Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected!


  • This topic is locked This topic is locked
41 replies to this topic

#16 DiCanio

DiCanio
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 14 April 2010 - 09:38 PM

1.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\ahepogicab.dll.vir a variant of Win32/Cimag.CG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{48346496-E154-416D-B35F-440D0445F185}\RP53\A0043375.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\System Volume Information\_restore{48346496-E154-416D-B35F-440D0445F185}\RP53\A0043376.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\System Volume Information\_restore{48346496-E154-416D-B35F-440D0445F185}\RP53\A0044856.dll a variant of Win32/Cimag.CG trojan cleaned by deleting - quarantined





2.


OTL logfile created on: 14/04/2010 7:40:12 PM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.24 Gb Total Space | 32.91 Gb Free Space | 52.88% Space Free | Partition Type: NTFS
Drive D: | 86.81 Gb Total Space | 29.30 Gb Free Space | 33.75% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UOSL09-7C2840E0
Current User Name: 100350691
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/14 18:43:03 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL(2).exe
PRC - [2010/04/03 12:27:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/17 17:59:26 | 000,619,616 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
PRC - [2009/12/17 17:59:25 | 000,480,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2009/10/26 15:45:38 | 000,843,032 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2009/09/04 14:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/06/05 07:40:40 | 000,372,736 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe
PRC - [2009/04/17 07:29:26 | 001,044,480 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\amtmon.exe
PRC - [2009/04/17 07:22:00 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\rcgui.exe
PRC - [2009/04/15 07:06:00 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\issuser.exe
PRC - [2009/03/24 07:39:52 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2009/03/23 11:03:08 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2009/03/10 07:10:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2009/03/02 06:58:26 | 000,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
PRC - [2009/03/02 06:57:44 | 000,162,456 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FNRB32.exe
PRC - [2009/03/02 06:57:44 | 000,101,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FIH32.exe
PRC - [2009/03/02 06:57:22 | 000,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSMB32.EXE
PRC - [2009/03/02 06:57:20 | 000,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSMA32.EXE
PRC - [2009/03/02 06:57:16 | 000,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FCH32.EXE
PRC - [2009/03/02 06:57:14 | 000,408,160 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FAMEH32.EXE
PRC - [2009/03/02 06:53:38 | 000,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
PRC - [2009/03/02 06:52:02 | 000,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
PRC - [2009/03/02 06:52:00 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2009/03/02 06:51:48 | 000,349,280 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
PRC - [2009/03/02 06:49:38 | 000,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
PRC - [2009/01/07 04:03:00 | 000,060,704 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2008/12/04 07:12:38 | 000,262,144 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2008/11/21 11:04:18 | 000,462,848 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2008/11/21 10:56:20 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2008/09/29 10:17:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2008/07/10 20:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 20:23:22 | 000,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/10 20:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/05/14 16:21:16 | 000,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/30 05:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2007/09/11 09:41:13 | 000,045,056 | ---- | M] () -- C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe
PRC - [2007/08/31 07:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2007/05/18 12:57:26 | 000,229,856 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc4.exe
PRC - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe


========== Modules (SafeList) ==========

MOD - [2010/04/14 18:43:03 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL(2).exe
MOD - [2008/12/05 09:05:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/12/05 09:05:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/09/04 14:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 14:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 14:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/06/05 07:40:40 | 000,372,736 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2009/04/17 07:29:26 | 001,044,480 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\amtmon.exe -- (LANDesk® Out-of-Band Monitor Service) LANDesk®
SRV - [2009/04/15 07:06:00 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2009/03/24 07:39:52 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2009/03/23 11:03:08 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2009/03/10 07:10:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2009/03/02 06:58:26 | 000,055,904 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2009/03/02 06:57:44 | 000,162,456 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)
SRV - [2009/03/02 06:57:20 | 000,117,400 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/03/02 06:53:38 | 000,510,560 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/03/02 06:52:00 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/03/02 06:49:38 | 000,490,080 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2008/11/21 10:56:20 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2008/09/29 10:17:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/08/08 16:04:22 | 000,264,752 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware Tools\VMwareService.exe -- (VMTools)
SRV - [2008/08/08 16:04:21 | 000,294,912 | R--- | M] (ThinPrint GmbH) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe -- (TPAutoConnSvc)
SRV - [2008/07/10 20:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 20:23:22 | 000,901,120 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/07/10 20:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/05/14 16:21:16 | 000,037,416 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/11/30 05:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2007/09/11 09:41:13 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe -- (SSIRuntimeService)
SRV - [2007/08/31 07:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2007/05/18 12:57:26 | 000,229,856 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)


