Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log: Please help Diagnose


  • This topic is locked This topic is locked
9 replies to this topic

#1 flitter

flitter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 14 February 2010 - 07:36 PM

I'm not sure if my PC has any 'issues' as such but a diagnosis for this HT Log would be much appreciated, Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:50 AM, on 15/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3385 bytes


BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:12:41 PM

Posted 15 February 2010 - 11:14 AM

Hi, flitter-

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on
your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

There may be a delay in my response to your posts as I am still currently in training. I will be helping you with supervision of the teachers and they will approve every posts before I present them to you.

Please don't make any further changes or run any other tools unless instructed to. Additional changes may hinder the cleaning of your machine.

Please give me some time to look over your log. I will post the reply as soon as possible.

Edited by Shannon2012, 15 February 2010 - 11:24 AM.

Shannon

#3 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:12:41 PM

Posted 15 February 2010 - 12:12 PM

Hi - flitter

A review of your HighjackThis log did not show any problems so we will need to look deeper, but first some housekeeping details.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more throughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Once you have the above logs, click on the Add Reply button below, copy in the DDS log, and include the Attach.txt and the GMER log as attachments. Important - Please let me know what the 'issues' are that caused you send in the original HighjackThis log.
Shannon

#4 flitter

flitter
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 15 February 2010 - 08:57 PM

Results for DDS scan:-

DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 0:37:23.20 on 16/02/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.382.193 [GMT 0:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\User.USER-118BB11A66\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user~1.use\applic~1\mozilla\firefox\profiles\ilrwjswu.default\
FF - prefs.js: browser.search.selectedEngine - Scroogle SSL search
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - component: c:\documents and settings\user.user-118bb11a66\application data\mozilla\firefox\profiles\ilrwjswu.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-8 162512]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-8 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-12-17 115312]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2009-12-11 9344]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]

=============== Created Last 30 ================

2010-02-11 13:22:32 2945024 ----a-w- c:\documents and settings\user.user-118bb11a66\NTUSER.rhk
2010-02-11 00:19:23 903 ----a-w- c:\documents and settings\user.user-118bb11a66\.recently-used.xbel
2010-02-09 02:25:12 0 d-----w- c:\program files\Trend Micro
2010-02-08 19:55:47 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software
2010-02-07 17:13:21 0 d-----w- C:\Sounds
2010-02-07 17:04:14 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2010-02-07 17:04:14 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2010-02-07 17:04:14 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2010-02-07 17:04:10 0 d-----w- c:\program files\LG Electronics
2010-02-07 17:02:06 419240 ----a-w- c:\windows\system32\Vsflex7L.ocx
2010-02-07 17:02:06 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx
2010-02-07 17:02:06 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-02-07 17:02:05 630784 ----a-w- c:\windows\system32\vsflex8u.ocx
2010-02-07 17:01:48 0 d-----w- c:\program files\LG PC Suite II
2010-02-07 17:01:48 0 d-----w- c:\docume~1\user~1.use\applic~1\LG Electronics
2010-01-30 21:20:27 275 ----a-w- c:\windows\TheMatrix.ini
2010-01-30 21:18:50 549888 ----a-w- c:\windows\TheMatrix.scr
2010-01-29 16:56:10 161 ----a-w- c:\windows\DelToolbox.bat
2010-01-29 16:51:33 0 d-----w- c:\windows\system\iosubsys
2010-01-26 00:44:13 0 d-----w- c:\program files\Wise Disk Cleaner
2010-01-23 15:15:58 0 d-----w- c:\program files\Wise Registry Cleaner

==================== Find3M ====================

2010-01-07 16:07:14 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07:04 19160 ------w- c:\windows\system32\drivers\mbam.sys
2009-12-25 10:48:29 160849 ------w- c:\windows\hpoins44.dat
2009-12-11 20:52:10 21640 ------w- c:\windows\system32\emptyregdb.dat

============= FINISH: 0:37:57.78 ===============

Oh and yes, On Boot up A/V always briefly disabled?... cursor very slow almost seizes, jumps around alot... Browser(Firefox) won't fully close, have to use Taskmanager?...

