Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm pretty sure my computer is infected with Virtumonde.


  • This topic is locked This topic is locked
8 replies to this topic

#1 Bhughes

Bhughes

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 06 November 2009 - 08:21 AM

Hi,
My knowledge with computers is very basic so I hope I make sense, I'm not sure how much information is needed so I'm just going to blurt out as much as I can think off. Am also trying to follow the instruction on how to post in here.
Ok, so I'm fairly sure my computer is infected with Virtumonde, I think this because I have got something that makes my mouse go nuts ( more specifics in a minute). My sister was trying to help me fix it and came across the names Virtumod and Vundo and said they sound like the problem, when I wrote them down I realised I'd seen a similar name during a Spybot Search & Destroy scan. Spybot doesn't actually pick it up as anything its just as it scans over that I noticed, so next scan I took notice of the name and it was Virtumonde.sci, it actually has more with different extensions but I didn't think to write them all down.
The problem with the computer started in the first place when I was running Avira (free version) and the standard Windows Firewall, I was on a forum website (will it help to know what site?) and suddenly the page changed, not a pop up just changed websites in the same window, it went to some thing telling me I had a virus that was going to steal my information and I needed to download this program (I did say I'm pretty clueless!). So yup I downloaded it, didn't take notice of the name, then when the message came up saying Publisher unknown run or don't run I finally clicked on this was suss and didn't run. After that it was nearly impossible to get rid of the stupid "you have this virus" message and close the browser.
After that happened the computer has been impossible, mainly the mouse, it will take off clicking on various icons and closing programs down without anyone touching it and I swear its worse when I am trying to do anything to fix the problem! It seems to open task bar properties the most, and usually disappears to the top right hand corner or bottom left hand corner of the screen, it also enjoys opening the start menu and moving it around.
What have I done- Deleted Avira, tried McAfee but as soon as it opened the crazy mouse closed it and it was never found again (ok I found it in the registry the other day), then got AVG. Downloaded Spyware Terminator (gone now), Spyware Doctor (gone), Adaware (froze at enumerating CLSID's-gone) and Spybot search & destroy (running). Also now have Online Amour running.
Most of these programs have found things, PUPPS and Trojans and tracking cookies but haven't seemed to get the one.
Today I followed some instructions and downloaded Malwarebyte's with an extra file seperately, something that killed processes, Vundo kill and something else that I'm sorry but I can't remember right now. Malwarebyte's found 13 things, 1 said Trojan. The mouse is still crazy.
Now I followed the instructions before posting in here I think I've done them right so I will post the log from DDS below, I think I've zipped up the second log correctly so I'll attach that and the RootRepeal report.
Thank everyone for their time and if I have done something wrong or written to much I am sorry.
Kind Regards,
Bernadette.
Also- I have read I should get Hijack this but you need to be Advanced to use it, I am not so I haven't got it yet.

DDS log-

DDS (Ver_09-10-26.01) - NTFSx86
Run by Bernadette at 22:27:46.28 on Fri 06/11/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.352.144 [GMT 11:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Mixer.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Bernadette\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [EssSpkPhone] essspk.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_12\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\8UvkmD7x3.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www4.snapfish.com.au/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199991529876
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
TCP: {47EC1B51-D72E-4474-8431-7722A27FF3CC} = 61.88.88.88 198.142.0.51
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