========== Driver Services (SafeList) ==========

DRV - [2010/03/29 14:28:21 | 000,111,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/09/02 01:28:46 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2009/07/13 10:49:41 | 000,033,920 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2009/06/03 14:30:48 | 000,050,704 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2009/06/03 14:29:58 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\iaStor.sys -- (iastor)
DRV - [2009/06/03 14:29:00 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/06/03 14:28:59 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\chdau32.sys -- (CnxtHdAudService)
DRV - [2009/06/03 14:28:59 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2009/06/03 14:28:58 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/06/03 14:28:57 | 000,308,736 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/06/03 14:28:15 | 003,103,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/06/03 14:27:57 | 000,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2009/06/03 14:25:25 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/03 14:25:25 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/03 14:25:24 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/03 14:23:00 | 000,044,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/06/03 14:17:51 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\atiide.sys -- (atiide)
DRV - [2009/06/03 14:16:42 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2009/06/03 14:16:41 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV)
DRV - [2009/06/03 14:16:41 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf)
DRV - [2009/06/03 14:13:18 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2009/03/18 11:59:56 | 000,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2009/03/02 06:53:36 | 000,079,936 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/03/02 06:52:12 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/03/02 06:52:12 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/01/07 04:03:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2008/12/05 09:05:00 | 006,620,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/09/29 10:17:16 | 000,023,848 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2008/08/08 16:04:19 | 000,062,768 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmx_svga.sys -- (vmx_svga)
DRV - [2008/08/08 16:04:19 | 000,034,992 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmxnet.sys -- (vmxnet)
DRV - [2008/08/08 16:04:19 | 000,017,968 | R--- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys -- (vmscsi)
DRV - [2008/08/08 16:04:19 | 000,011,696 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2008/08/08 16:04:18 | 000,092,592 | ---- | M] (VMware, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\hgfs.sys -- (hgfs)
DRV - [2008/08/08 16:04:18 | 000,015,408 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys -- (VMMEMCTL)
DRV - [2008/06/26 06:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/06/13 16:42:56 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/05/14 16:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/05/14 16:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/05/12 22:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/04/18 15:48:50 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys.bak -- (gameenum)
DRV - [2008/04/13 13:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/03 18:46:24 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/05/30 16:23:04 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2007/05/30 16:23:04 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2007/05/30 16:23:04 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/11/30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2001/08/17 08:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1999/09/10 07:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1644491937-682003330-725345543-182271\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-682003330-725345543-182271\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1644491937-682003330-725345543-182271\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {2824987f-69fb-3f4e-8e1d-ddd9ee0c1173}:4.6.6.6


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 13:28:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 12:27:52 | 000,000,000 | ---D | M]

[2010/02/27 22:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100350691\Application Data\Mozilla\Extensions
[2010/02/27 22:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100350691\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/04/14 18:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100350691\Application Data\Mozilla\Firefox\Profiles\n62ky86u.default\extensions
[2009/07/22 16:28:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\100350691\Application Data\Mozilla\Firefox\Profiles\n62ky86u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/19 15:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100350691\Application Data\Mozilla\Firefox\Profiles\n62ky86u.default\extensions\browserhighlighter@ebay.com
[2010/04/14 18:43:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/06 15:43:45 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{2824987f-69fb-3f4e-8e1d-ddd9ee0c1173}

O1 HOSTS File: ([2010/04/14 16:31:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [indrerrm] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\tpshocks.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: AllowMultipleTSSessions = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182271\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182271\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182271\SOFTWARE\Microsoft%

1.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\ahepogicab.dll.vir a variant of Win32/Cimag.CG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{48346496-E154-416D-B35F-440D0445F185}\RP53\A0043375.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\System Volume Information\_restore{48346496-E154-416D-B35F-440D0445F185}\RP53\A0043376.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\System Volume Information\_restore{48346496-E154-416D-B35F-440D0445F185}\RP53\A0044856.dll a variant of Win32/Cimag.CG trojan cleaned by deleting - quarantined





2.


