Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Infections, Unknown Type


  • This topic is locked This topic is locked
10 replies to this topic

#1 DougCKaty

DougCKaty

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 01 September 2010 - 12:19 PM

The main symptom I have is something taking over and using up large blocks of memory. Even with nothing running except TaskManager, commited memory goes up beyond 1 GB, then usually settles back down to more reasonable 500 - 600 Mb. Usually accompanied by computer at least slowing down, and frequently bogging down completely. Task manager typically shows nothing going on except for itself and idle time. Frequently cannot even shutdown, and have to force power shutdown.

Had to try three times to get the GER log. On the second time I did catch some suspicious activity being reported by TM. It showed UPDATE.EXE, DEFRAG.EXE, DRWTSN32.EXE, TFUN.EXE and SSMYPICS.EXE all running, each with about 20 - 25% off processor time. Note that I had nothing running at the time except for GER and TM.

However, this was atypical in being able to see anything going on via TM. Usually shows nothing but idle time.

I was able to upload / attach the ATTACH.TXT file, but had to compress / zip the ARK file. It was 703 kb uncompressed.

DDS Log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 18:26:22.12 on Mon 08/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.242 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\S3apphk.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.comcast.net/
uDefault_Search_URL = hxxp://srch-us4.hpwis.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
mWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - &Yahoo! Messenger
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} - No File
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [ScanSoft OmniPage 16-reminder] "c:\program files\scansoft\omnipage16\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 16\ereg\Ereg.ini"
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [S3apphk] S3apphk.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [hp Silent Service] c:\windows\system32\HpSrvUI.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD}
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxp://helpdesk.richline.cc/inc/kaxRemote.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-08-30 23:11:23 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-08-28 20:44:46 0 d-----w- c:\program files\Runtime Software
2010-08-19 01:00:56 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-19 01:00:56 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-12 03:47:31 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-08-12 03:46:08 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-08-12 03:43:28 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2010-08-12 03:43:07 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-08-12 03:42:12 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-08-12 03:37:39 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-08-12 03:37:37 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-08-12 03:37:27 315392 ----a-r- c:\windows\system32\hposc_p02a.dll
2010-08-12 03:36:49 966656 ------w- c:\windows\system32\SET43.tmp
2010-08-12 03:35:50 966656 ------w- c:\windows\system32\SET41.tmp
2010-08-12 03:34:20 966656 ------w- c:\windows\system32\SET40.tmp
2010-08-12 03:31:46 712704 ----a-r- c:\windows\system32\hposwia_p02d.dll
2010-08-12 03:29:51 712704 ------w- c:\windows\system32\SET3E.tmp
2010-08-12 03:29:21 15104 ----a-w- c:\windows\system32\drivers\SET3A.tmp
2010-08-12 03:29:21 15104 ------w- c:\windows\system32\drivers\SET3D.tmp
2010-08-09 18:31:50 1469233793 ----a-w- c:\temp\Windows Easy Transfer - Items from old computer.zip
2010-08-09 17:01:56 0 d-----w- c:\program files\Windows Easy Transfer 7
2010-08-09 07:34:32 0 d-----w- c:\docume~1\owner\applic~1\PC Tools
2010-08-08 04:19:14 0 ----a-w- C:\install.rdf
2010-08-07 15:50:09 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-08-07 15:50:09 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-08-07 15:50:08 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-08-07 15:36:47 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-08-07 15:36:47 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-07 15:36:12 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-07 15:36:12 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-08-07 15:36:12 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-08-07 15:36:12 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-07 15:35:45 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-08-07 15:35:45 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-07 15:35:21 0 d-----w- c:\program files\Spyware Doctor
2010-08-07 15:35:21 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-08-07 00:03:17 0 d-----w- c:\docume~1\owner\applic~1\Registry Mechanic
2010-08-06 23:09:05 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-08-06 23:09:05 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-08-06 23:09:05 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-08-06 23:09:05 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-08-06 23:08:51 0 d-----w- c:\program files\common files\PC Tools

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-10-15 13:09:55 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-07-22 00:47:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072120080722\index.dat

============= FINISH: 18:31:31.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:25 AM

Posted 09 September 2010 - 07:27 AM

Hello DougCKaty, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delay
in replying, we are very busy at the moment.

Please note because we are very busy, if I don't hear from you within 5 days the topic will be closed, If you
have since resolved your issues I would appreciate if you would let me no so I can close this topic.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check all of the boxes. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • MBAM log
  • RKUnHooker report
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#3 DougCKaty

DougCKaty
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 09 September 2010 - 03:40 PM

I'm not sure if I was supposed to start a new topic to respond to Syler's response, but couldn't figure out another way.

