Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pc been hacked i think


  • This topic is locked This topic is locked
31 replies to this topic

#1 virus noob 2

virus noob 2

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 14 September 2009 - 11:13 AM

Hi, as requested here are the logs


DDS (Ver_09-07-30.01) - NTFSx86
Run by paul at 17:01:32.71 on 14/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1299 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\nHancer\nHancerService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\paul\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sky.com/portal/site/skycom/home
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://skyonline.oberon-media.com/gameshell/games/channel--110400227/lc--en/room--a9f833c4-2051-4c3f-a36c-2e03f19c2b37/online/mystery_of_shark_island/en/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201034361968
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://skyonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = :\windows\syste

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-19 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-19 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-19 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-19 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-19 297752]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-1-22 17149]
S2 gupdate1c9c1afcd70328;Google Update Service (gupdate1c9c1afcd70328);c:\program files\google\update\GoogleUpdate.exe [2009-4-20 133104]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

=============== Created Last 30 ================

2009-09-13 16:24 <DIR> --d----- c:\program files\Trend Micro
2009-09-09 09:32 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-08-30 18:20 <DIR> --d----- C:\Temp
2009-08-27 18:08 <DIR> --d----- c:\docume~1\paul\applic~1\Blitware
2009-08-27 17:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-08-16 12:53 <DIR> --d----- c:\program files\SpeedFan

==================== Find3M ====================

2009-08-16 22:50 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 22:50 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-19 22:16 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 18:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 09:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 09:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 09:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 09:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 09:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 09:25 54,272 a------- c:\windows\system32\wdigest.dll
2008-10-20 19:15 61 ---sh--- c:\windows\cnerolf.bin
2008-01-22 23:42 61 ---sh--- c:\windows\cnerolf.dat
2009-03-20 12:16 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032020090321\index.dat

============= FINISH: 17:01:37.92 ===============


hth, as i need to get this sorted.

regards
paul

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:34 PM

Posted 30 September 2009 - 07:50 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 virus noob 2

virus noob 2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 30 September 2009 - 12:18 PM

Hi _temp_,

I thank you for your reply and your assistance in this matter, and my sincere apologies for seeming impatient by double posting,

My problem started when we found our bank account had been hacked several times, of small amounts and then over £560 and we need to find out if its been through the pc or other means that someone has aquired our bank details.

The bank say it is "typical" paypal hack but paypal deny that these transactions have been through them.
My usual routines for trying to keep my pc safe are avg, windows defender and ccleaner, i always update my avg every night and do a scan afterwards before shutting down.

Here are the files you requested, and FYI although i use my pc all the time i am not great with computers and after reading several other posts similar still fail to understand (which may seem simple) instructions, so please bear with me if i am a little slow in picking things up.

(just to add as im typing this my mouse cursor is showing a timer every time i press a key - which has never happened before.)







OTL Extras logfile created on: 30/09/2009 18:05:28 - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\paul\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.20% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 172.56 Gb Free Space | 74.10% Space Free | Partition Type: NTFS
Drive D: | 629.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAUL-C305CAA635
Current User Name: paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\VRC\VRC.exe" = C:\Program Files\VRC\VRC.exe:*:Enabled:VRC -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03748342-E2C2-4442-8D15-6A28D8A932BE}" = Aerosoft's - Seahawk & Jayhawk X
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{29B3C64A-0F93-47CD-9C54-72C0C5578487}" = Samsung PC Studio
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7373184D-8E8F-4308-912A-3901071FA1AD}" = LightScribe Applications
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C92CF6-7B3E-4892-8DE5-125E44D1AD06}" = nHancer
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Active Camera 2004 2.1 for FS 2004 (updated to 9.1)" = Active Camera 2004 2.1 for FS 2004 (updated to 9.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG8Uninstall" = AVG Free 8.0
"CCleaner" = CCleaner (remove only)
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FlySim_is1" = FlySim 1.51
"Fraps" = Fraps
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SpeedFan" = SpeedFan (remove only)
"SquawkBox" = SquawkBox
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VRC" = VRC
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/09/2009 12:42:32 | Computer Name = PAUL-C305CAA635 | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 14/09/2009 12:42:32 | Computer Name = PAUL-C305CAA635 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 17/09/2009 13:08:36 | Computer Name = PAUL-C305CAA635 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x02618b88.