Thanks

Attached Files



#5 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:12:41 PM

Posted 17 February 2010 - 06:11 AM

Hi, flitter-

So far, I have not found any malware infections, but I would like to get another type of listing and have you run a couple of scans.

We need to create an OTL Report
Please download OTL from the following mirror - THE Mirror
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them into your reply:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

I'd like for you to scan your machine with ESET OnlineScan
  • Hold down Control key and click on the following link to open ESET OnlineScan in a new window.
  • ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip the next two steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push

Please run Malwarebytes' Anti-Malware
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 or 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

In your reply, please include the OTL logs, the Malwarebytes report, and the ESET scan log.


Shannon

#6 flitter

flitter
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 17 February 2010 - 04:13 PM

Hi, Shannon here are the OTL logs:

OTL logfile created on: 17/02/2010 6:15:36 PM - Run 5
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\User.USER-118BB11A66\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

382.00 Mb Total Physical Memory | 183.00 Mb Available Physical Memory | 48.00% Memory free
919.00 Mb Paging File | 751.00 Mb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 145.69 Gb Free Space | 97.76% Space Free | Partition Type: NTFS
Drive D: | 7.86 Gb Total Space | 5.02 Gb Free Space | 63.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-118BB11A66
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/17 17:58:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.USER-118BB11A66\desktop\OTL.exe
PRC - [2010/02/11 18:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 18:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/21 22:13:36 | 000,275,768 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/05/21 21:46:36 | 000,559,104 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/05/21 21:46:36 | 000,168,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2009/05/21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/12/08 15:50:04 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/02/17 17:58:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.USER-118BB11A66\desktop\OTL.exe
MOD - [2004/08/04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2010/02/11 18:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 18:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 18:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/21 22:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 22:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/12/03 20:05:42 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/12/03 20:05:32 | 000,044,544 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/02/11 18:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 18:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 18:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 18:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 18:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 18:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/16 16:27:00 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 16:26:58 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 16:26:56 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/04 21:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/10/28 10:27:07 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2008/10/28 10:27:07 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2008/10/28 10:27:07 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 22:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 22:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 22:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 22:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 22:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/07/17 11:36:38 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001/08/23 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:47:22 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NtApm.sys -- (NtApm)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 12:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-492894223-1060284298-1003\S-1-5-21-1409082233-492894223-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Scroogle SSL search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.0.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.6.0.0
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.2
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.2.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {ec77f4a0-0b26-11dd-8911-54c255d89593}:1.0.2
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47
FF - prefs.js..network.proxy.no_proxies_on: ""


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/24 18:33:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/22 03:07:56 | 000,000,000 | ---D | M]

