchlink\update agent\pddm.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Apple_KbdMgr] c:\program files\boot camp\KbdMgr.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\041413\startm~1\programs\startup\runit_32.lnk - c:\program files\runit\runit_32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickres.lnk - c:\program files\quickres\QKRES2K.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: NoPropertiesMyDocuments = 1 (0x1)
uPolicies-explorer: NoPropertiesMyComputer = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoSetTaskbar = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoAutoUpdate = 1 (0x1)
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: RestrictCpl = 1 (0x1)
uPolicies-disallowrun: 1 = gmt.exe
uPolicies-disallowrun: 2 = hbinst.exe
uPolicies-disallowrun: 3 = hbsrv.exe
uPolicies-disallowrun: 4 = mwsoemon.exe
uPolicies-disallowrun: 5 = save.exe
uPolicies-disallowrun: 6 = soundmx.exe
uPolicies-disallowrun: 7 = swebexec.exe
uPolicies-disallowrun: 8 = weatherontray.exe
uPolicies-disallowrun: 9 = webshotstray.exe
mPolicies-system: LogonType = 0 (0x0)
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\PkgMgr.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: 81.201.138.81
Trusted Zone: airnav
Trusted Zone: cibt.com\uk
Trusted Zone: datalex.com
Trusted Zone: doxzoneportal.com\www
Trusted Zone: dozzoneportal.com\www
Trusted Zone: eman
Trusted Zone: uk.vtg
Trusted Zone: vaa.vtg
Trusted Zone: virgin-atlantic.com
Trusted Zone: virgin-atlantic.com\connect
Trusted Zone: virgin-atlantic.com\pass
Trusted Zone: virgin-atlantic.com\www
Trusted Zone: virgin.com\egap.fly
Trusted Zone: virgin.com\thirdparty.fly
Trusted Zone: virginatlantic.com
Trusted Zone: vtg.local\*.vaa
Trusted Zone: worldspan.com
Trusted Zone: wsspan.com
Trusted Zone: airnav
Trusted Zone: cibt.com\uk
Trusted Zone: datalex.com
Trusted Zone: doxzoneportal.com\www
Trusted Zone: dozzoneportal.com\www
Trusted Zone: eman
Trusted Zone: uk.vtg
Trusted Zone: vaa.vtg
Trusted Zone: virgin-atlantic.com
Trusted Zone: virgin-atlantic.com\connect
Trusted Zone: virgin-atlantic.com\www
Trusted Zone: virgin.com\egap.fly
Trusted Zone: virgin.com\thirdparty.fly
Trusted Zone: virginatlantic.com
Trusted Zone: vtg.local\*.vaa
Trusted Zone: worldspan.com
Trusted Zone: wsspan.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: ACNotify - ACNotify.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2006-8-30 85760]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2006-8-30 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2006-8-30 6016]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-5-12 31816]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-8-30 4736]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2006-8-30 4442]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2008-4-15 132400]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2008-4-15 99632]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2008-4-15 5504]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2008-4-15 6528]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-8-30 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-5-12 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-5-12 54608]
R2 radexecd;Radia Notify Daemon;c:\program files\novadigm\radexecd.exe [2002-12-2 196608]
R2 radsched;Radia Scheduler Daemon;c:\program files\novadigm\radsched.exe [2002-9-30 200704]
R2 Radstgms;Radia MSI Redirector;c:\program files\novadigm\Radstgms.exe [2003-3-27 303104]
R2 whlva;Whale Network Connector;c:\windows\system32\drivers\whlva.sys [2009-3-5 13312]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-3-5 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-3-5 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-3-5 174952]
S2 LogWatch;Event Log Watch;c:\windows\logwatnt.exe --> c:\windows\LogWatNT.exe [?]
S3 ControlITService;ControlIT;&P(D0100A005CEE_74D5BCB2)\CtrITService.exe --> &P(D0100A005CEE_74D5BCB2)\CtrITService.exe [?]

=============== Created Last 30 ================

2009-07-10 00:58 172,032 a------- c:\windows\system32\igfxres.dll
2009-07-09 20:35 20,980 a---h--- c:\windows\system32\mlfcache.dat
2009-07-09 12:34 553 a------- c:\windows\USetup.iss
2009-07-09 12:33 69,632 a------- c:\windows\Alcmtr.exe
2009-06-28 02:37 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-06-28 02:37 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-28 02:36 <DIR> --d----- c:\program files\iPod
2009-06-28 02:36 <DIR> --d----- c:\program files\iTunes
2009-06-28 02:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-28 02:36 <DIR> --d----- c:\program files\Bonjour
2009-06-21 21:25 <DIR> --d----- c:\program files\Ares
2009-06-21 11:30 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-21 11:30 159,232 a------- c:\windows\system32\ptpusd.dll

==================== Find3M ====================

2009-06-04 14:05 48,287 a------- c:\windows\system32\wskuofzpxkxdb.exe
2009-05-29 13:10 6,006 a------- c:\windows\system32\tmp.reg
2009-05-29 10:58 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-05-12 02:11 410,984 a------- c:\windows\system32\deploytk.dll

============= FINISH: 20:37:55.29 ===============


Due to unforeseen circumstances I was unable to get to detail this earlier but your further assistance would be much appreciated.