============= SERVICES / DRIVERS ===============

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-10-29 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-10-29 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-10-29 29776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-29 54752]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-10-29 1244360]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 SiS630;SiS630;c:\windows\system32\drivers\sis630p.sys [2008-1-8 164608]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]
S2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-10-29 3184328]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2009-11-06 07:29:01 0 d-----w- C:\VundoFix Backups
2009-11-06 03:56:13 0 d-----w- c:\docume~1\bernad~1\applic~1\Malwarebytes
2009-11-06 03:54:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 03:54:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-06 03:54:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 03:54:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-05 00:42:01 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-05 00:42:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-05 00:08:17 0 d-----w- C:\Downloads
2009-11-04 14:51:50 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2009-10-29 04:52:30 0 d-----w- c:\docume~1\bernad~1\applic~1\OnlineArmor
2009-10-29 04:52:30 0 d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor
2009-10-29 04:47:14 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-10-29 04:47:14 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-10-29 04:47:14 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-10-29 04:47:10 0 d-----w- c:\program files\Tall Emu
2009-10-29 04:42:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 02:45:32 0 d-----w- c:\documents and settings\bernadette\Tracing
2009-10-29 02:42:04 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-10-29 02:37:54 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-29 02:37:18 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-29 02:28:00 0 d-----w- c:\program files\Microsoft
2009-10-29 02:27:35 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-29 01:47:30 0 d-----w- c:\program files\common files\Windows Live
2009-10-26 01:39:57 23392 ----a-w- c:\windows\system32\nscompat.tlb
2009-10-26 01:39:57 16832 ----a-w- c:\windows\system32\amcompat.tlb
2009-10-25 05:28:52 0 d-----w- c:\windows\system32\wbem\Repository
2009-10-25 05:28:31 0 d-----w- c:\docume~1\bernad~1\applic~1\AVG8
2009-10-25 05:28:31 0 d-----w- c:\docume~1\alluse~1\applic~1\avg8
2009-10-25 05:28:30 0 d--h--w- C:\$AVG8.VAULT$
2009-10-23 11:50:25 0 d-----w- c:\program files\common files\PC Tools
2009-10-21 02:27:16 0 d-----w- C:\$AVG
2009-10-21 02:26:08 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll
2009-10-21 02:26:04 0 d-----w- c:\windows\system32\drivers\Avg(2)
2009-10-21 02:24:57 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-20 09:42:21 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys

==================== Find3M ====================

2009-10-20 10:01:22 2068 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-15 23:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2001-11-23 20:08:20 712704 ----a-r- c:\windows\inf\other\AUDIO3D.DLL

============= FINISH: 22:30:30.20 ===============

Attached Files


Edited by Bhughes, 06 November 2009 - 09:09 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:19 PM

Posted 10 November 2009 - 07:26 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Bhughes

Bhughes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 11 November 2009 - 01:34 AM

Hi,
Thank you very much for your assistence it is greatly appreciated.
The problem is mainly with my mouse, it has a mind of its own and will randomly dart across the screen clicking on things. You can sometimes tell when it is going to happen as it won't move up and down. Sometimes it will move very slowly in jerky movements and I have to push really hard for it to register I have clicked something, when this happens resarted the computer will fix it. In terms of problems unrelated to the mouse the only other one is sometimes the internet will open alot of tabs or windows without any reason.
The problem started when I accepted what I believe was a fake virus alert on the internet.
To try and fix the problem I have looked through the remove programs list for anything suspicious and also through the programs folder. I downloaded spyware terminator and doctor, doctor took 14 hours to run a scan, and Adaware and Spybot serch & destroy. Spybot is the only one left running. I also tried to download Mcafee and AVG, AVG wouldn't install because it says I still have Avira left somewhere on my system. I also followed the directions on this website to download Malwarebytes including an extra file and rkill. Finally I have installed Online Armor firewall.
Once again thank you for your help, if I am posting something you have requested I'm sorry if I am short I'm just trying to do it before the mouse closes everything down :(
This is probably stupid but when you say not to update anything until we are finished everything do you want me to turn on automatic updates?
Kind regards,
Bernadette.
Also- This started over a month ago and I have no system restore points for before the infection.


OTL logfile created on: 11/11/2009 5:19:26 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Bernadette\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

351.53 Mb Total Physical Memory | 136.11 Mb Available Physical Memory | 38.72% Memory free
854.23 Mb Paging File | 546.69 Mb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 528 1056 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 6.60 Gb Free Space | 35.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 22.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-5B74D13056
Current User Name: Bernadette
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/11 16:37:21 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernadette\Desktop\OTL.exe
PRC - [2009/09/17 23:18:38 | 02,887,880 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2009/09/17 23:18:36 | 06,503,624 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2009/09/17 23:18:36 | 03,184,328 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2009/09/17 23:18:36 | 01,244,360 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2009/08/27 16:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/06/19 14:42:50 | 00,114,688 | ---- | M] () -- C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2007/06/13 21:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/22 07:31:50 | 00,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/12/22 07:29:56 | 00,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2002/07/13 11:33:12 | 01,581,056 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
PRC - [2002/06/01 05:34:36 | 00,167,936 | ---- | M] () -- C:\WINDOWS\essspk.exe