[2010/02/11 00:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Extensions
[2010/02/11 00:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/16 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/17 17:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions
[2010/01/31 22:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/22 03:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2010/01/22 03:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/02/02 14:08:52 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/07 13:00:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/12 19:25:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/02/12 02:10:53 | 000,000,000 | ---D | M] (EmotiConverter) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\{ec77f4a0-0b26-11dd-8911-54c255d89593}
[2010/02/16 11:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\firefox@ghostery.com
[2009/12/17 20:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\keyscrambler@qfx.software.corporation
[2010/01/26 02:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\YoutubeDownloader@PeterOlayev.com
[2009/12/17 17:32:47 | 000,002,073 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\searchplugins\dogpile.xml
[2010/01/19 01:10:37 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\searchplugins\scroogle-ssl-search.xml
[2010/01/11 19:40:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/22 03:07:47 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/22 03:07:47 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/22 03:07:47 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/22 03:07:47 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2001/08/23 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1409082233-492894223-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-492894223-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-492894223-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1409082233-492894223-1060284298-1003\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\User.USER-118BB11A66\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User.USER-118BB11A66\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/03 10:07:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/17 18:12:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User.USER-118BB11A66\Recent
[2010/02/17 17:58:29 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\OTL.exe
[2010/02/09 02:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/08 19:56:27 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/08 19:56:27 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/08 19:56:27 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/08 19:56:26 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/08 19:56:25 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/08 19:56:25 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/08 19:56:25 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/08 19:56:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/08 19:55:58 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/08 19:55:58 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/08 19:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/08 19:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/02/08 18:42:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User.USER-118BB11A66\NetHood
[2010/02/08 03:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.USER-118BB11A66\Favorites
[2010/02/08 03:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/02/08 01:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\Downloads
[2010/02/07 17:13:21 | 000,000,000 | ---D | C] -- C:\Sounds
[2010/02/07 17:04:14 | 000,024,832 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbmodem.sys
[2010/02/07 17:04:14 | 000,019,968 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbdiag.sys
[2010/02/07 17:04:14 | 000,013,056 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbbus.sys
[2010/02/07 17:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2010/02/07 17:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/02/07 17:02:06 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\WINDOWS\System32\NMSDVDXU.dll
[2010/02/07 17:02:06 | 000,419,240 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7L.ocx
[2010/02/07 17:02:06 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msflxgrd.ocx
[2010/02/07 17:02:05 | 000,630,784 | ---- | C] (ComponentOne) -- C:\WINDOWS\System32\vsflex8u.ocx
[2010/02/07 17:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\LG PC Suite II
[2010/02/07 17:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\LG Electronics
[2010/02/07 16:50:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\Mobi Stuff
[2010/01/29 17:12:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\MTVVideo Converter
[2010/01/29 16:51:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\iosubsys
[2010/01/26 00:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Disk Cleaner
[2010/01/23 15:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2010/01/22 20:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.USER-118BB11A66\Local Settings\Application Data\WMTools Downloaded Files
[2010/01/22 20:50:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\My Videos
[2009/12/11 17:27:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/11 17:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/11 17:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/11 17:27:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/23 16:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/11/23 16:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

========== Files - Modified Within 30 Days ==========

[2010/02/17 18:14:43 | 003,145,728 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\NTUSER.DAT
[2010/02/17 17:58:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\OTL.exe
[2010/02/17 17:32:29 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\esetsmartinstaller_enu.exe
[2010/02/17 16:57:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/17 16:57:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/17 04:13:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\ntuser.ini
[2010/02/16 14:02:24 | 008,036,162 | -H-- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\Local Settings\Application Data\IconCache.db
[2010/02/16 03:08:01 | 002,957,312 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\NTUSER.rhk
[2010/02/12 15:27:58 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/11 18:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 18:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 18:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 18:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 18:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 18:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 18:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 18:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 18:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/11 00:19:23 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\.recently-used.xbel
[2010/02/09 02:25:13 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\HijackThis.lnk
[2010/02/08 19:56:28 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2010/02/07 17:02:20 | 000,001,459 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\LG PC Suite II.lnk
[2010/02/03 13:03:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/30 21:20:27 | 000,000,275 | ---- | M] () -- C:\WINDOWS\TheMatrix.ini
[2010/01/30 21:17:23 | 000,549,888 | ---- | M] () -- C:\WINDOWS\TheMatrix.scr
[2010/01/30 14:28:32 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\CCleaner.lnk
[2010/01/30 02:07:02 | 000,057,210 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\letter.pdf
[2010/01/30 01:59:42 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\Wise Disk Cleaner 4.job
[2010/01/29 16:56:15 | 000,000,161 | ---- | M] () -- C:\WINDOWS\DelToolbox.bat
[2010/01/28 19:37:35 | 000,026,448 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\letter.odt
[2010/01/26 00:44:16 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\Wise Disk Cleaner 4.lnk
[2010/01/24 23:51:15 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/01/23 15:17:36 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\Wise Registry Cleaner 4.job
[2010/01/23 15:16:03 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Wise Registry Cleaner 4.lnk
[2010/01/23 03:10:28 | 000,014,401 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\Harassment by phone.odt
[2010/01/22 23:09:10 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\spider.sav
[2010/01/19 13:26:36 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Smart Defrag.lnk