Best Wishes

theo

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:15 AM

Posted 13 July 2009 - 05:58 PM

Hi theo24,

You have adware on the PC plus a few other visible signs of infection.

Please do the following scans for me.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Then

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Finally please post an OTL log.

We need to create an OTL Report
  • Please download OTL from the mirror:
    [http://oldtimer.geekstogo.com/OTL.exe]This is THE Mirror[/url]
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
After that we can start to clear it up. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 theo4

theo4
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 14 July 2009 - 12:30 AM

Dear Mole,

Many thanks for your speedy response. Please find the logs of the programmes run:

Malwarebytes' Anti-Malware 1.39
Database version: 2424
Windows 5.1.2600 Service Pack 2

14/07/2009 06:03:13
mbam-log-2009-07-14 (06-03-13).txt

Scan type: Full Scan (C:\|D:\|I:\|)
Objects scanned: 153937
Time elapsed: 42 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 27
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\IEToolbar\ECO Bar\ecobar.dll (Adware.IEtoolbar) -> Delete on reboot.
C:\Program Files\IEToolbar\ECO Bar\tbhelper.dll (Adware.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{2ee92bca-74c4-4d4b-88da-db9f9e3c9f93} (Adware.IEtoolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{255c13ae-4bb0-45c3-bae1-ba6c088c43b3} (Adware.IEtoolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8fbb0d9a-1f7b-465b-8292-1593b880e92a} (Adware.IEtoolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e67d5bc7-7129-493e-9281-f47bdaface4f} (Adware.IEtoolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10000000-1000-1000-1000-100000000000} (Adware.IEtoolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10000000-1000-1000-1000-100000000000} (Adware.IEtoolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{57cadc46-58ff-4105-b733-5a9f3fc9783c} (Adware.IEtoolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6714adbd-c6c1-42a8-bd84-9c9339059421} (Adware.IEtoolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6714adbd-c6c1-42a8-bd84-9c9339059421} (Adware.IEtoolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6714adbd-c6c1-42a8-bd84-9c9339059421} (Adware.IEtoolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wskuofzpxkxdb (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\runit (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb05288.ietoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb05288.ietoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb05288.tbsb05288 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb05288.tbsb05288.3 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb05288 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb05288.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\runit (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TBSB05288 (Adware.IEtoolbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{10000000-1000-1000-1000-100000000000} (Adware.IEtoolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{10000000-1000-1000-1000-100000000000} (Adware.IEtoolbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer (Disable.MCProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\runit (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\IEToolbar\ECO Bar\ecobar.dll (Adware.IEtoolbar) -> Delete on reboot.
C:\Program Files\IEToolbar\ECO Bar\tbhelper.dll (Adware.BHO) -> Delete on reboot.
c:\program files\runit\runit_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wskuofzpxkxdb.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\_OTM\movedfiles\06082009_172954\WINDOWS\itqot3757.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\_OTM\movedfiles\06082009_172954\WINDOWS\tutvo5143.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\_OTM\movedfiles\06082009_172954\WINDOWS\tvilp4467.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\_OTM\movedfiles\06082009_172954\WINDOWS\system32\c64c4ad1-507e-f01b-054b-9a3954e494bd.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\_OTM\movedfiles\06082009_172954\WINDOWS\system32\gchnamepziopknko.dll (Adware.BlueSkyAds) -> Quarantined and deleted successfully.
c:\program files\runit\config.txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\runit\runitu_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\041413\start menu\Programs\Startup\runit_32.lnk (Rogue.Link) -> Quarantined and deleted successfully.
c:\UserGuide.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\kdiue732.txt (Malware.Trace) -> Quarantined and deleted successfully.

OTL logfile created on: 14/07/2009 06:25:22 - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\041413\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 563.18 Mb Available Physical Memory | 55.52% Memory free
2.38 Gb Paging File | 2.02 Gb Available in Paging File | 84.58% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.61 Gb Free Space | 63.39% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 37.25 Gb Total Space | 23.61 Gb Free Space | 63.39% Space Free | Partition Type: *NT5CSC