OTL logfile created on: 14/04/2010 7:40:12 PM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.24 Gb Total Space | 32.91 Gb Free Space | 52.88% Space Free | Partition Type: NTFS
Drive D: | 86.81 Gb Total Space | 29.30 Gb Free Space | 33.75% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UOSL09-7C2840E0
Current User Name: 100350691
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/14 18:43:03 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL(2).exe
PRC - [2010/04/03 12:27:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/17 17:59:26 | 000,619,616 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
PRC - [2009/12/17 17:59:25 | 000,480,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2009/10/26 15:45:38 | 000,843,032 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2009/09/04 14:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/06/05 07:40:40 | 000,372,736 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe
PRC - [2009/04/17 07:29:26 | 001,044,480 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\amtmon.exe
PRC - [2009/04/17 07:22:00 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\rcgui.exe
PRC - [2009/04/15 07:06:00 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\issuser.exe
PRC - [2009/03/24 07:39:52 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2009/03/23 11:03:08 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2009/03/10 07:10:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2009/03/02 06:58:26 | 000,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
PRC - [2009/03/02 06:57:44 | 000,162,456 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FNRB32.exe
PRC - [2009/03/02 06:57:44 | 000,101,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FIH32.exe
PRC - [2009/03/02 06:57:22 | 000,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSMB32.EXE
PRC - [2009/03/02 06:57:20 | 000,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSMA32.EXE
PRC - [2009/03/02 06:57:16 | 000,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FCH32.EXE
PRC - [2009/03/02 06:57:14 | 000,408,160 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FAMEH32.EXE
PRC - [2009/03/02 06:53:38 | 000,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
PRC - [2009/03/02 06:52:02 | 000,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
PRC - [2009/03/02 06:52:00 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2009/03/02 06:51:48 | 000,349,280 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
PRC - [2009/03/02 06:49:38 | 000,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
PRC - [2009/01/07 04:03:00 | 000,060,704 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2008/12/04 07:12:38 | 000,262,144 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2008/11/21 11:04:18 | 000,462,848 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2008/11/21 10:56:20 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2008/09/29 10:17:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2008/07/10 20:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 20:23:22 | 000,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/10 20:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/05/14 16:21:16 | 000,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/30 05:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2007/09/11 09:41:13 | 000,045,056 | ---- | M] () -- C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe
PRC - [2007/08/31 07:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2007/05/18 12:57:26 | 000,229,856 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc4.exe
PRC - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe


========== Modules (SafeList) ==========

MOD - [2010/04/14 18:43:03 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL(2).exe
MOD - [2008/12/05 09:05:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/12/05 09:05:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/09/04 14:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 14:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 14:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/06/05 07:40:40 | 000,372,736 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2009/04/17 07:29:26 | 001,044,480 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\amtmon.exe -- (LANDesk® Out-of-Band Monitor Service) LANDesk®
SRV - [2009/04/15 07:06:00 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2009/03/24 07:39:52 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2009/03/23 11:03:08 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2009/03/10 07:10:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2009/03/02 06:58:26 | 000,055,904 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2009/03/02 06:57:44 | 000,162,456 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)
SRV - [2009/03/02 06:57:20 | 000,117,400 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/03/02 06:53:38 | 000,510,560 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/03/02 06:52:00 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/03/02 06:49:38 | 000,490,080 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2008/11/21 10:56:20 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2008/09/29 10:17:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/08/08 16:04:22 | 000,264,752 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware Tools\VMwareService.exe -- (VMTools)
SRV - [2008/08/08 16:04:21 | 000,294,912 | R--- | M] (ThinPrint GmbH) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe -- (TPAutoConnSvc)
SRV - [2008/07/10 20:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 20:23:22 | 000,901,120 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/07/10 20:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/05/14 16:21:16 | 000,037,416 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/11/30 05:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2007/09/11 09:41:13 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe -- (SSIRuntimeService)
SRV - [2007/08/31 07:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2007/05/18 12:57:26 | 000,229,856 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)