I was able to run MBAM and OTL, logs are attached.

I tried several times to run RKUnHooker, and it never finished. It was taking 99% of CPU cycles (1% was task manager), but very little disk activitiy.

Attached Files


Edited by Pandy, 09 September 2010 - 06:03 PM.
Merged topics. ~Pandy


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:25 AM

Posted 10 September 2010 - 12:21 PM

Hello,

When replying please just use the addreply button on this topic, also please copy and paste the reports rather than
attaching them, thanks.


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#5 DougCKaty

DougCKaty
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 10 September 2010 - 03:18 PM

Below is the ComboFix log text.

It ran for way longer than I would have expected, given the text at the top that said something about 10 minutes, maybe double that if badly infected. It ran on my machine for over 2 hours. It stepped through the 50 processes at what I thought was fairly good rate. It took a really long time deleting C:\Win, and also took a long time generating the log.

I have PC Tools Spyware Doctor with Antivirus as protection right now. Tried to disable, but it still showed "Antivirus Engine" still active. I even tried to delete the process via Task Manager, but it would let me shut it off that way. ComboFix gave me the "proceed at your own risk message. Neither ComboFix nor PC Tools gave any warnings once things had started.

I also noted that ComboFix turned off the Task Manager, which I've gotten in the habit of keeping running, to see when things get hung up. I'm guessing that is normal.

I've not really tried any other serious activities yet, except for sending in this log.

Thanks

ComboFix Log

ComboFix 10-09-09.04 - Owner 09/10/2010 13:40:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.131 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\AutoPlay.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe
c:\documents and settings\Owner\Cookies.zip
C:\Win
c:\win\WIN\2004-05 Calendar.wps
c:\win\WIN\Child Care.wps
c:\win\WIN\Confusion - English language.wps
c:\win\WIN\Exam books - Delta.wps
c:\win\WIN\How come.wps
c:\win\WIN\Hypocrisies.wps
c:\win\WIN\Info.wps
c:\win\WIN\Refreshment sign up.wps
c:\win\WIN\Registration Card.wps
c:\win\WIN\Resource topics & questions.wps
c:\win\WIN\Sign up sheet for Child Care.wps
c:\win\WIN\Staff 2004-05.wps
c:\win\WIN\Teacher info.wps
c:\win\WIN\UP.txt
c:\win\WIN\Waiver of Liability.wps
c:\win\WIN\WIN Groups 2003.wps
c:\win\WIN\WIN Groups 2004.wps
c:\win\WIN\WIN Schedule 03-04.wps
c:\win\WIN\WORKOUT.wps
c:\windows\system\oeminfo.ini
c:\windows\system32\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))
.