Computer Name: LL3D0227
Current User Name: 041413
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2005/11/11 01:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\System32\ibmpmsvc.exe
PRC - [2006/04/14 11:43:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/04/14 11:44:58 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/06/19 02:06:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\System32\IPSSVC.EXE
PRC - [2006/04/17 13:12:26 | 00,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/15 16:44:30 | 00,132,400 | ---- | M] () -- C:\WINDOWS\System32\AppleOSSMgr.exe
PRC - [2008/04/15 16:44:30 | 00,099,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\AppleTimeSrv.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/05/31 14:43:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2009/05/12 02:11:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/07/17 16:06:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2008/05/12 16:30:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008/05/12 16:30:10 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2005/08/09 14:41:38 | 00,075,328 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\GRAVITIXSERVICE.exe
PRC - [2002/12/02 17:50:18 | 00,196,608 | ---- | M] (Novadigm) -- C:\Program Files\Novadigm\radexecd.exe
PRC - [2008/07/17 16:06:00 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2002/09/30 16:53:00 | 00,200,704 | ---- | M] (Novadigm) -- C:\Program Files\Novadigm\radsched.exe
PRC - [2003/03/27 10:44:20 | 00,303,104 | ---- | M] (Novadigm) -- C:\Program Files\Novadigm\Radstgms.exe
PRC - [2006/04/14 11:42:26 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/06/20 12:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.EXE
PRC - [2005/06/06 21:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe
PRC - [2006/04/17 13:12:28 | 00,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/04/17 13:13:00 | 00,094,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2004/08/04 00:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/07/17 16:06:00 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
PRC - [2002/10/08 22:28:42 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\TpScrLk.exe
PRC - [2006/07/05 17:15:52 | 00,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006/02/14 14:17:28 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/07/17 16:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\McTray.exe
PRC - [2006/02/14 14:16:28 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/11/07 11:14:16 | 00,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\System32\TpShocks.exe
PRC - [2006/04/17 13:09:10 | 00,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006/04/17 12:59:10 | 00,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2006/06/19 02:06:00 | 00,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/02/24 02:22:00 | 00,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/07/05 01:11:00 | 00,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2005/11/14 15:23:22 | 00,487,424 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
PRC - [2005/05/20 08:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2005/08/09 14:41:42 | 00,419,392 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\pddm.exe
PRC - [2005/08/01 05:10:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2005/07/05 14:57:12 | 00,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2008/05/12 16:30:14 | 00,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2005/10/26 00:44:30 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/05/12 00:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2006/01/24 03:04:00 | 00,225,280 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
PRC - [2008/04/15 16:44:30 | 00,423,216 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\KbdMgr.exe
PRC - [2009/05/12 02:11:15 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/07/11 01:14:42 | 00,142,104 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2007/07/11 01:14:40 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2007/07/11 01:14:40 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2007/07/11 01:14:42 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2009/03/13 12:42:36 | 03,231,744 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2006/05/31 14:51:02 | 00,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2005/05/12 00:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2001/12/27 03:20:00 | 00,037,888 | ---- | M] () -- C:\Program Files\Quickres\QKRES2K.EXE
PRC - [2001/11/27 08:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/05/12 01:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2005/05/12 00:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
PRC - [2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/14 06:24:39 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\041413\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/04/17 13:12:26 | 00,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])
SRV - [2006/04/17 13:12:28 | 00,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/04/15 16:44:30 | 00,132,400 | ---- | M] () -- C:\WINDOWS\System32\AppleOSSMgr.exe -- (AppleOSSMgr [Auto | Running])
SRV - [2008/04/15 16:44:30 | 00,099,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\AppleTimeSrv.exe -- (AppleTimeSrv [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/05/31 14:43:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - File not found -- -- (ControlITService [On_Demand | Stopped])
SRV - [2006/04/14 11:43:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/11 01:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\System32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/06/19 02:06:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\System32\IPSSVC.EXE -- (IPSSVC [Auto | Running])
SRV - [2004/08/04 00:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/05/12 02:11:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - File not found -- -- (LogWatch [Auto | Stopped])
SRV - [2008/07/17 16:06:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2008/05/12 16:30:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Auto | Running])
SRV - [2008/05/12 16:30:10 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Auto | Running])
SRV - [2006/10/13 13:35:12 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll -- (NWCWorkstation [Auto | Running])
SRV - [2005/08/09 14:41:38 | 00,075,328 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\GRAVITIXSERVICE.exe -- (PatchLink Update [Auto | Running])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2002/12/02 17:50:18 | 00,196,608 | ---- | M] (Novadigm) -- C:\Program Files\Novadigm\radexecd.exe -- (radexecd [Auto | Running])
SRV - [2002/09/30 16:53:00 | 00,200,704 | ---- | M] (Novadigm) -- C:\Program Files\Novadigm\radsched.exe -- (radsched [Auto | Running])