========== Modules (SafeList) ==========

MOD - [2009/11/11 16:37:21 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernadette\Desktop\OTL.exe
MOD - [2009/09/17 23:18:36 | 00,860,360 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2009/09/17 23:18:36 | 00,852,680 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaevent.dll
MOD - [2006/08/26 02:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/04 17:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004/08/04 12:07:00 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2004/08/04 12:07:00 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2004/08/04 12:07:00 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2004/08/04 12:07:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\serwvdrv.dll
MOD - [2004/08/04 12:07:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umdmxfrm.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (AntiVirService)
SRV - File not found -- -- (AntiVirSchedulerService)
SRV - [2009/09/17 23:18:36 | 03,184,328 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2009/09/17 23:18:36 | 01,244,360 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/07 15:02:35 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2006/12/22 07:31:50 | 00,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2004/08/04 12:07:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)


========== Driver Services (SafeList) ==========

DRV - [2009/09/17 22:44:58 | 00,024,656 | ---- | M] (Tall Emu) -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2009/09/17 22:44:44 | 00,029,776 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2009/09/17 22:44:40 | 00,200,784 | ---- | M] (Tall Emu) -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/08/10 13:07:42 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/08/05 22:48:42 | 00,054,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/10/17 10:30:44 | 00,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/02/13 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/01/08 13:57:20 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32)
DRV - [2007/11/13 21:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/07/25 11:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2004/08/04 18:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 12:07:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 10:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 09:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/03/26 12:50:46 | 00,004,096 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2003/03/25 06:32:08 | 00,702,188 | ---- | M] (ESS Technology, Inc.) -- C:\WINDOWS\system32\drivers\es56hpi.sys -- (Edspport)
DRV - [2003/01/24 13:12:48 | 00,164,608 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sis630p.sys -- (SiS630)
DRV - [2002/10/18 10:14:46 | 00,049,024 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/21 12:19:08 | 00,009,472 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/17 05:58:12 | 00,379,726 | R--- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci)
DRV - [2001/08/18 08:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 23:50:46 | 00,101,760 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sis300ip.sys -- (SiS300i)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-725345543-706699826-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-725345543-706699826-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-725345543-706699826-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-725345543-706699826-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-725345543-706699826-1060284298-1003\S-1-5-21-725345543-706699826-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\PremierOpinion
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 00:24:07 | 00,000,000 | ---D | M]