========== Files Created - No Company Name ==========

[2010/02/17 17:32:28 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\esetsmartinstaller_enu.exe
[2010/02/11 13:22:32 | 002,957,312 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\NTUSER.rhk
[2010/02/11 00:19:23 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\.recently-used.xbel
[2010/02/09 02:25:13 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\HijackThis.lnk
[2010/02/08 19:56:28 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2010/02/07 17:02:20 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\LG PC Suite II.lnk
[2010/01/30 21:20:27 | 000,000,275 | ---- | C] () -- C:\WINDOWS\TheMatrix.ini
[2010/01/30 21:18:50 | 000,549,888 | ---- | C] () -- C:\WINDOWS\TheMatrix.scr
[2010/01/30 02:07:00 | 000,057,210 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\letter.pdf
[2010/01/30 01:59:42 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\Wise Disk Cleaner 4.job
[2010/01/29 16:56:10 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DelToolbox.bat
[2010/01/26 00:44:16 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\Wise Disk Cleaner 4.lnk
[2010/01/23 15:17:36 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\Wise Registry Cleaner 4.job
[2010/01/23 15:16:03 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Wise Registry Cleaner 4.lnk
[2010/01/23 03:10:26 | 000,014,401 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\Harassment by phone.odt
[2010/01/22 23:09:10 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\spider.sav
[2010/01/19 13:26:45 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/01/19 13:26:36 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Smart Defrag.lnk
[2004/08/04 00:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2D19FB5C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CD1E978F
< End of report >
____________________________________________________________________________________________________________________

"Minimized" OTL log:

OTL logfile created on: 17/02/2010 6:15:36 PM - Run 5
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\User.USER-118BB11A66\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

382.00 Mb Total Physical Memory | 183.00 Mb Available Physical Memory | 48.00% Memory free
919.00 Mb Paging File | 751.00 Mb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 145.69 Gb Free Space | 97.76% Space Free | Partition Type: NTFS
Drive D: | 7.86 Gb Total Space | 5.02 Gb Free Space | 63.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-118BB11A66
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/17 17:58:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.USER-118BB11A66\desktop\OTL.exe
PRC - [2010/02/11 18:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 18:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/21 22:13:36 | 000,275,768 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/05/21 21:46:36 | 000,559,104 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/05/21 21:46:36 | 000,168,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2009/05/21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/12/08 15:50:04 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/02/17 17:58:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.USER-118BB11A66\desktop\OTL.exe
MOD - [2004/08/04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2010/02/11 18:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 18:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 18:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/21 22:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 22:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/12/03 20:05:42 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/12/03 20:05:32 | 000,044,544 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/02/11 18:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 18:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 18:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 18:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 18:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 18:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/16 16:27:00 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 16:26:58 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 16:26:56 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/04 21:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/10/28 10:27:07 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2008/10/28 10:27:07 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2008/10/28 10:27:07 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 22:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 22:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 22:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 22:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 22:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/07/17 11:36:38 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001/08/23 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:47:22 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NtApm.sys -- (NtApm)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 12:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-492894223-1060284298-1003\S-1-5-21-1409082233-492894223-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Scroogle SSL search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.0.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.6.0.0
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.2
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.2.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {ec77f4a0-0b26-11dd-8911-54c255d89593}:1.0.2
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47
FF - prefs.js..network.proxy.no_proxies_on: ""


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/24 18:33:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/22 03:07:56 | 000,000,000 | ---D | M]