========== Driver Services (SafeList) ==========

DRV - [2010/03/29 14:28:21 | 000,111,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/09/02 01:28:46 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2009/07/13 10:49:41 | 000,033,920 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2009/06/03 14:30:48 | 000,050,704 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2009/06/03 14:29:58 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\iaStor.sys -- (iastor)
DRV - [2009/06/03 14:29:00 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/06/03 14:28:59 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\chdau32.sys -- (CnxtHdAudService)
DRV - [2009/06/03 14:28:59 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2009/06/03 14:28:58 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/06/03 14:28:57 | 000,308,736 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/06/03 14:28:15 | 003,103,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/06/03 14:27:57 | 000,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2009/06/03 14:25:25 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/03 14:25:25 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/03 14:25:24 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/03 14:23:00 | 000,044,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/06/03 14:17:51 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\atiide.sys -- (atiide)
DRV - [2009/06/03 14:16:42 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2009/06/03 14:16:41 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV)
DRV - [2009/06/03 14:16:41 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf)
DRV - [2009/06/03 14:13:18 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2009/03/18 11:59:56 | 000,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2009/03/02 06:53:36 | 000,079,936 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/03/02 06:52:12 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/03/02 06:52:12 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/01/07 04:03:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2008/12/05 09:05:00 | 006,620,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/09/29 10:17:16 | 000,023,848 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2008/08/08 16:04:19 | 000,062,768 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmx_svga.sys -- (vmx_svga)
DRV - [2008/08/08 16:04:19 | 000,034,992 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmxnet.sys -- (vmxnet)
DRV - [2008/08/08 16:04:19 | 000,017,968 | R--- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys -- (vmscsi)
DRV - [2008/08/08 16:04:19 | 000,011,696 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2008/08/08 16:04:18 | 000,092,592 | ---- | M] (VMware, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\hgfs.sys -- (hgfs)
DRV - [2008/08/08 16:04:18 | 000,015,408 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys -- (VMMEMCTL)
DRV - [2008/06/26 06:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/06/13 16:42:56 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/05/14 16:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/05/14 16:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/05/12 22:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/04/18 15:48:50 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys.bak -- (gameenum)
DRV - [2008/04/13 13:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/03 18:46:24 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/05/30 16:23:04 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2007/05/30 16:23:04 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2007/05/30 16:23:04 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/11/30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2001/08/17 08:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1999/09/10 07:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1644491937-682003330-725345543-182271\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-682003330-725345543-182271\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1644491937-682003330-725345543-182271\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {2824987f-69fb-3f4e-8e1d-ddd9ee0c1173}:4.6.6.6


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 13:28:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 12:27:52 | 000,000,000 | ---D | M]

[2010/02/27 22:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100350691\Application Data\Mozilla\Extensions
[2010/02/27 22:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100350691\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/04/14 18:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100350691\Application Data\Mozilla\Firefox\Profiles\n62ky86u.default\extensions
[2009/07/22 16:28:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\100350691\Application Data\Mozilla\Firefox\Profiles\n62ky86u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/19 15:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100350691\Application Data\Mozilla\Firefox\Profiles\n62ky86u.default\extensions\browserhighlighter@ebay.com
[2010/04/14 18:43:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/06 15:43:45 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{2824987f-69fb-3f4e-8e1d-ddd9ee0c1173}

O1 HOSTS File: ([2010/04/14 16:31:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [indrerrm] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\tpshocks.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: AllowMultipleTSSessions = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182271\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182271\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182271\SOFTWARE\Microsoft%

1.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\ahepogicab.dll.vir a variant of Win32/Cimag.CG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{48346496-E154-416D-B35F-440D0445F185}\RP53\A0043375.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\System Volume Information\_restore{48346496-E154-416D-B35F-440D0445F185}\RP53\A0043376.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\System Volume Information\_restore{48346496-E154-416D-B35F-440D0445F185}\RP53\A0044856.dll a variant of Win32/Cimag.CG trojan cleaned by deleting - quarantined





2.