O1 HOSTS File: (909 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-725345543-706699826-1060284298-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [EssSpkPhone] C:\WINDOWS\essspk.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\8UvkmD7x3.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-725345543-706699826-1060284298-1003..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-725345543-706699826-1060284298-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-706699826-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\NPJPI150_12.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-725345543-706699826-1060284298-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www4.snapfish.com.au/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1199991529876 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/08 13:26:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/05 00:27:58 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/25 16:35:24 | 00,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a41b32f0-670a-11de-8906-00606774e746}\Shell - "" = AutoRun
O33 - MountPoints2\{a41b32f0-670a-11de-8906-00606774e746}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a41b32f0-670a-11de-8906-00606774e746}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/09/05 00:27:58 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cfa5d110-5c7f-11de-88f1-00606774e746}\Shell - "" = AutoRun
O33 - MountPoints2\{cfa5d110-5c7f-11de-88f1-00606774e746}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cfa5d110-5c7f-11de-88f1-00606774e746}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/09/05 00:27:58 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fdfe0d22-5c83-11de-88f2-00606774e746}\Shell - "" = AutoRun
O33 - MountPoints2\{fdfe0d22-5c83-11de-88f2-00606774e746}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fdfe0d22-5c83-11de-88f2-00606774e746}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/09/05 00:27:58 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/09/05 00:27:58 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/11 16:37:09 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bernadette\Desktop\OTL.exe
[2009/11/11 10:06:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/11/06 22:34:08 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Bernadette\Desktop\RootRepeal.exe
[2009/11/06 18:29:01 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/11/06 14:56:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bernadette\Application Data\Malwarebytes
[2009/11/06 14:54:44 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/06 14:54:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/06 14:54:36 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/06 14:54:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/06 14:51:49 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bernadette\Desktop\mbam-setup.exe
[2009/11/05 11:42:01 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/05 11:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/05 11:08:17 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/11/05 01:51:50 | 00,049,265 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\jpicpl32.cpl
[2009/10/29 15:52:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bernadette\Application Data\OnlineArmor
[2009/10/29 15:52:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/10/29 15:47:14 | 00,200,784 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2009/10/29 15:47:14 | 00,029,776 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2009/10/29 15:47:14 | 00,024,656 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2009/10/29 15:47:10 | 00,000,000 | ---D | C] -- C:\Program Files\Tall Emu
[2009/10/29 15:42:16 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/10/29 15:26:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/29 13:45:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bernadette\Tracing
[2009/10/29 13:43:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/10/29 13:42:04 | 00,054,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2009/10/29 13:40:22 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/10/29 13:37:54 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/10/29 13:37:18 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/10/29 13:28:00 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/10/29 13:27:35 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/10/29 12:47:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/10/29 12:28:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bernadette\Local Settings\Application Data\RcIncidents
[2009/10/25 16:28:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bernadette\Application Data\AVG8
[2009/10/25 16:28:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/10/25 16:28:30 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/10/23 22:50:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/21 13:27:16 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/10/21 13:26:08 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx(2).dll
[2009/10/21 13:26:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg(2)
[2009/10/21 13:24:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/20 21:01:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bernadette\Application Data\Apple Computer
[2009/10/20 20:42:21 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/10/20 19:36:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/11 16:37:21 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernadette\Desktop\OTL.exe
[2009/11/11 14:21:26 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/11 12:12:19 | 00,000,874 | ---- | M] () -- C:\Documents and Settings\Bernadette\Desktop\Optus Wireless Broadband.lnk
[2009/11/11 09:57:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/11 09:57:27 | 00,095,460 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
[2009/11/11 09:57:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/11 09:57:07 | 36,867,6864 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/11 00:22:11 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Bernadette\ntuser.ini
[2009/11/11 00:22:10 | 08,126,464 | ---- | M] () -- C:\Documents and Settings\Bernadette\ntuser.dat
[2009/11/10 12:06:17 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\Bernadette\Desktop\New Rich Text Document.rtf
[2009/11/10 03:36:50 | 05,885,048 | -H-- | M] () -- C:\Documents and Settings\Bernadette\Local Settings\Application Data\IconCache.db
[2009/11/08 15:42:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/08 12:41:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/07 12:53:21 | 00,004,327 | ---- | M] () -- C:\Attach.zip
[2009/11/06 22:36:29 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Bernadette\Desktop\settings.dat
[2009/11/06 22:34:18 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Bernadette\Desktop\RootRepeal.exe
[2009/11/06 14:54:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/06 14:52:33 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bernadette\Desktop\mbam-setup.exe
[2009/11/05 18:12:17 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bernadette\Desktop\New OpenDocument Spreadsheet.ods
[2009/11/05 18:01:26 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/11/05 18:01:22 | 00,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/11/05 14:06:41 | 00,000,909 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/05 11:42:16 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Bernadette\Desktop\Spybot - Search & Destroy.lnk
[2009/10/31 00:14:38 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/29 15:50:02 | 00,426,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/29 15:50:02 | 00,065,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/29 15:42:06 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/10/29 14:31:40 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/29 14:27:09 | 00,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/29 13:45:07 | 00,028,848 | ---- | M] () -- C:\Documents and Settings\Bernadette\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/29 13:34:10 | 00,000,918 | ---- | M] () -- C:\Documents and Settings\Bernadette\My Documents\My Sharing Folders.lnk