[2010/02/11 00:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Extensions
[2010/02/11 00:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/16 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/17 17:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions
[2010/01/31 22:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/22 03:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2010/01/22 03:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/02/02 14:08:52 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/07 13:00:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/12 19:25:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/02/12 02:10:53 | 000,000,000 | ---D | M] (EmotiConverter) -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\{ec77f4a0-0b26-11dd-8911-54c255d89593}
[2010/02/16 11:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\firefox@ghostery.com
[2009/12/17 20:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\keyscrambler@qfx.software.corporation
[2010/01/26 02:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\extensions\YoutubeDownloader@PeterOlayev.com
[2009/12/17 17:32:47 | 000,002,073 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\searchplugins\dogpile.xml
[2010/01/19 01:10:37 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\Mozilla\Firefox\Profiles\ilrwjswu.default\searchplugins\scroogle-ssl-search.xml
[2010/01/11 19:40:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/22 03:07:47 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/22 03:07:47 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/22 03:07:47 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/22 03:07:47 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2001/08/23 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1409082233-492894223-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-492894223-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-492894223-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1409082233-492894223-1060284298-1003\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\User.USER-118BB11A66\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User.USER-118BB11A66\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/03 10:07:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/17 18:12:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User.USER-118BB11A66\Recent
[2010/02/17 17:58:29 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\OTL.exe
[2010/02/09 02:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/08 19:56:27 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/08 19:56:27 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/08 19:56:27 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/08 19:56:26 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/08 19:56:25 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/08 19:56:25 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/08 19:56:25 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/08 19:56:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/08 19:55:58 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/08 19:55:58 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/08 19:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/08 19:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/02/08 18:42:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User.USER-118BB11A66\NetHood
[2010/02/08 03:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.USER-118BB11A66\Favorites
[2010/02/08 03:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/02/08 01:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\Downloads
[2010/02/07 17:13:21 | 000,000,000 | ---D | C] -- C:\Sounds
[2010/02/07 17:04:14 | 000,024,832 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbmodem.sys
[2010/02/07 17:04:14 | 000,019,968 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbdiag.sys
[2010/02/07 17:04:14 | 000,013,056 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbbus.sys
[2010/02/07 17:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2010/02/07 17:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/02/07 17:02:06 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\WINDOWS\System32\NMSDVDXU.dll
[2010/02/07 17:02:06 | 000,419,240 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7L.ocx
[2010/02/07 17:02:06 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msflxgrd.ocx
[2010/02/07 17:02:05 | 000,630,784 | ---- | C] (ComponentOne) -- C:\WINDOWS\System32\vsflex8u.ocx
[2010/02/07 17:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\LG PC Suite II
[2010/02/07 17:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.USER-118BB11A66\Application Data\LG Electronics
[2010/02/07 16:50:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\Mobi Stuff
[2010/01/29 17:12:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\MTVVideo Converter
[2010/01/29 16:51:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\iosubsys
[2010/01/26 00:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Disk Cleaner
[2010/01/23 15:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2010/01/22 20:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.USER-118BB11A66\Local Settings\Application Data\WMTools Downloaded Files
[2010/01/22 20:50:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\My Videos
[2009/12/11 17:27:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/11 17:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/11 17:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/11 17:27:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/23 16:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/11/23 16:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

========== Files - Modified Within 30 Days ==========

[2010/02/17 18:14:43 | 003,145,728 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\NTUSER.DAT
[2010/02/17 17:58:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\OTL.exe
[2010/02/17 17:32:29 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\esetsmartinstaller_enu.exe
[2010/02/17 16:57:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/17 16:57:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/17 04:13:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\ntuser.ini
[2010/02/16 14:02:24 | 008,036,162 | -H-- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\Local Settings\Application Data\IconCache.db
[2010/02/16 03:08:01 | 002,957,312 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\NTUSER.rhk
[2010/02/12 15:27:58 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/11 18:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 18:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 18:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 18:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 18:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 18:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 18:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 18:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 18:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/11 00:19:23 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\.recently-used.xbel
[2010/02/09 02:25:13 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\HijackThis.lnk
[2010/02/08 19:56:28 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2010/02/07 17:02:20 | 000,001,459 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\LG PC Suite II.lnk
[2010/02/03 13:03:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/30 21:20:27 | 000,000,275 | ---- | M] () -- C:\WINDOWS\TheMatrix.ini
[2010/01/30 21:17:23 | 000,549,888 | ---- | M] () -- C:\WINDOWS\TheMatrix.scr
[2010/01/30 14:28:32 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\CCleaner.lnk
[2010/01/30 02:07:02 | 000,057,210 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\letter.pdf
[2010/01/30 01:59:42 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\Wise Disk Cleaner 4.job
[2010/01/29 16:56:15 | 000,000,161 | ---- | M] () -- C:\WINDOWS\DelToolbox.bat
[2010/01/28 19:37:35 | 000,026,448 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\letter.odt
[2010/01/26 00:44:16 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\Wise Disk Cleaner 4.lnk
[2010/01/24 23:51:15 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/01/23 15:17:36 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\Wise Registry Cleaner 4.job
[2010/01/23 15:16:03 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Wise Registry Cleaner 4.lnk
[2010/01/23 03:10:28 | 000,014,401 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\Harassment by phone.odt
[2010/01/22 23:09:10 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\spider.sav
[2010/01/19 13:26:36 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Smart Defrag.lnk