OTL logfile created on: 14/04/2010 7:40:12 PM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.24 Gb Total Space | 32.91 Gb Free Space | 52.88% Space Free | Partition Type: NTFS
Drive D: | 86.81 Gb Total Space | 29.30 Gb Free Space | 33.75% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UOSL09-7C2840E0
Current User Name: 100350691
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/14 18:43:03 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL(2).exe
PRC - [2010/04/03 12:27:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/17 17:59:26 | 000,619,616 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
PRC - [2009/12/17 17:59:25 | 000,480,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2009/10/26 15:45:38 | 000,843,032 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2009/09/04 14:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/06/05 07:40:40 | 000,372,736 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe
PRC - [2009/04/17 07:29:26 | 001,044,480 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\amtmon.exe
PRC - [2009/04/17 07:22:00 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\rcgui.exe
PRC - [2009/04/15 07:06:00 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\issuser.exe
PRC - [2009/03/24 07:39:52 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2009/03/23 11:03:08 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2009/03/10 07:10:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2009/03/02 06:58:26 | 000,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
PRC - [2009/03/02 06:57:44 | 000,162,456 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FNRB32.exe
PRC - [2009/03/02 06:57:44 | 000,101,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FIH32.exe
PRC - [2009/03/02 06:57:22 | 000,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSMB32.EXE
PRC - [2009/03/02 06:57:20 | 000,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSMA32.EXE
PRC - [2009/03/02 06:57:16 | 000,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FCH32.EXE
PRC - [2009/03/02 06:57:14 | 000,408,160 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FAMEH32.EXE
PRC - [2009/03/02 06:53:38 | 000,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
PRC - [2009/03/02 06:52:02 | 000,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
PRC - [2009/03/02 06:52:00 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2009/03/02 06:51:48 | 000,349,280 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
PRC - [2009/03/02 06:49:38 | 000,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
PRC - [2009/01/07 04:03:00 | 000,060,704 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2008/12/04 07:12:38 | 000,262,144 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2008/11/21 11:04:18 | 000,462,848 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2008/11/21 10:56:20 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2008/09/29 10:17:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2008/07/10 20:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 20:23:22 | 000,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/10 20:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/05/14 16:21:16 | 000,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/30 05:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2007/09/11 09:41:13 | 000,045,056 | ---- | M] () -- C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe
PRC - [2007/08/31 07:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2007/05/18 12:57:26 | 000,229,856 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc4.exe
PRC - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe


========== Modules (SafeList) ==========

MOD - [2010/04/14 18:43:03 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL(2).exe
MOD - [2008/12/05 09:05:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/12/05 09:05:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/09/04 14:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 14:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 14:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/06/05 07:40:40 | 000,372,736 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2009/04/17 07:29:26 | 001,044,480 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\amtmon.exe -- (LANDesk® Out-of-Band Monitor Service) LANDesk®
SRV - [2009/04/15 07:06:00 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2009/03/24 07:39:52 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2009/03/23 11:03:08 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2009/03/10 07:10:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2009/03/02 06:58:26 | 000,055,904 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2009/03/02 06:57:44 | 000,162,456 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)
SRV - [2009/03/02 06:57:20 | 000,117,400 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/03/02 06:53:38 | 000,510,560 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/03/02 06:52:00 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/03/02 06:49:38 | 000,490,080 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2008/11/21 10:56:20 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2008/09/29 10:17:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/08/08 16:04:22 | 000,264,752 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware Tools\VMwareService.exe -- (VMTools)
SRV - [2008/08/08 16:04:21 | 000,294,912 | R--- | M] (ThinPrint GmbH) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe -- (TPAutoConnSvc)
SRV - [2008/07/10 20:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 20:23:22 | 000,901,120 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/07/10 20:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/05/14 16:21:16 | 000,037,416 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/11/30 05:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2007/09/11 09:41:13 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe -- (SSIRuntimeService)
SRV - [2007/08/31 07:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2007/05/18 12:57:26 | 000,229,856 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)