[2009/10/29 00:05:55 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/10/29 00:05:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/10/27 23:06:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/10/27 23:06:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/10/27 00:27:21 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/10/27 00:27:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/10/26 17:24:54 | 00,021,729 | ---- | M] () -- C:\Documents and Settings\Bernadette\Start Menu.rar
[2009/10/26 14:35:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/10/26 14:35:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/10/26 12:40:09 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/26 12:39:57 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/26 12:39:57 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/25 15:49:54 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/10/25 15:49:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/10/25 01:13:46 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/10/25 01:13:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/10/25 00:40:49 | 00,050,251 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\microavi.avg.prepare
[2009/10/24 19:32:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/10/24 19:32:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/10/24 18:57:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/10/24 18:57:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/10/24 13:49:00 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/10/24 13:49:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/10/24 08:59:02 | 43,648,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\incavi.avm
[2009/10/24 08:12:40 | 00,049,420 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\microavi.avg
[2009/10/23 21:25:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/10/23 21:25:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/10/23 00:45:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/10/23 00:45:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/10/22 00:22:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/10/22 00:22:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/10/21 17:45:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/10/21 17:45:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/10/21 15:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/21 15:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/21 13:26:26 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\iavichjw.avm
[2009/10/21 13:26:08 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx(2).dll
[2009/10/21 13:26:06 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\miniavi.avg
[2009/10/21 13:26:05 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\avi7.avg
[2009/10/20 21:01:22 | 00,002,068 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/20 19:26:39 | 00,001,019 | ---- | M] () -- C:\Documents and Settings\Bernadette\Desktop\Nero PhotoSnap Viewer.lnk
[2009/10/20 15:58:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/10/20 15:58:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/10/20 14:37:33 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/10/20 14:37:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/10/20 11:37:04 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/10/20 11:37:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/10/20 09:13:43 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/20 00:24:50 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/10/20 00:24:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/10/18 12:38:39 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/10/18 12:38:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/10/17 12:00:33 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/10/17 12:00:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/11 12:12:19 | 00,000,874 | ---- | C] () -- C:\Documents and Settings\Bernadette\Desktop\Optus Wireless Broadband.lnk
[2009/11/10 12:06:16 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\Bernadette\Desktop\New Rich Text Document.rtf
[2009/11/07 12:53:21 | 00,004,327 | ---- | C] () -- C:\Attach.zip
[2009/11/06 22:35:41 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Bernadette\Desktop\settings.dat
[2009/11/06 20:29:17 | 36,867,6864 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/06 14:54:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/05 18:12:17 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bernadette\Desktop\New OpenDocument Spreadsheet.ods
[2009/11/05 18:01:26 | 00,000,276 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/11/05 18:01:16 | 00,000,268 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/11/05 11:42:16 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Bernadette\Desktop\Spybot - Search & Destroy.lnk
[2009/10/30 15:18:47 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/29 15:47:16 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/26 12:39:57 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/26 12:39:57 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/25 00:40:49 | 00,050,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\microavi.avg.prepare
[2009/10/21 13:26:25 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\iavichjw.avm
[2009/10/21 13:26:09 | 43,648,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\incavi.avm
[2009/10/21 13:26:09 | 00,049,420 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\microavi.avg
[2009/10/21 13:26:05 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\miniavi.avg
[2009/10/21 13:26:04 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\avi7.avg
[2009/10/20 20:35:32 | 08,126,464 | ---- | C] () -- C:\Documents and Settings\Bernadette\ntuser.dat
[2009/10/20 19:26:39 | 00,001,019 | ---- | C] () -- C:\Documents and Settings\Bernadette\Desktop\Nero PhotoSnap Viewer.lnk
[2008/03/17 21:16:28 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Bernadette\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/05 16:11:30 | 00,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2008/03/05 16:04:26 | 00,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2008/03/05 12:40:17 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/05 12:37:02 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX5500Asia.ini
[2008/01/18 16:56:21 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/13 17:38:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\khooker.INI
[2008/01/11 14:30:47 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/01/10 05:30:48 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/01/10 05:27:10 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/01/08 14:07:45 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2008/01/08 14:06:30 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2008/01/08 13:49:04 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/01/08 13:47:38 | 05,885,048 | -H-- | C] () -- C:\Documents and Settings\Bernadette\Local Settings\Application Data\IconCache.db
[2008/01/08 13:46:05 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008/01/08 13:46:05 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2008/01/08 13:44:17 | 00,028,848 | ---- | C] () -- C:\Documents and Settings\Bernadette\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/01/08 13:40:12 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Bernadette\Application Data\desktop.ini
[2008/01/08 05:06:48 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 15:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 15:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 16:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/08/04 12:07:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 12:07:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
< End of report >