SRV - [2003/03/27 10:44:20 | 00,303,104 | ---- | M] (Novadigm) -- C:\Program Files\Novadigm\Radstgms.exe -- (Radstgms [Auto | Running])
SRV - [2006/04/14 11:42:26 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/04/14 11:44:58 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2005/06/20 12:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.EXE -- (TPHDEXLGSVC [Auto | Running])
SRV - [2005/06/06 21:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe -- (TpKmpSVC [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/01/31 10:19:34 | 00,176,128 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2005/06/07 13:53:46 | 00,152,960 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\AEAudio.sys -- (AEAudioService [On_Demand | Running])
DRV - [2006/08/30 15:45:11 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/11/08 09:27:20 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\drivers\ANC.SYS -- (ANC [System | Running])
DRV - [2005/05/17 10:20:06 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\System32\DRIVERS\atmeltpm.sys -- (atmeltpm [On_Demand | Running])
DRV - [2006/05/31 14:22:26 | 00,851,434 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2005/08/01 05:10:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/07/07 09:03:34 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/08/01 05:10:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/08/01 05:10:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/08/01 05:10:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/08/01 05:10:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/07/07 09:02:56 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/08/01 05:10:00 | 00,092,700 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/08/01 05:10:00 | 00,087,004 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/07/28 03:30:00 | 00,088,704 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/07/07 05:10:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2007/10/08 21:57:15 | 00,199,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2006/06/29 17:11:08 | 00,011,712 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS -- (EGATHDRV [Auto | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/03/08 05:43:25 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2005/03/08 05:43:26 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2005/03/08 05:43:27 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/12/06 11:21:32 | 00,936,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\hsx_dpv.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2005/12/06 11:20:48 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\hsxhwazl.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2008/04/15 15:34:05 | 05,761,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2005/10/12 12:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Drivers\iaStor.sys -- (iastor [Boot | Stopped])
DRV - [2005/11/11 01:33:00 | 00,010,112 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])
DRV - [2006/01/13 00:33:22 | 00,006,016 | ---- | M] () -- C:\WINDOWS\System32\Drivers\IBMBLDID.sys -- (IBMTPCHK [System | Running])
DRV - [2008/04/15 16:44:30 | 00,005,504 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\drivers\KeyAgent.sys -- (KeyAgent [Auto | Running])
DRV - [2008/04/15 16:44:30 | 00,006,528 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\drivers\MacHALDriver.sys -- (MacHALDriver [Auto | Running])
DRV - [2005/10/05 15:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/05/12 16:30:08 | 00,064,232 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV - [2008/05/12 16:30:08 | 00,072,936 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2008/05/12 16:30:10 | 00,033,960 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2008/05/12 16:30:10 | 00,174,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV - [2008/05/12 16:30:20 | 00,031,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
DRV - [2008/05/12 16:30:12 | 00,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys -- (mfetdik [System | Running])
DRV - [2004/08/03 23:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Running])
DRV - [2004/08/03 23:03:36 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
DRV - [2001/08/23 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
DRV - [2001/08/23 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
DRV - [2006/10/13 11:23:15 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwrdr.sys -- (NWRDR [On_Demand | Running])
DRV - [2006/06/19 02:06:00 | 00,005,120 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\System32\DRIVERS\PROCDD.SYS -- (PROCDD [Auto | Running])
DRV - [2001/08/23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009/04/15 21:25:42 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/04/14 13:04:08 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2001/08/23 13:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/06/20 12:18:00 | 00,004,736 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr [System | Running])
DRV - [2005/11/30 15:58:00 | 00,085,760 | ---- | M] (Lenovo) -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf [Boot | Running])
DRV - [2006/04/24 01:53:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Smapint.sys -- (Smapint [System | Running])
DRV - [2006/02/14 14:04:58 | 00,177,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/04/24 01:53:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS -- (TDSMAPI [System | Running])
DRV - [2005/07/05 14:57:06 | 00,017,699 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV [System | Running])
DRV - [2006/05/26 01:13:00 | 00,004,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\Tppwrif.sys -- (TPPWRIF [System | Running])
DRV - [2006/07/21 02:54:00 | 00,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS -- (TSMAPIP [System | Running])
DRV - [2006/04/04 03:17:24 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Running])
DRV - [2009/03/05 15:42:43 | 00,013,312 | -H-- | M] (Whale Communications Ltd.) -- C:\WINDOWS\System32\DRIVERS\whlva.sys -- (whlva [Auto | Running])
DRV - [2005/12/06 11:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\hsx_cnxt.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.vaa.vtg
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\S-1-5-21-3871640793-1561553363-164305601-15594\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\S-1-5-21-3871640793-1561553363-164305601-15594\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.VTG;10.*.*.*;*.vtg.local;SVAA*;194.100.100.1;204.26.248.*;204.26.249.*;192.168.*.*;*ebusiness.virgin-atlantic.com;ebus*.virgin-atlantic.com;195.6.25.194;https://services.airbusworld.com;*.2vshares.com;*.vsshares.com;172.30.84.83;https://pass.virgin-atlantic.com;10.20.7.81;<local>;*.local
IE - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\S-1-5-21-3871640793-1561553363-164305601-15594\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:80