Error - 17/09/2009 13:08:51 | Computer Name = PAUL-C305CAA635 | Source = Application Error | ID = 1001
Description = Fault bucket 731716843.

Error - 23/09/2009 15:14:46 | Computer Name = PAUL-C305CAA635 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/09/2009 15:14:48 | Computer Name = PAUL-C305CAA635 | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

Error - 28/09/2009 04:25:27 | Computer Name = PAUL-C305CAA635 | Source = Google Update | ID = 20
Description =

Error - 29/09/2009 10:02:52 | Computer Name = PAUL-C305CAA635 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 30/09/2009 06:15:19 | Computer Name = PAUL-C305CAA635 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x00082655.

Error - 30/09/2009 06:18:09 | Computer Name = PAUL-C305CAA635 | Source = Application Error | ID = 1001
Description = Fault bucket 1193877534.

[ System Events ]
Error - 29/09/2009 05:45:12 | Computer Name = PAUL-C305CAA635 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 29/09/2009 05:45:22 | Computer Name = PAUL-C305CAA635 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 29/09/2009 10:23:42 | Computer Name = PAUL-C305CAA635 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 29/09/2009 10:23:53 | Computer Name = PAUL-C305CAA635 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 29/09/2009 10:24:03 | Computer Name = PAUL-C305CAA635 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 29/09/2009 10:24:14 | Computer Name = PAUL-C305CAA635 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 30/09/2009 04:18:44 | Computer Name = PAUL-C305CAA635 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 30/09/2009 04:19:02 | Computer Name = PAUL-C305CAA635 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 30/09/2009 04:19:13 | Computer Name = PAUL-C305CAA635 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 30/09/2009 04:19:23 | Computer Name = PAUL-C305CAA635 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}