========== Driver Services (SafeList) ==========

DRV - [2010/03/29 14:28:21 | 000,111,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/09/02 01:28:46 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2009/07/13 10:49:41 | 000,033,920 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2009/06/03 14:30:48 | 000,050,704 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2009/06/03 14:29:58 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\iaStor.sys -- (iastor)
DRV - [2009/06/03 14:29:00 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/06/03 14:28:59 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\chdau32.sys -- (CnxtHdAudService)
DRV - [2009/06/03 14:28:59 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2009/06/03 14:28:58 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/06/03 14:28:57 | 000,308,736 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/06/03 14:28:15 | 003,103,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/06/03 14:27:57 | 000,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2009/06/03 14:25:25 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/03 14:25:25 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/03 14:25:24 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/03 14:23:00 | 000,044,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/06/03 14:17:51 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\atiide.sys -- (atiide)
DRV - [2009/06/03 14:16:42 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2009/06/03 14:16:41 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV)
DRV - [2009/06/03 14:16:41 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf)
DRV - [2009/06/03 14:13:18 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2009/03/18 11:59:56 | 000,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2009/03/02 06:53:36 | 000,079,936 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/03/02 06:52:12 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/03/02 06:52:12 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/01/07 04:03:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2008/12/05 09:05:00 | 006,620,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/09/29 10:17:16 | 000,023,848 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2008/08/08 16:04:19 | 000,062,768 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmx_svga.sys -- (vmx_svga)
DRV - [2008/08/08 16:04:19 | 000,034,992 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmxnet.sys -- (vmxnet)
DRV - [2008/08/08 16:04:19 | 000,017,968 | R--- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys -- (vmscsi)
DRV - [2008/08/08 16:04:19 | 000,011,696 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2008/08/08 16:04:18 | 000,092,592 | ---- | M] (VMware, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\hgfs.sys -- (hgfs)
DRV - [2008/08/08 16:04:18 | 000,015,408 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys -- (VMMEMCTL)
DRV - [2008/06/26 06:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/06/13 16:42:56 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/05/14 16:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/05/14 16:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/05/12 22:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/04/18 15:48:50 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys.bak -- (gameenum)
DRV - [2008/04/13 13:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/03 18:46:24 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/05/30 16:23:04 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2007/05/30 16:23:04 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2007/05/30 16:23:04 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/11/30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2001/08/17 08:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1999/09/10 07:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1644491937-682003330-725345543-182271\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-682003330-725345543-182271\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1644491937-682003330-725345543-182271\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {2824987f-69fb-3f4e-8e1d-ddd9ee0c1173}:4.6.6.6


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 13:28:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 12:27:52 | 000,000,000 | ---D | M]

[2010/02/27 22:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100350691\Application Data\Mozilla\Extensions
[2010/02/27 22:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100350691\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/04/14 18:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100350691\Application Data\Mozilla\Firefox\Profiles\n62ky86u.default\extensions
[2009/07/22 16:28:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\100350691\Application Data\Mozilla\Firefox\Profiles\n62ky86u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/19 15:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\100350691\Application Data\Mozilla\Firefox\Profiles\n62ky86u.default\extensions\browserhighlighter@ebay.com
[2010/04/14 18:43:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/06 15:43:45 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{2824987f-69fb-3f4e-8e1d-ddd9ee0c1173}

O1 HOSTS File: ([2010/04/14 16:31:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [indrerrm] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\tpshocks.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: AllowMultipleTSSessions = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182271\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182271\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-682003330-725345543-182271\SOFTWARE\Microsoft%

BC AdBot (Login to Remove)

 


#17 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:12 PM

Posted 15 April 2010 - 12:04 PM

Hi,

the OTL file seems to have been cut off, could you please check if the file isn't longer.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#18 DiCanio

DiCanio
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 15 April 2010 - 12:15 PM

It seems to be too long to post.. here it is attached.

Edited by DiCanio, 15 April 2010 - 12:16 PM.


#19 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:12 PM

Posted 15 April 2010 - 12:23 PM

Hi,

this is looking good actually. There are a couple of leftovers we need to remove:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    [2010/03/14 16:03:46 | 000,013,230 | -HS- | C] () -- C:\Documents and Settings\100350691\Local Settings\Application Data\0kl2Qs8
    [2010/04/06 13:23:42 | 000,005,556 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\86K35bLqF
    [2010/04/06 13:23:42 | 000,005,556 | -HS- | C] () -- C:\Documents and Settings\100350691\Local Settings\Application Data\86K35bLqF
    IE - HKU\S-1-5-21-1644491937-682003330-725345543-182271\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#20 DiCanio

DiCanio
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 15 April 2010 - 12:40 PM

1.

All processes killed
========== OTL ==========
C:\Documents and Settings\100350691\Local Settings\Application Data\0kl2Qs8 moved successfully.
C:\Documents and Settings\All Users\Application Data\86K35bLqF moved successfully.
C:\Documents and Settings\100350691\Local Settings\Application Data\86K35bLqF moved successfully.
Unable to set value : HKU\S-1-5-21-1644491937-682003330-725345543-182271\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E!
========== COMMANDS ==========

[EMPTYTEMP]

User: 100350691
->Temp folder emptied: 705769 bytes
->Temporary Internet Files folder emptied: 10278244 bytes
->Java cache emptied: 23660156 bytes
->FireFox cache emptied: 59654264 bytes
->Flash cache emptied: 115760 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 7617538 bytes
->FireFox cache emptied: 32712706 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Default User
->Java cache emptied: 7617522 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6195764 bytes
->Java cache emptied: 13 bytes
->Flash cache emptied: 3717 bytes

User: Test
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16895 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 111063 bytes

Total Files Cleaned = 144.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04152010_132624

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JTYI5KEF\article1535053[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JTYI5KEF\openhand_8_8[1].bmp moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JTYI5KEF\Process9726961f[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JTYI5KEF\Process9726a61f[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GCKV6X81\Process52508dca[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FCR4IEVV\home3[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FCR4IEVV\ms[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FCR4IEVV\Process2bc247f0[1].htm moved successfully.