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/12 02:11:16 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [McAfeeUpdaterUI] File not found
O4 - HKLM..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe (PatchLink Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] File not found
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\tp4ex.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [UniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe (INGENICA UK Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QUICKRES.lnk = C:\Program Files\Quickres\QKRES2K.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 1
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 1
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 1
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = gmt.exe
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = hbinst.exe
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = hbsrv.exe
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = mwsoemon.exe
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = save.exe
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = soundmx.exe
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = swebexec.exe
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = weatherontray.exe
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = webshotstray.exe
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 1 = Accessibility Options
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 2 = CSNW
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 3 = Display
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 4 = Keyboard
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 5 = Mail
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 6 = Mouse
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 7 = Power Options
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 8 = Printers and Faxes
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 9 = Regional Language Options
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 10 = Scanners and Cameras
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 11 = Sounds and Audio Devices
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 12 = Wireless Link
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl: 13 = WSP Client
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594_Classes\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe (Lenovo Group Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlNSP.dll (Whale Communications, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: airnav ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: cibt.com ([uk] http in Trusted sites)
O15 - HKLM\..Trusted Domains: datalex.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: doxzoneportal.com ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: dozzoneportal.com ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: eman ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: uk.vtg ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: vaa.vtg ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: virgin.com ([egap.fly] https in Trusted sites)
O15 - HKLM\..Trusted Domains: virgin.com ([thirdparty.fly] https in Trusted sites)
O15 - HKLM\..Trusted Domains: virginatlantic.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: virginatlantic.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: virgin-atlantic.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: virgin-atlantic.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: virgin-atlantic.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: virgin-atlantic.com ([connect] https in Trusted sites)
O15 - HKLM\..Trusted Domains: virgin-atlantic.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: vtg.local ([*.vaa] http in Trusted sites)
O15 - HKLM\..Trusted Domains: worldspan.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: wsspan.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 5 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: airnav ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: cibt.com ([uk] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: cibt.com ([uk] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: datalex.com ([]https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: doxzoneportal.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: dozzoneportal.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: eman ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: uk.vtg ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaa.vtg ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: virgin.com ([egap.fly] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: virgin.com ([thirdparty.fly] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: virginatlantic.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: virginatlantic.com ([]https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: virgin-atlantic.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: virgin-atlantic.com ([]https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: virgin-atlantic.com ([connect] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: virgin-atlantic.com ([pass] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: virgin-atlantic.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vtg.local ([*.vaa] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: worldspan.com ([]https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: wsspan.com ([]https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: 5 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: airnav ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: cibt.com ([uk] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: cibt.com ([uk] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: datalex.com ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: doxzoneportal.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: dozzoneportal.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: eman ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: uk.vtg ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaa.vtg ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: virgin.com ([egap.fly] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: virgin.com ([thirdparty.fly] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: virginatlantic.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: virginatlantic.com ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: virgin-atlantic.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: virgin-atlantic.com ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: virgin-atlantic.com ([connect] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: virgin-atlantic.com ([pass] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: virgin-atlantic.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vtg.local ([*.vaa] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: worldspan.com ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: wsspan.com ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: 5 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: 81.201.138.81 ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: airnav ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: cibt.com ([uk] http in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: cibt.com ([uk] https in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: datalex.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: doxzoneportal.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: dozzoneportal.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: eman ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: uk.vtg ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: vaa.vtg ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: virgin.com ([egap.fly] https in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: virgin.com ([thirdparty.fly] https in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: virginatlantic.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: virginatlantic.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: virgin-atlantic.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: virgin-atlantic.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: virgin-atlantic.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: virgin-atlantic.com ([connect] https in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: virgin-atlantic.com ([pass] https in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: virgin-atlantic.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: vtg.local ([*.vaa] http in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: worldspan.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: wsspan.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Domains: 6 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3871640793-1561553363-164305601-15594\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vaa.vtg.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)