< End of report >



OTL logfile created on: 30/09/2009 18:05:28 - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\paul\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.20% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 172.56 Gb Free Space | 74.10% Space Free | Partition Type: NTFS
Drive D: | 629.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAUL-C305CAA635
Current User Name: paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2009/08/16 22:50:35 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/05/01 08:44:12 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/26 13:15:18 | 00,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) -- C:\Program Files\nHancer\nHancerService.exe
PRC - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2009/08/16 22:50:33 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/16 22:50:40 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/16 22:50:40 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/16 22:50:40 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/12/18 14:34:36 | 00,868,352 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/07/13 08:12:26 | 00,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/08/16 22:50:37 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/01/25 15:49:02 | 00,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe
PRC - [2009/08/16 22:50:36 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2006/02/28 13:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2009/08/16 22:50:40 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/09/30 18:00:13 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\paul\Desktop\OTL.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/16 22:50:33 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/16 22:50:35 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/04/20 12:56:26 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c1afcd70328 [Auto | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2009/05/01 08:44:12 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/01/24 13:36:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Disabled | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/04/26 13:15:18 | 00,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) -- C:\Program Files\nHancer\nHancerService.exe -- (nHancer [Auto | Running])
SRV - [2009/03/27 10:03:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Disabled | Stopped])
SRV - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/12/08 10:06:00 | 00,139,776 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\adidts.sys -- (ADIDTSFiltService [On_Demand | Running])
DRV - [2007/01/16 02:09:06 | 00,293,888 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2006/08/06 23:57:30 | 00,093,952 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\AEAudio.sys -- (AEAudio [On_Demand | Running])
DRV - [2008/01/22 21:15:04 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/09/05 11:21:06 | 00,362,944 | ---- | M] (NETGEAR, Inc.) -- C:\WINDOWS\System32\DRIVERS\WG11TND5.sys -- (AR5523 [On_Demand | Running])
DRV - [2009/08/16 22:50:40 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/16 22:50:40 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/19 22:16:42 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2003/07/24 13:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNINDIS5.SYS -- (DNINDIS5 [On_Demand | Running])
DRV - [2004/10/25 20:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [1996/04/03 20:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/04/12 03:04:40 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006/04/12 03:04:40 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006/04/12 03:04:40 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2004/08/13 03:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2009/03/27 10:03:00 | 06,280,416 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/09/21 08:39:16 | 00,105,344 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006/08/07 09:39:22 | 00,052,736 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Stopped])
DRV - [2006/08/07 09:39:24 | 00,018,944 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2006/02/28 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/09/24 14:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2008/02/18 12:20:52 | 00,716,272 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/08/30 02:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
DRV - [2005/08/30 02:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])
DRV - [2005/08/30 02:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])
DRV - [2005/08/30 18:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV - [2005/08/30 18:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV - [2005/08/30 18:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV - [2008/06/14 22:23:48 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/portal/site/skycom/home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} http://skyonline.oberon-media.com/gameshel...Web.1.0.0.8.cab (CPlayFirstmsiControl Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1201034361968 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://skyonline.oberon-media.com/Gameshel...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/22 20:43:46 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/05/27 05:45:29 | 00,000,042 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{23bd8942-c921-11dc-bc1e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{23bd8942-c921-11dc-bc1e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2009/09/30 18:00:03 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\paul\Desktop\OTL.exe
[2009/09/25 10:38:15 | 00,000,375 | ---- | C] () -- C:\Documents and Settings\paul\Desktop\virus noob 2 - Viewing Profile.url
[2009/09/18 15:30:23 | 00,239,148 | ---- | C] () -- C:\Documents and Settings\paul\Desktop\-2009-sep-18-001.jpg
[2009/09/17 20:16:48 | 00,157,662 | ---- | C] () -- C:\Documents and Settings\paul\Desktop\-2009-sep-17-003.jpg
[2009/09/17 19:55:11 | 00,155,115 | ---- | C] () -- C:\Documents and Settings\paul\Desktop\-2009-sep-17-002.jpg
[2009/09/17 10:27:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/09/14 17:11:24 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/09/14 17:11:14 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/09/13 16:24:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/09 09:32:06 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/23 19:28:52 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/06/23 15:57:22 | 00,000,136 | ---- | C] () -- C:\WINDOWS\System32\cpuz.ini
[2008/04/05 20:24:45 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/04/05 20:24:45 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/02/22 18:36:51 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/02/18 12:20:52 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/02/17 11:57:16 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/01/22 21:11:47 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/01/22 21:11:47 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/01/22 20:50:45 | 00,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/01/22 20:50:45 | 00,000,400 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/01/22 20:50:27 | 00,025,980 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/01/22 20:49:12 | 00,025,801 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/01/22 20:49:11 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/01/22 20:49:02 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/10/04 18:14:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/04 18:14:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/04 18:14:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/04 18:14:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/04 18:14:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/28 13:00:00 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2006/02/28 13:00:00 | 00,000,593 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 20:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[16 C:\WINDOWS\*.tmp files]
[2009/09/30 18:02:23 | 00,000,375 | ---- | M] () -- C:\Documents and Settings\paul\Desktop\virus noob 2 - Viewing Profile.url
[2009/09/30 18:00:13 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\paul\Desktop\OTL.exe
[2009/09/30 17:25:00 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/30 09:20:31 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/30 09:19:05 | 00,113,494 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/30 09:19:04 | 41,992,965 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/30 09:17:38 | 00,205,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/09/30 09:17:37 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/30 09:17:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/30 09:17:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/29 10:38:45 | 00,013,750 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/26 18:29:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/25 18:58:00 | 00,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2009/09/18 15:30:23 | 00,239,148 | ---- | M] () -- C:\Documents and Settings\paul\Desktop\-2009-sep-18-001.jpg
[2009/09/17 20:16:48 | 00,157,662 | ---- | M] () -- C:\Documents and Settings\paul\Desktop\-2009-sep-17-003.jpg
[2009/09/17 19:55:11 | 00,155,115 | ---- | M] () -- C:\Documents and Settings\paul\Desktop\-2009-sep-17-002.jpg
[2009/09/14 17:33:43 | 00,000,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/14 17:33:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/14 17:33:43 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/09/14 17:11:24 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/09/13 09:20:23 | 00,000,582 | ---- | M] () -- C:\Documents and Settings\paul\My Documents\My Sharing Folders.lnk
[2009/09/09 09:34:53 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >
Thank you once again.

hth

paul

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:34 PM

Posted 30 September 2009 - 01:56 PM

Hi,

If you do not understand what is asked of you, simply ask for better instructions. :( I try to give instructions, so that everbody can understand them, if you find them hard to follow, they need to be modified and improved.
In such a case please let me know exactly what it is you don't understand and I will do my best to give more clear instructions.