OTL Extras logfile created on: 11/11/2009 5:19:26 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Bernadette\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

351.53 Mb Total Physical Memory | 136.11 Mb Available Physical Memory | 38.72% Memory free
854.23 Mb Paging File | 546.69 Mb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 528 1056 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 6.60 Gb Free Space | 35.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 22.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-5B74D13056
Current User Name: Bernadette
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\Temp\~os2.tmp\ossproxy.exe" = C:\WINDOWS\Temp\~os2.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"c:\WINDOWS\Temp\~os4.tmp\ossproxy.exe" = c:\WINDOWS\Temp\~os4.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\WINDOWS\Temp\~os6.tmp\ossproxy.exe" = C:\WINDOWS\Temp\~os6.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\WINDOWS\Temp\~os5.tmp\ossproxy.exe" = C:\WINDOWS\Temp\~os5.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"c:\program files\premieropinion\pmropn.exe" = c:\program files\premieropinion\pmropn.exe:*:Disabled:pmropn.exe -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"54C387968987D0308E3C2F0A5D723BC3CB8926B9" = Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESSMDM" = Uninstall ESS Modem
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = ninemsn Internet Software
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1" = Online Armor 3.5
"Optus Wireless Broadband" = Optus Wireless Broadband
"PCI Audio Driver" = PCI Audio Driver
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2009 6:44:24 PM | Computer Name = HOME-5B74D13056 | Source = ESENT | ID = 490
Description = svchost (868) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 20/10/2009 5:48:06 AM | Computer Name = HOME-5B74D13056 | Source = Application Error | ID = 1000
Description = Faulting application install.exe, version 3.15.146.0, faulting module
unknown, version 0.0.0.0, fault address 0x00320037.

Error - 26/10/2009 3:11:41 AM | Computer Name = HOME-5B74D13056 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00009dfa.

Error - 29/10/2009 12:33:03 AM | Computer Name = HOME-5B74D13056 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 29/10/2009 3:27:06 AM | Computer Name = HOME-5B74D13056 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 1/11/2009 9:38:22 PM | Computer Name = HOME-5B74D13056 | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 1/11/2009 9:38:22 PM | Computer Name = HOME-5B74D13056 | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 5/11/2009 6:48:50 AM | Computer Name = HOME-5B74D13056 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module wltcore.dll, version 14.0.8064.206, fault address 0x000874c8.

Error - 5/11/2009 8:09:01 AM | Computer Name = HOME-5B74D13056 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/11/2009 8:09:01 AM | Computer Name = HOME-5B74D13056 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 9/11/2009 3:46:07 AM | Computer Name = HOME-5B74D13056 | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Scheduler service failed to start due to the following
error: %%3

Error - 9/11/2009 3:46:07 AM | Computer Name = HOME-5B74D13056 | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%3

Error - 9/11/2009 3:46:10 AM | Computer Name = HOME-5B74D13056 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb ssmdrv

Error - 9/11/2009 10:30:31 AM | Computer Name = HOME-5B74D13056 | Source = Service Control Manager | ID = 7034
Description = The Online Armor service terminated unexpectedly. It has done this
1 time(s).

Error - 9/11/2009 9:04:35 PM | Computer Name = HOME-5B74D13056 | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Scheduler service failed to start due to the following
error: %%3

Error - 9/11/2009 9:04:35 PM | Computer Name = HOME-5B74D13056 | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%3

Error - 9/11/2009 9:04:37 PM | Computer Name = HOME-5B74D13056 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb ssmdrv

Error - 10/11/2009 6:57:43 PM | Computer Name = HOME-5B74D13056 | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Scheduler service failed to start due to the following
error: %%3

Error - 10/11/2009 6:57:43 PM | Computer Name = HOME-5B74D13056 | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%3

Error - 10/11/2009 6:57:46 PM | Computer Name = HOME-5B74D13056 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb ssmdrv


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:19 PM

Posted 11 November 2009 - 06:57 AM

Hi,

the erratic behaviour of your mouse can, but must not be related to malware. It could also be a corrupted installation of your mouse drivers. Could you go to the device manger (type devmgmt.msc into Start ->run) and check if your mouse has an exclamation mark or a warning side as a symbol?

To check for malware please run Malwarebytes (again):
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Please also run gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Bhughes

Bhughes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 11 November 2009 - 08:33 AM

Hi again,
I checked the mouse it does not have and exclamation mark or warning symbol next to it, its exactly the same as everything else in the list.
I have ran the MBAM scan and it came up with nothing, log below.
Off to do the other scan now.
Before I got your reply this morning I ran a Spybot scan, I noticed it still scans over Virtumonde, does this mean nothing?
Thanks,
Bernadette.