O20 - Winlogon\Notify\AwayNotify: DllName - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/30 13:37:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{309d7c47-63da-11de-9f42-0013027c71aa}\Shell - "" = AutoRun
O33 - MountPoints2\{309d7c47-63da-11de-9f42-0013027c71aa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{309d7c47-63da-11de-9f42-0013027c71aa}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{550f943e-3dc9-11de-9efd-0013027c71aa}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{9971bc47-4920-11de-9f14-0013027c71aa}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2424/10/25 22:38:28 | 00,144,896 | ---- | C] () -- C:\Documents and Settings\041413\Desktop\EP Contact List.doc
[2009/07/14 06:24:35 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\041413\Desktop\OTL.exe
[2009/07/14 05:12:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\041413\application data\Malwarebytes
[2009/07/14 05:12:33 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/14 05:12:15 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/14 05:12:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/14 05:12:11 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/14 05:12:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/14 05:10:33 | 03,775,176 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\041413\Desktop\mbam-setup.exe
[2009/07/13 22:31:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\041413\application data\AVS4YOU
[2009/07/13 22:30:06 | 00,000,897 | ---- | C] () -- C:\Documents and Settings\041413\Desktop\AVS Video Converter 6.lnk
[2009/07/13 22:28:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2009/07/10 00:58:49 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2009/07/09 20:35:17 | 00,020,980 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/09 12:37:56 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/07/09 12:37:29 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/07/09 12:34:00 | 00,000,553 | ---- | C] () -- C:\WINDOWS\USetup.iss
[2009/07/09 12:33:58 | 00,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2009/06/28 02:37:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\041413\application data\Apple Computer
[2009/06/28 02:37:23 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/28 02:37:19 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/06/28 02:37:18 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/06/28 02:36:52 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/06/28 02:36:48 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/06/28 02:36:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/28 02:36:31 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/06/28 02:36:05 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/06/28 02:35:36 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/06/28 02:35:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/06/28 02:34:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/06/28 02:33:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\041413\Local Settings\Application Data\Apple Computer
[2009/06/27 03:35:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\041413\application data\U3
[2009/06/21 21:26:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\041413\Local Settings\Application Data\Ares
[2009/06/21 21:26:13 | 00,000,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ares.lnk
[2009/06/21 21:25:54 | 00,000,000 | ---D | C] -- C:\Program Files\Ares
[2009/06/21 11:30:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/06/21 11:30:46 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/06/21 00:30:52 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/21 00:30:48 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/05/11 04:57:13 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/11 04:57:13 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/28 01:33:15 | 00,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2009/03/16 12:27:41 | 00,000,112 | ---- | C] () -- C:\WINDOWS\OPLM.INI
[2009/03/13 14:59:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/03/05 16:03:24 | 00,000,022 | ---- | C] () -- C:\WINDOWS\WINMSG.INI
[2009/03/05 16:00:14 | 00,095,744 | ---- | C] () -- C:\WINDOWS\System32\NCALLS.DLL
[2009/03/04 17:50:08 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2006/09/20 18:01:58 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/09/08 19:03:05 | 00,000,148 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/04 17:54:49 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/04 17:43:07 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/09/04 17:43:07 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/09/04 17:43:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/09/04 17:43:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/09/04 17:43:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/09/04 17:43:07 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/09/04 13:56:31 | 00,000,036 | ---- | C] () -- C:\WINDOWS\Webica.ini
[2006/09/01 15:56:40 | 00,000,046 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2006/08/30 15:48:46 | 00,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/08/30 15:48:29 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/08/30 15:48:14 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2006/08/30 15:46:38 | 00,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2006/08/30 15:45:52 | 00,000,453 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/30 15:43:46 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2006/08/30 15:43:40 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/06/19 02:06:00 | 00,009,924 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006/06/19 02:06:00 | 00,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
[2006/06/12 12:27:00 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/05/31 14:37:38 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/11/30 20:16:02 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2005/09/06 18:05:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/05 23:45:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2002/04/22 09:09:55 | 00,000,893 | ---- | C] () -- C:\WINDOWS\SMTBF.INI
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 13:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 13:00:00 | 00,000,558 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 13:00:00 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[22 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[1 \\SVAAOFFNAS01\home$\041413\office\data\*.tmp files]
[1 C:\Documents and Settings\041413\Desktop\*.tmp files]
[2009/07/14 06:24:39 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\041413\Desktop\OTL.exe
[2009/07/14 06:09:10 | 00,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2009/07/14 06:09:06 | 00,009,924 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2009/07/14 06:08:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/14 06:07:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/14 06:07:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/14 06:05:21 | 06,942,354 | -H-- | M] () -- C:\Documents and Settings\041413\Local Settings\Application Data\IconCache.db
[2009/07/14 05:12:33 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/14 05:10:33 | 03,775,176 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\041413\Desktop\mbam-setup.exe
[2009/07/13 22:31:09 | 00,000,946 | ---- | M] () -- C:\Documents and Settings\041413\Desktop\AVS4YOU Software Navigator.lnk
[2009/07/13 22:30:06 | 00,000,897 | ---- | M] () -- C:\Documents and Settings\041413\Desktop\AVS Video Converter 6.lnk
[2009/07/13 22:29:07 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/07/13 22:26:24 | 00,000,080 | ---- | M] () -- C:\Documents and Settings\041413\application data\AVSMediaPlayer.m3u
[2009/07/13 22:04:04 | 00,171,520 | ---- | M] () -- C:\Documents and Settings\041413\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/12 18:19:46 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/07/09 20:35:17 | 00,020,980 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/09 20:34:40 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/07/09 11:57:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/28 02:36:05 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/06/21 21:26:13 | 00,000,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ares.lnk
< End of report >