Let's see if we can find anything on your PC then. :(

Please run rootrepeal:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
as well as Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Do you recall if you had Internet Explorer open, when you created the log with OTL?

Post back the logs from rootrepeal and malwarebytes in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 virus noob 2

virus noob 2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 30 September 2009 - 03:31 PM

Hi _temp_
many thanks for your swift reply.


Malwarebytes' Anti-Malware 1.41
Database version: 2878
Windows 5.1.2600 Service Pack 3

30/09/2009 21:21:27
mbam-log-2009-09-30 (21-21-27).txt

Scan type: Quick Scan
Objects scanned: 109532
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 55

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\paul\Application Data\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-17-100 (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\paul\Application Data\ErrorFix\resultsw.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\Logs\2009-03-24 17-10-100.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-11.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-12.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-13.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-14.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-15.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-16.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-17.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-18.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-19.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-20.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-21.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-22.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-23.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-24.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-25.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-26.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-27.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-28.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-29.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-30.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-31.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-32.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-33.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-34.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-35.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-36.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-37.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-38.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-11-260\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-17-100\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-17-100\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-17-100\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-17-100\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-17-100\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-17-100\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-17-100\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-17-100\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-17-100\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-17-100\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-17-100\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\Application Data\ErrorFix\QuarantineW\2009-03-24 17-17-100\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\paul\results.txt (Malware.Trace) -> Quarantined and deleted successfully.


I cant recall for definate whether ie was open or not(it may have been to view this page im not sure). should i do it again making sure no ie page is open?

I cant run a rootrepeal log, as it hangs when the "initializing" comes up, and my pc hangs then almost crashes (to the point i need to hit the reset button, wtm doesnt even open)

kind regards

paul

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:34 PM

Posted 30 September 2009 - 03:38 PM

Hi,

please close all open programs (especially Internet Explorer) and create a new log with OTL. Please post only the OTL.txt.

As rootrepeal is not workling, please try to run gmer instead:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

please post back the otl.txt from OTL and the log from gmer.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 virus noob 2

virus noob 2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 30 September 2009 - 04:20 PM