Malwarebytes' Anti-Malware 1.41
Database version: 3145
Windows 5.1.2600 Service Pack 2

12/11/2009 12:25:33 AM
mbam-log-2009-11-12 (00-25-33).txt

Scan type: Quick Scan
Objects scanned: 104733
Time elapsed: 18 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:19 PM

Posted 11 November 2009 - 08:50 AM

Hi,

Spybot usually lists the infection for which it is scanning. This means it is looking for files relating to Vundo on your system, it does not mean that it has or will find any of those files and it definitely doesn't mean that you are infected by the malware for which it is scanning.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Bhughes

Bhughes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 12 November 2009 - 02:10 AM

Wow, now I feel stupid! :(
Sorry this took so long, long day, here is the gmer log.

GMER 1.0.15.15220 - http://www.gmer.net
Rootkit scan 2009-11-12 18:02:26
Windows 5.1.2600 Service Pack 2
Running: 98o22ubf.exe; Driver: C:\DOCUME~1\BERNAD~1\LOCALS~1\Temp\afpyyfod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAllocateVirtualMemory [0xF2A72E60]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAssignProcessToJobObject [0xF2A735C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwConnectPort [0xF2A71610]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateFile [0xF2A800D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateKey [0xF2A7E430]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreatePort [0xF2A712C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcess [0xF2A6E580]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcessEx [0xF2A6E960]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateSection [0xF2A6E060]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateThread [0xF2A6FA40]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDebugActiveProcess [0xF2A705A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDeleteFile [0xF2A80B50]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDeleteKey [0xF2A7E9E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDeleteValueKey [0xF2A7F330]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDuplicateObject [0xF2A70FE0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwEnumerateKey [0xF2A80070]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwEnumerateValueKey [0xF2A800A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadDriver [0xF2A725D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadKey [0xF2A7F780]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenFile [0xF2A80760]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenKey [0xF2A7EC20]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenProcess [0xF2A6F450]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenSection [0xF2A6E300]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenThread [0xF2A6FF00]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwProtectVirtualMemory [0xF2A73250]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryDirectoryFile [0xF2A72A10]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryKey [0xF2A80010]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryValueKey [0xF2A80040]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueueApcThread [0xF2A73740]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwReplaceKey [0xF2A7FB20]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestWaitReplyPort [0xF2A72180]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRestoreKey [0xF2A7FD80]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwResumeThread [0xF2A70C90]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSaveKey [0xF2A7FFF0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSecureConnectPort [0xF2A719D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetContextThread [0xF2A703C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetInformationFile [0xF2A80E10]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetSystemInformation [0xF2A70720]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetValueKey [0xF2A7EC40]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwShutdownSystem [0xF2A724D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendProcess [0xF2A70E40]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendThread [0xF2A70AC0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSystemDebugControl [0xF2A70900]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwTerminateProcess [0xF2A6F800]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwTerminateThread [0xF2A701A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwUnloadDriver [0xF2A727F0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwWriteVirtualMemory [0xF2A73400]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [C0, 12, A7, F2, 80, E5, A6, ...]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [40, 0E, A7, F2, C0, 0A, A7, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[356] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B30001
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[356] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[356] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[356] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[356] USER32.dll!ExitWindowsEx 7E45A045 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[356] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\csrss.exe[360] KERNEL32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\winlogon.exe[384] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\services.exe[428] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\lsass.exe[440] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 716F003D
.text ...
.text C:\WINDOWS\Explorer.EXE[968] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 014D0001
.text C:\WINDOWS\Explorer.EXE[968] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[968] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[968] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 716F003D
.text C:\WINDOWS\Explorer.EXE[968] USER32.dll!ExitWindowsEx 7E45A045 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[968] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\Program Files\Tall Emu\Online Armor\OAcat.exe[1016] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\spoolsv.exe[1240] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 716F003D
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1360] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 716F003D
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1580] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text ...
.text C:\WINDOWS\Mixer.exe[2128] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01380001
.text C:\WINDOWS\Mixer.exe[2128] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Mixer.exe[2128] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Mixer.exe[2128] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\WINDOWS\Mixer.exe[2128] USER32.dll!ExitWindowsEx 7E45A045 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\essspk.exe[2188] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00980001