========== Files Created - No Company Name ==========

[2010/02/17 17:32:28 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\esetsmartinstaller_enu.exe
[2010/02/11 13:22:32 | 002,957,312 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\NTUSER.rhk
[2010/02/11 00:19:23 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\.recently-used.xbel
[2010/02/09 02:25:13 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\HijackThis.lnk
[2010/02/08 19:56:28 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2010/02/07 17:02:20 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\LG PC Suite II.lnk
[2010/01/30 21:20:27 | 000,000,275 | ---- | C] () -- C:\WINDOWS\TheMatrix.ini
[2010/01/30 21:18:50 | 000,549,888 | ---- | C] () -- C:\WINDOWS\TheMatrix.scr
[2010/01/30 02:07:00 | 000,057,210 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\letter.pdf
[2010/01/30 01:59:42 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\Wise Disk Cleaner 4.job
[2010/01/29 16:56:10 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DelToolbox.bat
[2010/01/26 00:44:16 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\Desktop\Wise Disk Cleaner 4.lnk
[2010/01/23 15:17:36 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\Wise Registry Cleaner 4.job
[2010/01/23 15:16:03 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Wise Registry Cleaner 4.lnk
[2010/01/23 03:10:26 | 000,014,401 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\Harassment by phone.odt
[2010/01/22 23:09:10 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\User.USER-118BB11A66\My Documents\spider.sav
[2010/01/19 13:26:45 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/01/19 13:26:36 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Smart Defrag.lnk
[2004/08/04 00:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2D19FB5C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CD1E978F
< End of report >
____________________________________________________________________________________________________________________

ESET Onlinescan found no Threats, Did'nt open results to supply Scan log...
____________________________________________________________________________________________________________________

Results for MBAM Scan:

Malwarebytes' Anti-Malware 1.44
Database version: 3752
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

17/02/2010 8:28:48 PM
mbam-log-2010-02-17 (20-28-48).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 159717
Time elapsed: 44 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Thanks









#7 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:12:41 PM

Posted 20 February 2010 - 07:43 AM

Hi, flitter-

I have reviewed all your logs and reports, and have not found any malware issues. I did notice that your CPU is a Pentium III which runs at 133MHz, but the minimum requirement for Windows XP is a 233MHz processor - System requirements for Windows XP operating systems. Maybe you should post your problem/question at the Windows XP Home and Professional forum.

If you still think you have an infection, please give me a detailed description of what your computer is doing or not doing and when it started. If you don't think you have an infection, we need to take care of some housekeeping -

We should remove the tools we used and we will do that with OTL-
  • Double click on the icon on your desktop.
  • Click the "CleanUp" button.
  • Restart your computer when prompted.
Please set your system to hide all 'hidden' files.
  • Click Start, open My Computer, select the Tools menu and click Folder Options.
  • Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
  • Check: Hide file extensions for known file types
  • Check the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
It doesn't appear that you have kept your Windows XP SP2 updated. You should visit Windows Update and download the curent updates for SP2. You might want to consider moving to SP3.
Shannon

#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:12:41 PM

Posted 22 February 2010 - 03:02 PM

Hi-

While I am looking at your HighjackThis log, please send me a copy of your last Malwarebytes log. Also, please run two other scans (DDS and GMER) and send me their logs. But, first we need to do some housekeeping.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more throughly at the infected computer -

Open Malwarebytes, click on the Logs tab, click on the entry for lastest log file, and then click on the Open button. Copy the contents of the log and send it to me in your next reply.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a log from the GMER anti-rootkit scanner.
First, please disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation
Next, please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Once you have the above logs, click on the Add Reply button below, copy in the DDS log and the Malwarebytes log, and include the Attach.txt and the GMER log as attachments. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#9 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:12:41 PM

Posted 23 February 2010 - 06:17 AM

hi-

Please ignore my last message. I sent it to you by mistake.


Shannon

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:41 PM

Posted 27 February 2010 - 07:59 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users