Hi _temp_ and thanks,


OTL logfile created on: 30/09/2009 21:59:11 - Run 2
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\paul\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.21% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 172.49 Gb Free Space | 74.07% Space Free | Partition Type: NTFS
Drive D: | 629.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAUL-C305CAA635
Current User Name: paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2009/08/16 22:50:35 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/05/01 08:44:12 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/26 13:15:18 | 00,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) -- C:\Program Files\nHancer\nHancerService.exe
PRC - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2009/08/16 22:50:33 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/16 22:50:40 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/16 22:50:36 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/16 22:50:40 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/16 22:50:40 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/12/18 14:34:36 | 00,868,352 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/07/13 08:12:26 | 00,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/08/16 22:50:37 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/01/25 15:49:02 | 00,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe
PRC - [2006/02/28 13:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/16 22:50:40 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/30 18:00:13 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\paul\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/16 22:50:33 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/16 22:50:35 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/04/20 12:56:26 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c1afcd70328 [Auto | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2009/05/01 08:44:12 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/01/24 13:36:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Disabled | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/04/26 13:15:18 | 00,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) -- C:\Program Files\nHancer\nHancerService.exe -- (nHancer [Auto | Running])
SRV - [2009/03/27 10:03:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Disabled | Stopped])
SRV - [2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/12/08 10:06:00 | 00,139,776 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\adidts.sys -- (ADIDTSFiltService [On_Demand | Running])
DRV - [2007/01/16 02:09:06 | 00,293,888 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2006/08/06 23:57:30 | 00,093,952 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\AEAudio.sys -- (AEAudio [On_Demand | Running])
DRV - [2008/01/22 21:15:04 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/09/05 11:21:06 | 00,362,944 | ---- | M] (NETGEAR, Inc.) -- C:\WINDOWS\System32\DRIVERS\WG11TND5.sys -- (AR5523 [On_Demand | Running])
DRV - [2009/08/16 22:50:40 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/16 22:50:40 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/19 22:16:42 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2003/07/24 13:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNINDIS5.SYS -- (DNINDIS5 [On_Demand | Running])
DRV - [2004/10/25 20:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [1996/04/03 20:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/04/12 03:04:40 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006/04/12 03:04:40 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006/04/12 03:04:40 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2004/08/13 03:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2009/03/27 10:03:00 | 06,280,416 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/09/21 08:39:16 | 00,105,344 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006/08/07 09:39:22 | 00,052,736 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Stopped])
DRV - [2006/08/07 09:39:24 | 00,018,944 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2006/02/28 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/09/24 14:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2008/02/18 12:20:52 | 00,716,272 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/08/30 02:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
DRV - [2005/08/30 02:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])
DRV - [2005/08/30 02:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])
DRV - [2005/08/30 18:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV - [2005/08/30 18:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV - [2005/08/30 18:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV - [2008/06/14 22:23:48 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/portal/site/skycom/home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} http://skyonline.oberon-media.com/gameshel...Web.1.0.0.8.cab (CPlayFirstmsiControl Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1201034361968 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://skyonline.oberon-media.com/Gameshel...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/22 20:43:46 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/05/27 05:45:29 | 00,000,042 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{23bd8942-c921-11dc-bc1e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{23bd8942-c921-11dc-bc1e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dd18998c-c923-11dc-8716-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dd18998c-c923-11dc-8716-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dd18998c-c923-11dc-8716-806d6172696f}\Shell\AutoRun\command - "" = D:\stub.exe -- [2003/02/17 21:10:16 | 00,024,576 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2009/09/30 21:14:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\paul\Application Data\Malwarebytes
[2009/09/30 21:14:36 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/30 21:14:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/30 21:14:32 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/30 21:14:32 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/30 21:14:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/30 21:13:46 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\paul\Desktop\mbam-setup.exe
[2009/09/30 21:05:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\paul\Desktop\settings.dat
[2009/09/30 21:04:21 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\paul\Desktop\RootRepeal.zip
[2009/09/30 18:00:03 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\paul\Desktop\OTL.exe
[2009/09/25 10:38:15 | 00,000,375 | ---- | C] () -- C:\Documents and Settings\paul\Desktop\virus noob 2 - Viewing Profile.url
[2009/09/18 15:30:23 | 00,239,148 | ---- | C] () -- C:\Documents and Settings\paul\Desktop\-2009-sep-18-001.jpg
[2009/09/17 20:16:48 | 00,157,662 | ---- | C] () -- C:\Documents and Settings\paul\Desktop\-2009-sep-17-003.jpg
[2009/09/17 19:55:11 | 00,155,115 | ---- | C] () -- C:\Documents and Settings\paul\Desktop\-2009-sep-17-002.jpg
[2009/09/17 10:27:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/09/14 17:11:24 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/09/14 17:11:14 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/09/13 16:24:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/09 09:32:06 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/23 19:28:52 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/06/23 15:57:22 | 00,000,136 | ---- | C] () -- C:\WINDOWS\System32\cpuz.ini
[2008/04/05 20:24:45 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/04/05 20:24:45 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/02/22 18:36:51 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/02/18 12:20:52 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/02/17 11:57:16 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/01/22 21:11:47 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/01/22 21:11:47 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/01/22 20:50:45 | 00,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/01/22 20:50:45 | 00,000,400 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/01/22 20:50:27 | 00,025,980 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/01/22 20:49:12 | 00,025,801 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/01/22 20:49:11 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/01/22 20:49:02 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/10/04 18:14:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/04 18:14:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/04 18:14:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/04 18:14:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/04 18:14:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/28 13:00:00 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2006/02/28 13:00:00 | 00,000,593 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 20:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[16 C:\WINDOWS\*.tmp files]
[2009/09/30 21:26:26 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/30 21:25:00 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/30 21:23:29 | 00,205,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/09/30 21:23:27 | 00,013,750 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/30 21:23:27 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/30 21:23:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/30 21:23:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/30 21:14:36 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/30 21:13:49 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\paul\Desktop\mbam-setup.exe
[2009/09/30 21:05:53 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\paul\Desktop\settings.dat
[2009/09/30 21:04:22 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\paul\Desktop\RootRepeal.zip
[2009/09/30 18:14:14 | 41,999,697 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/30 18:02:23 | 00,000,375 | ---- | M] () -- C:\Documents and Settings\paul\Desktop\virus noob 2 - Viewing Profile.url
[2009/09/30 18:00:13 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\paul\Desktop\OTL.exe
[2009/09/30 09:19:05 | 00,113,494 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/26 18:29:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/25 18:58:00 | 00,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2009/09/18 15:30:23 | 00,239,148 | ---- | M] () -- C:\Documents and Settings\paul\Desktop\-2009-sep-18-001.jpg
[2009/09/17 20:16:48 | 00,157,662 | ---- | M] () -- C:\Documents and Settings\paul\Desktop\-2009-sep-17-003.jpg
[2009/09/17 19:55:11 | 00,155,115 | ---- | M] () -- C:\Documents and Settings\paul\Desktop\-2009-sep-17-002.jpg
[2009/09/14 17:33:43 | 00,000,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/14 17:33:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/14 17:33:43 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/09/14 17:11:24 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/09/13 09:20:23 | 00,000,582 | ---- | M] () -- C:\Documents and Settings\paul\My Documents\My Sharing Folders.lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 09:34:53 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >


I havent posted a gmer report as im unsure how to temporary disable my avg and windows defender, but i do know how to disable my windows firewall. - i can uninstall them if need be, i await your instructions

EDIT: i did install gmer and ran the scan, but realised i still had to disable my anti-virus.

regards

Edited by virus noob 2, 30 September 2009 - 04:24 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:34 PM

Posted 01 October 2009 - 12:13 AM

Hi,

Since you believe your system might have been hacked, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach and you should file a report with yoour local law enforcement agency. Failure to notify your financial institution and local law enforcement can result in the bank refusing to reimburse funds if any were stolen. For more detailed instructions as to what you should do, please read:If you need help to disable your antivirus program, have a look at the following thread, it should give instrucionts for the most common security programs: this guide. How to disable AVG is explained in the first post, Windows Defender is listed in the third post. I hope that helps. :(
Please run gmer again, once you have disabled those programs and post the logs.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 virus noob 2

virus noob 2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 01 October 2009 - 03:22 AM

Hi _temp_

Many thanks again, i am not able to change my passwords from another pc, - i may have the oportunity at a later date to though.

The bank were informed immediately, and we have since had our monies refunded, and the bank have completed their" initial" investigation although they cant tell us if it was our pc that was hacked - i genuinely believe it to be so, as my girlfriends "bank of scotland "secure" had had 2 password reset confirmation emails (they were just PW change notification emails and did not need to be clicked on etc for the new password to be activated etc).

If i have been hacked will the perpetrator not be able to "see" what im doing now?

I will post gmer logs shortly.

kind regards

EDIT:

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-01 11:36:39
Windows 5.1.2600 Service Pack 3
Running: 8qp66s17.exe; Driver: C:\DOCUME~1\paul\LOCALS~1\Temp\kwxirfog.sys


---- System - GMER 1.0.15 ----

SSDT sprw.sys ZwCreateKey [0xB9EAB0E0]
SSDT sprw.sys ZwEnumerateKey [0xB9EC8CA2]
SSDT sprw.sys ZwEnumerateValueKey [0xB9EC9030]
SSDT sprw.sys ZwOpenKey [0xB9EAB0C0]
SSDT sprw.sys ZwQueryKey [0xB9EC9108]
SSDT sprw.sys ZwQueryValueKey [0xB9EC8F88]
SSDT sprw.sys ZwSetValueKey [0xB9EC919A]

INT 0x63 ? 8A95DBF8
INT 0x73 ? 8A95DBF8
INT 0xB4 ? 8A95DBF8

---- Kernel code sections - GMER 1.0.15 ----

? sprw.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B8C058AC 5 Bytes JMP 8A7AC4E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2408] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EAC040] sprw.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EAC13C] sprw.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EAC0BE] sprw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EAC7FC] sprw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EAC6D2] sprw.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EBBD92] sprw.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A95C1F8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBPDO-0 8A7A64B0
Device \Driver\usbehci \Device\USBPDO-1 8A7CB500