Registry entries deleted on Reboot...


2.

Attached Files

  • Attached File  OTL1.Txt   98.53KB   6 downloads

Edited by DiCanio, 15 April 2010 - 12:41 PM.


#21 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:12 PM

Posted 15 April 2010 - 02:29 PM

Hi,

Please run a final fix, then we should be good:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    FF - prefs.js..extensions.enabledItems: {2824987f-69fb-3f4e-8e1d-ddd9ee0c1173}:4.6.6.6
    [2010/04/06 15:43:45 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{2824987f-69fb-3f4e-8e1d-ddd9ee0c1173}
    :files
    C:\Windows\tasks\at*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please also update your Java:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#22 DiCanio

DiCanio
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 15 April 2010 - 02:49 PM

1.


========== OTL ==========
Prefs.js: {2824987f-69fb-3f4e-8e1d-ddd9ee0c1173}:4.6.6.6 removed from extensions.enabledItems
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{2824987f-69fb-3f4e-8e1d-ddd9ee0c1173}\components scheduled to be moved on reboot.
C:\Program Files\Mozilla Firefox\extensions\{2824987f-69fb-3f4e-8e1d-ddd9ee0c1173}\chrome folder moved successfully.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{2824987f-69fb-3f4e-8e1d-ddd9ee0c1173} scheduled to be moved on reboot.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.

OTL by OldTimer - Version 3.2.1.1 log created on 04152010_153850

Files\Folders moved on Reboot...
C:\Program Files\Mozilla Firefox\extensions\{2824987f-69fb-3f4e-8e1d-ddd9ee0c1173}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{2824987f-69fb-3f4e-8e1d-ddd9ee0c1173} folder moved successfully.

Registry entries deleted on Reboot...

Edited by DiCanio, 15 April 2010 - 02:51 PM.


#23 DiCanio

DiCanio
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 15 April 2010 - 02:51 PM

delete

Edited by DiCanio, 15 April 2010 - 03:27 PM.


#24 DiCanio

DiCanio
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 15 April 2010 - 02:52 PM

delete

Edited by DiCanio, 15 April 2010 - 03:27 PM.


#25 DiCanio

DiCanio
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 15 April 2010 - 03:00 PM

delete

Edited by DiCanio, 15 April 2010 - 03:27 PM.


#26 DiCanio

DiCanio
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 15 April 2010 - 03:04 PM

delete

Edited by DiCanio, 15 April 2010 - 03:27 PM.


#27 DiCanio

DiCanio
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 15 April 2010 - 03:26 PM

thanks a lot of the help once again. you pretty much saved my life!



one problem though.. for some reason there is no icon for my antivirus software in the bottom right corner.. also when i open it, i am unable to run a scan. it was like this a couple of days ago and it is still not working.

Attached Files

  • Attached File  otll.txt   97.69KB   5 downloads

Edited by DiCanio, 15 April 2010 - 03:29 PM.


#28 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:12 PM

Posted 15 April 2010 - 03:31 PM

Hi,

I assume you can not reinstall the application? That would be the easiest thing. The program is shown as up and running in your log by the way, so it is only the icon that is missing.
Could you please give me the error you get when trying to run a scan.

regards myrti

Edited by myrti, 15 April 2010 - 03:31 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#29 DiCanio

DiCanio
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 15 April 2010 - 03:34 PM

I cannot re-install, no.. and when I click "scan computer" normally another window popups and starts the scan, but nothing happens when I click it now (no error message or anything). Is it even a big deal as long as the program is running?

edit: also i'm still getting some questionable popups.. they're rare but they still show up occasionally.

Edited by DiCanio, 15 April 2010 - 03:45 PM.


#30 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:12 PM

Posted 15 April 2010 - 03:50 PM

Hi,

could you give me an address of such a popup? Could those be "normal" popups? Do you use a popup blocker?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users