OTL Extras logfile created on: 14/07/2009 06:25:22 - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\041413\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 563.18 Mb Available Physical Memory | 55.52% Memory free
2.38 Gb Paging File | 2.02 Gb Available in Paging File | 84.58% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.61 Gb Free Space | 63.39% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 37.25 Gb Total Space | 23.61 Gb Free Space | 63.39% Space Free | Partition Type: *NT5CSC

Computer Name: LL3D0227
Current User Name: 041413
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2009/03/13 12:42:36 | 03,231,744 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/06/05 13:39:18 | 14,073,640 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{}_is1" = Ares 3.1.5.3033
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{095659A2-739F-4D9A-A916-66C7CAD16F9E}" = Canon Camera WIA Driver
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142120}" = Java 2 Runtime Environment, SE v1.4.2_12
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74344F10-34CA-480E-BD02-B3F4FA692BFA}" = File Viewer Utility 1.3.1
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{94F9723E-900A-43C5-8F4E-AD2D2ED09273}" = Microsoft Visio Viewer 2002
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}" = System Migration Assistant
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Camera Window
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B754C893-6177-4061-9B2F-88F58C1C5166}" = CIG
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}" = MobileMe Control Panel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}" = Software Installer
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D989BCC0-757C-4FB6-893C-512DF4382656}" = MetaFrame Presentation Server Client
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EF91B23E-3819-43A1-AE47-043E1900EB2B}" = RemoteCapture 2.7.4
"{F060A75A-9D6E-46F5-A9E6-7B513F4F44FB}" = PatchLink Update Agent
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E45628-1218-4865-A516-8E8A54272ADC}" = Boot Camp Services
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2345F6A-25F8-46DB-AA4D-4937547970CB}" = Radia Client
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"02FEC2FAAA7DED51CAF15F06DB8B63E735EE735C" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (04/06/2008 2.1.0.1)
"059BF941BA77F24DED9444B45BB0DAA5353F86EB" = Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0)
"0936416DB5978E29D553FACF9DD6F3EFBA1929DA" = Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)
"0EEF0136F93FA6C5AB723AADEA61FF550D8C60FB" = Windows Driver Package - Broadcom (BCM43XX) Net (01/08/2007 4.80.75.0)
"144A90A8644F24BDCA0607CBAE7F90C2F5427DA4" = Windows Driver Package - Apple Inc. Apple Multitouch (12/18/2007 2.0.1.10)
"181B29655BDD6EA3FC483A7E4D1C2ED7735873F0" = Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)
"18BB9B0552BA675902E31409A34F929D9C9AD56C" = Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
"2CA2C2712E3120F27F44A38A6FA5540D9A93CA01" = Windows Driver Package - Apple Inc. Apple IR Receiver (11/01/2007 2.0.1.1)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"6784A318842714811EC3F8409C3C0F7983B90972" = Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0)
"6AB59209597E0F6B986EC8E976521FDF0A696C9D" = Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
"6AEF368351694A266BAB82596EEA968C73E8FC87" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)
"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589" = Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
"850625E38080EAF5C2644C07A2510A394019973D" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"992615C0D0002C27AA3BB336C66D1E7764047A51" = Windows Driver Package - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)
"9B19F92D5E3730EA8D0788B248741F6CC2633DBE" = Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"AD3F97DB12E1CE21FA0120AB7CE80FADD54FC0AB" = Windows Driver Package - Apple Inc. Apple Keyboard (03/10/2008 2.1.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"audcle" = Plus! MP3 Audio Converter LE
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AwayTask" = ThinkVantage Away Manager
"c64c4ad1-507e-f01b-054b-9a3954e494bd" = Contextual Platform Blueskyadagency
"C71CD722DD357F78301EAEA028431241C2D91890" = Windows Driver Package - Apple Inc. System (09/12/2007 2.0.1.1)
"CE031DF97C704035E8B6E570362ABD337ACA4BA5" = Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"D1E46C4F35C591B14E31349A9EDA8227C5F0E966" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)
"D3BCC671821E117ACD653C1AA146540791143F25" = Windows Driver Package - Apple Inc. Apple Display (12/19/2007 2.0.2.0)
"D66D0ACEFE4E32CCDF30362ACBB3EAEFB97E9FDE" = Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
"D922ADD1498E7464ED76231D79D703FC1320C80C" = Windows Driver Package - Broadcom (BCM43XX) Net (09/20/2007 4.170.25.12)
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"F5A89004299B5282B8B5D7D9F7253FF13C58628F" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (12/18/2007 2.0.1.10)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"InstallShield_{095659A2-739F-4D9A-A916-66C7CAD16F9E}" = Canon EOS 10D WIA Driver
"InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon EOS Kiss REBEL 300D WIA Driver
"InstallShield_{74344F10-34CA-480E-BD02-B3F4FA692BFA}" = Canon Utilities File Viewer Utility 1.3
"InstallShield_{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{B754C893-6177-4061-9B2F-88F58C1C5166}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{EF91B23E-3819-43A1-AE47-043E1900EB2B}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"NVIDIA Drivers" = NVIDIA Drivers
"Oracle JInitiator 1.3.1.9" = Oracle JInitiator 1.3.1.9
"PhotoRecord" = Canon PhotoRecord
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"QkRes2k" = QkRes2k (Remove Only)
"Remove Multimedia Center" = Remove Multimedia Center
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TBSB05288.TBSB05288Toolbar" = ECO Bar
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TPKBDLED" = Scroll Lock Indicator Utility
"UniPrint Client 3.6.0" = UniPrint Client 3.6.0
"wa2wmp" = Windows Media Player Skin Importer
"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v3.6
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinZip" = WinZip
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/07/2009 14:46:33 | Computer Name = LL3D0227 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/07/2009 22:46:33 | Computer Name = LL3D0227 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 12/07/2009 06:46:34 | Computer Name = LL3D0227 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 12/07/2009 14:46:34 | Computer Name = LL3D0227 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 12/07/2009 21:50:57 | Computer Name = LL3D0227 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 12/07/2009 21:51:14 | Computer Name = LL3D0227 | Source = UserInit | ID = 1000
Description = Could not execute the following script UKLaptopStartup.vbs. The system
cannot find the file specified. .