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A95E1F8
Device \Driver\Cdrom \Device\CdRom0 8A79F500
Device \Driver\nvata \Device\00000075 8A95D1F8
Device \Driver\nvata \Device\00000077 8A95D1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89B591F8
Device \Driver\NetBT \Device\NetbiosSmb 89B591F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBFDO-0 8A7A64B0
Device \Driver\usbehci \Device\USBFDO-1 8A7CB500
Device \Driver\nvata \Device\NvAta0 8A95D1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A7D91F8
Device \Driver\nvata \Device\NvAta1 8A95D1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A7D91F8
Device \Driver\nvata \Device\NvAta2 8A95D1F8
Device \Driver\Ftdisk \Device\FtControl 8A95E1F8
Device \FileSystem\Cdfs \Cdfs 8A7D81F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0xD7 0xA1 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0xD7 0xA1 0xDE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0xD7 0xA1 0xDE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0xD7 0xA1 0xDE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0xD7 0xA1 0xDE ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0xD7 0xA1 0xDE ...

---- EOF - GMER 1.0.15 ----



saved log:
GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-01 11:36:34
Windows 5.1.2600 Service Pack 3
Running: 8qp66s17.exe; Driver: C:\DOCUME~1\paul\LOCALS~1\Temp\kwxirfog.sys


---- System - GMER 1.0.15 ----

SSDT sprw.sys ZwCreateKey [0xB9EAB0E0]
SSDT sprw.sys ZwEnumerateKey [0xB9EC8CA2]
SSDT sprw.sys ZwEnumerateValueKey [0xB9EC9030]
SSDT sprw.sys ZwOpenKey [0xB9EAB0C0]
SSDT sprw.sys ZwQueryKey [0xB9EC9108]
SSDT sprw.sys ZwQueryValueKey [0xB9EC8F88]
SSDT sprw.sys ZwSetValueKey [0xB9EC919A]

INT 0x63 ? 8A95DBF8
INT 0x73 ? 8A95DBF8
INT 0xB4 ? 8A95DBF8

---- Kernel code sections - GMER 1.0.15 ----

? sprw.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B8C058AC 5 Bytes JMP 8A7AC4E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2408] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EAC040] sprw.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EAC13C] sprw.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EAC0BE] sprw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EAC7FC] sprw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EAC6D2] sprw.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EBBD92] sprw.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A95C1F8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBPDO-0 8A7A64B0
Device \Driver\usbehci \Device\USBPDO-1 8A7CB500

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A95E1F8
Device \Driver\Cdrom \Device\CdRom0 8A79F500
Device \Driver\nvata \Device\00000075 8A95D1F8
Device \Driver\nvata \Device\00000077 8A95D1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89B591F8
Device \Driver\NetBT \Device\NetbiosSmb 89B591F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBFDO-0 8A7A64B0
Device \Driver\usbehci \Device\USBFDO-1 8A7CB500
Device \Driver\nvata \Device\NvAta0 8A95D1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A7D91F8
Device \Driver\nvata \Device\NvAta1 8A95D1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A7D91F8
Device \Driver\nvata \Device\NvAta2 8A95D1F8
Device \Driver\Ftdisk \Device\FtControl 8A95E1F8
Device \FileSystem\Cdfs \Cdfs 8A7D81F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0xD7 0xA1 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0xD7 0xA1 0xDE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0xD7 0xA1 0xDE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0xD7 0xA1 0xDE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0xD7 0xA1 0xDE ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0xD7 0xA1 0xDE ...

---- EOF - GMER 1.0.15 ----



regards

paul

Edited by virus noob 2, 01 October 2009 - 05:40 AM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:34 PM

Posted 01 October 2009 - 07:04 AM

Hi, :(

i genuinely believe it to be so, as my girlfriends "bank of scotland "secure" had had 2 password reset confirmation emails (they were just PW change notification emails and did not need to be clicked on etc for the new password to be activated etc).


I'm not entirely sure, I understand what you are saying. Do you believe that your PC has been compromised? Does your girlfriend use the same Pc you use for her online transactions? Is this the only PC you use for this?
Did you run any scans or remove anything before posting your logs here?