.text C:\WINDOWS\essspk.exe[2188] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\essspk.exe[2188] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\essspk.exe[2188] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\WINDOWS\essspk.exe[2188] USER32.dll!ExitWindowsEx 7E45A045 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[2236] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C00001
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[2236] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[2236] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[2236] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[2236] USER32.dll!ExitWindowsEx 7E45A045 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2404] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 013C0001
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2404] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2404] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2404] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2404] USER32.dll!ExitWindowsEx 7E45A045 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2404] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F170F5A
.text C:\WINDOWS\system32\ctfmon.exe[2492] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00BF0001
.text C:\WINDOWS\system32\ctfmon.exe[2492] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2492] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2492] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\ctfmon.exe[2492] USER32.dll!ExitWindowsEx 7E45A045 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2560] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01020001
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2560] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2560] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2560] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2560] USER32.dll!ExitWindowsEx 7E45A045 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2560] ole32.dll!CoCreateInstanceEx 774FFA6B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2560] ole32.dll!CoCreateInstance 774FFAC3 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wuauclt.exe[3136] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00BE0001
.text C:\WINDOWS\system32\wuauclt.exe[3136] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wuauclt.exe[3136] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wuauclt.exe[3136] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wuauclt.exe[3136] USER32.dll!ExitWindowsEx 7E45A045 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00BD0001
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 00452440 C:\Program Files\Optus Wireless Broadband\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 004524A0 C:\Program Files\Optus Wireless Broadband\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 00452330 C:\Program Files\Optus Wireless Broadband\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] USER32.dll!GetScrollInfo 7E420DA2 7 Bytes JMP 00452280 C:\Program Files\Optus Wireless Broadband\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] USER32.dll!ShowScrollBar 7E42F2B3 5 Bytes JMP 00452400 C:\Program Files\Optus Wireless Broadband\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] USER32.dll!GetScrollPos 7E42F6C4 5 Bytes JMP 004522C0 C:\Program Files\Optus Wireless Broadband\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] USER32.dll!SetScrollPos 7E42F710 5 Bytes JMP 00452370 C:\Program Files\Optus Wireless Broadband\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] USER32.dll!GetScrollRange 7E42F747 5 Bytes JMP 004522F0 C:\Program Files\Optus Wireless Broadband\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] USER32.dll!SetScrollRange 7E42F95B 5 Bytes JMP 004523B0 C:\Program Files\Optus Wireless Broadband\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] USER32.dll!ExitWindowsEx 7E45A045 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] USER32.dll!EnableScrollBar 7E467DDD 7 Bytes JMP 00452240 C:\Program Files\Optus Wireless Broadband\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe[3248] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Bernadette\Desktop\98o22ubf.exe[3348] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C90001
.text C:\Documents and Settings\Bernadette\Desktop\98o22ubf.exe[3348] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Bernadette\Desktop\98o22ubf.exe[3348] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Bernadette\Desktop\98o22ubf.exe[3348] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\Documents and Settings\Bernadette\Desktop\98o22ubf.exe[3348] user32.dll!ExitWindowsEx 7E45A045 6 Bytes JMP 5F0D0F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F6FFA300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F6FFA360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F6FFA610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F6FFA650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F6FFA610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F6FFA360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F6FFA300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F6FFA610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F6FFA650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F6FFA300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F6FFA360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:19 PM

Posted 12 November 2009 - 07:22 AM

Hi,

your logs look clean to me. Do you have another mouse you could test on your system, to see if the problem is linked to the mouse itself?

Please also run the following uninstaller/reg-cleaner of Avira, to remove possible remains of it. Then try to reinstall AVG:

he following removal utility can be used to uninstall the program if the uninstall via Add/remove does not work and the program has been installed in it's own folder.

  • Download the registrycleaner and save it to your Desktop
  • please reboot into safemode
  • While in safe mode delete all folders relating to Avira in C:\program files and in C:\Documents and Settings\All Users\Application Data\.
  • Run the RegistryCleaner program with the file RegCleaner
  • After clicking on Scan for keys, activate the option select all and click on Delete.
  • Restart your computer into normal mode.
original instructions can be found here:
http://www.avira.com/en/support/kbdetails.php?id=135

Please post back your results. (Does changing a mouse help/are you unable to locate a second mouse and can you now install AVG)

regards myrti

Edited by myrti, 12 November 2009 - 07:23 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:19 PM

Posted 18 November 2009 - 05:10 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users