Error - 12/07/2009 21:51:14 | Computer Name = LL3D0227 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 12/07/2009 21:51:57 | Computer Name = LL3D0227 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 13/07/2009 05:51:58 | Computer Name = LL3D0227 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 13/07/2009 13:51:58 | Computer Name = LL3D0227 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 10/07/2009 07:56:46 | Computer Name = LL3D0227 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/07/2009 07:56:46 | Computer Name = LL3D0227 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 10/07/2009 08:11:46 | Computer Name = LL3D0227 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 10/07/2009 08:41:46 | Computer Name = LL3D0227 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 60 minutes. NtpClient has no source of accurate
time.

Error - 10/07/2009 09:41:46 | Computer Name = LL3D0227 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 120 minutes. NtpClient has no source of accurate
time.

Error - 10/07/2009 11:41:46 | Computer Name = LL3D0227 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 10/07/2009 11:56:32 | Computer Name = LL3D0227 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain VAA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 10/07/2009 15:41:46 | Computer Name = LL3D0227 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 480 minutes. NtpClient has no source of accurate
time.

Error - 10/07/2009 16:11:35 | Computer Name = LL3D0227 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain VAA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 10/07/2009 20:11:35 | Computer Name = LL3D0227 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain VAA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.


< End of report >


Best wishes and thanks!

theo4

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:15 AM

Posted 14 July 2009 - 06:36 AM

MBAM's done a good job but before go further I need you to run Gmer - as I asked you to last post - so we can rule in/out rootkit activity.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 theo4

theo4
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 14 July 2009 - 05:26 PM

Apologies, I thought I had pasted it as I had performed it. Here are the results:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-14 06:22:06
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA89E6ABB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA89E6A3B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA89E6AE5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA89E6A4F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA89E6A7B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA89E6B0F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA89E6A27]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA89E6ACF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA89E6A65]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA89E6A91]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA89E6AA7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA89E6B25]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA89E6AF9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

Many thanks,

theo4

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:15 AM

Posted 14 July 2009 - 06:42 PM

Hi theo24,

Gmer was clean so there's no rootkits.

The MBAM log showed that OTM files were still present. This folder should have been removed after you were receiving help before. Please make sure you do follow all the instructions in my final post.

The MBAM log does show that there was quite a bit of malware present so we need to double-check the PC.

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 theo4

theo4
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 16 July 2009 - 11:01 AM

Dear m0le,

Thanks for your advice. Here is the result of the Bitdefender scan attached.

Many thanks.

theo4 :thumbup2:

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:15 AM

Posted 16 July 2009 - 11:39 AM

BitDefender only found the OTM-quarantined files.

How is the PC running?

One last check please :thumbup2:

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Posted Image
m0le is a proud member of UNITE

#9 theo4

theo4
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 17 July 2009 - 06:16 AM

Ho m0le,

I ran the scan and no threats were detected. The computer is now running much better and I haven't experienced any pop-up ads since yesterday.

Could this be it? :thumbup2:

Many thanks,

theo4

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:15 AM

Posted 17 July 2009 - 06:33 AM

Yes, that is it theo24. Your log is clean. Good stuff! :thumbup2:

Let's firstly do some housekeeping

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Here's a list of ways you can avoid problems in the future:

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it theo24, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#11 theo4

theo4
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 17 July 2009 - 07:51 AM

Thank you m0le.

One remaining problem which made itself apparent after saying everything had gone back to normal. :thumbup2:

It has been attached but it essentially talks about memory in relation to IE and offers the option of either debugging or terminating the problem.

Can you please assist me in dealing with this problem?

Best Wishes,

theo4

Attached Files



#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:15 AM

Posted 17 July 2009 - 07:39 PM

Hi theo24,

I will try and help but this may have to referred to another forum where more knowledgeable members/staff can help.

Firstly, that crash message could mean that some RAM chips have gone bad.

Run a RAM test here and let me know what it says.
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:15 AM

Posted 21 July 2009 - 11:19 AM

Hi theo24,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:15 AM

Posted 22 July 2009 - 03:30 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users