If you have indeed been hacked, there is no use in changing passwords from the compromised PC, as those will be forwarded the instant you set them.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 virus noob 2

virus noob 2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 01 October 2009 - 07:25 AM

Hi _temp_
once again i thank you for your swift responses :(

With having these "password reset" confirmations coupled with processes in wtm showing backdoor trojans (maybe) does convince me that it MAY be my pc - with only having a very brief knowledge about how hackers work it leaves me open to think that "anything or any way is possible" so i dont get complacent with what i do with pc's.

My partner did suspect a cash machine being dodgy around that time also, with the machine not registering the card being in the machine first time, (it worked secnd attempt) so we also think the card has been cloned possibly, and then the fraudster possibly using the card details online hence the password reset confirmations, - as the sum of £562 was withdrawn to first central bank in america

Yes this the only household pc, so all our internet shopping gets done on this pc.
We also have a credit card associated with the paypal/ebay account and that has not been tampered with in any way, - it may be total coincedence, that - the current account gets hacked and we have 2 password resets for that account, all in the space of a few hours, yet avg/defender and once live onecare scanner did not pick anything up as to me being hacked.

the programs in wtm i cannot end are (csrss.exe,lsass.exe,smss.exe this was my original first post that i assumed had been missed and apologies and thanks to orange blossom for taking the time out to reassure me it hadn't) and these are newly installed i believe, as im in wtm probably about once every 2 weeks and would have noticed them before.

regards


I apologise if this seems jumbled up, im trying to fit things in

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:34 PM

Posted 02 October 2009 - 10:46 AM

Hi,

the following files: csrss.exe,lsass.exe,smss.exe are crucial for windows to run, they therefore can not be killed through the Taskmanager, this is completely normal.
So far I have seen no indication, that the data has been stolen from your PC. However I would like you to run an additional online scan, to see if Eset picks something up:

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
I notice the presence of Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.


http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html

Additionally it looks as if you aren't using a firewall. No Firewall is being used
Please Use a Firewall - I can not stress how important it is that you usea Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For more information see this tutorial on firewalls: Link

Please post back with the log from Eset and any questions you may have in your next reply,
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 virus noob 2

virus noob 2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 02 October 2009 - 10:53 AM

Hi _temp_

Many thanks for your advice still, and the time you are talking helping me in this matter, - i will run the scan just now and post shortly.

I do use a firewall, - windows firewall and is always turned on, - i only turned it off when you advised me to turn off avg and w. defender.

I also started using ccleaner, as when i first started using pc's i didnt know how to delete registrys(if i ever needed to). i can uninstall it now as i sort of know what im doing now.

kind regards

paul

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:34 PM

Posted 02 October 2009 - 11:20 AM

Heya virus noob :(

you're very welcome. :(

A firewall can protect you in two ways: It can block access to your computer from outside, but it can also prevent your PC to contact the outside.
An inbound firewall would be responsible for managing everything trying to access your PC from the internet while an outbound firewall will control outgoing connections.

An up to date Windows XP comes with the Windows Firewall, which is an inbound firewall only, hence the advice to add another "outbound" firewall as well.

As with all the advices: The decision is up to you. I can offer you my experience in this matter, and the arguments on which I base my decision. If they do not convince you and you decide that an inbound firewall is sufficient, then you do not need to install another firewall.

The same is true for the regcleaner: If you have been happy with CCleaner then keep it. You might use CCleaner all your life, without having any trouble. Though in my experience the benefits are small compared to the risks. :)


Please post a new reply with the eset log, otherwise I might miss it.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 virus noob 2

virus noob 2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 02 October 2009 - 11:54 AM

Hi _temp_

Thankyou for clearing that firewall info up for me, as i did not know that i needed an inbound aswell as an outbound, - i had assumed a firewall was simply "a firewall"
Could you reccomend a suitable firewall?

Here is the log :

C:\Documents and Settings\paul\My Documents\pc accessories\errorfix\setup.exe a variant of Win32/Adware.ErrorRepair application deleted - quarantined



As you see its only found one file, which im sure you will understand,

I will be uninstalling ccleaner as i say i now know how to delete registrys, (i guess i found it too convienant)

Is it ok for me to delete and uninstall all all these other tools that ive used in aiding me with this?

Thankyou

regards

paul




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users