2010-09-09 14:29 . 2010-09-09 14:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-09-09 14:28 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-09 14:28 . 2010-09-09 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-09 14:28 . 2010-09-09 14:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-09 14:28 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-28 20:44 . 2010-08-28 20:44 -------- d-----w- c:\program files\Runtime Software
2010-08-19 01:00 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-19 01:00 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-13 18:37 . 2010-08-13 18:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-12 03:47 . 2008-10-28 09:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-08-12 03:46 . 2008-10-28 09:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-08-12 03:43 . 2009-04-16 19:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2010-08-12 03:43 . 2009-04-16 19:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2010-08-12 03:43 . 2009-04-15 20:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-08-12 03:42 . 2008-10-28 09:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-08-12 03:37 . 2008-10-28 09:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-08-12 03:37 . 2008-10-28 09:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-08-12 03:37 . 2009-02-10 19:03 315392 ----a-r- c:\windows\system32\hposc_p02a.dll
2010-08-12 03:31 . 2009-02-10 19:03 712704 ----a-r- c:\windows\system32\hposwia_p02d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 18:28 . 2010-08-09 07:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 16:48 . 2010-08-07 15:35 -------- d-----w- c:\program files\Spyware Doctor
2010-08-27 19:23 . 2010-06-24 19:32 -------- d-----w- c:\program files\dl_Cats
2010-08-16 03:03 . 2005-04-11 17:44 -------- d-----w- c:\program files\Common Files\Real
2010-08-16 03:03 . 2005-04-11 17:44 -------- d-----w- c:\program files\Real
2010-08-16 02:57 . 2007-06-09 15:36 -------- d-----w- c:\program files\NoteWorthy Composer
2010-08-16 02:55 . 2005-04-11 06:51 -------- d-----w- c:\program files\hp photosmart
2010-08-16 02:17 . 2005-04-11 06:51 -------- d-----w- c:\program files\Hewlett-Packard
2010-08-15 22:24 . 2005-04-11 06:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-09 17:36 . 2005-04-11 16:10 94656 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-09 17:06 . 2008-07-09 15:54 -------- d-----w- c:\program files\MSECache
2010-08-09 17:02 . 2010-08-09 17:01 -------- d-----w- c:\program files\Windows Easy Transfer 7
2010-08-09 13:39 . 2006-06-22 20:30 -------- d-----w- c:\program files\ACW
2010-08-09 08:16 . 2006-08-17 18:14 -------- d-----w- c:\program files\Common Files\McAfee
2010-08-09 08:16 . 2006-03-12 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-08-09 08:16 . 2006-03-12 00:03 -------- d-----w- c:\program files\McAfee
2010-08-09 08:16 . 2009-04-24 14:58 -------- d-----w- c:\program files\Google
2010-08-09 08:16 . 2007-06-18 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skyline
2010-08-09 08:16 . 2006-08-29 15:21 -------- d-----w- c:\program files\Sayz Me
2010-08-09 08:16 . 2005-04-11 06:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-09 08:16 . 2005-07-15 22:57 -------- d-----w- c:\program files\Java
2010-08-09 08:15 . 2008-10-03 03:50 -------- d-----w- c:\program files\DivX
2010-08-09 08:15 . 2009-04-25 20:23 -------- d-----w- c:\program files\Earth Viewpoint
2010-08-09 08:15 . 2005-12-31 02:38 -------- d-----w- c:\program files\Aluria Software
2010-08-09 08:15 . 2005-08-21 03:22 -------- d-----w- c:\program files\Droid Informatica
2010-08-09 07:35 . 2010-08-06 23:08 -------- d-----w- c:\program files\Common Files\PC Tools
2010-08-09 07:34 . 2010-08-09 07:34 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2010-08-09 07:34 . 2010-08-07 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-08 03:48 . 2006-10-07 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-08-07 00:03 . 2010-08-07 00:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Registry Mechanic
2010-08-05 13:46 . 2010-08-06 23:09 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-08-04 12:47 . 2010-08-04 12:47 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-630932ce-n\msvcp71.dll
2010-08-04 12:47 . 2010-08-04 12:47 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2f773d75-n\decora-sse.dll
2010-08-04 12:47 . 2010-08-04 12:47 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-630932ce-n\jmc.dll
2010-08-04 12:47 . 2010-08-04 12:47 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-630932ce-n\msvcr71.dll
2010-08-04 12:47 . 2010-08-04 12:47 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2f773d75-n\decora-d3d.dll
2010-08-04 10:11 . 2010-07-28 11:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-19 15:59 . 2006-06-27 21:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Netscape
2010-07-19 15:51 . 2005-09-23 20:23 -------- d-----w- c:\program files\F-MIT
2010-07-19 15:46 . 2005-06-02 13:37 -------- d-----w- c:\program files\DataSend
2010-07-19 15:22 . 2005-06-03 16:51 -------- d-----w- c:\program files\Olympus
2010-07-19 15:15 . 2006-01-08 01:24 -------- d-----w- c:\program files\Yahoo!
2010-07-16 21:46 . 2010-07-16 21:46 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2010-06-30 12:31 . 2005-04-11 07:01 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2005-04-11 07:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2005-04-11 07:01 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2005-04-11 07:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2005-04-11 07:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-04-11 06:58 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-14 07:41 . 2005-04-11 07:01 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2006-11-16 35368]
"ScanSoft OmniPage 16-reminder"="c:\program files\ScanSoft\OmniPage16\Ereg\Ereg.exe" [2007-07-20 328992]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2007-02-22 73728]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"S3apphk"="S3apphk.exe" [2001-12-05 28672]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-06-16 212992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"PS2"="c:\windows\system32\ps2.exe" [2001-07-04 81920]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-13 36864]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-11 30248]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-10 28672]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-11 46632]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"hpScannerFirstBoot"="c:\hp\drivers\scanners\scannerfb.exe" [2001-12-14 20480]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"hp Silent Service"="c:\windows\system32\HpSrvUI.exe" [2001-11-30 32768]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINDOWS\\SYSTEM32\\dlbxcoms.exe"=

R0 AluriaFilter;AluriaFilter;c:\windows\system32\DRIVERS\AlurFltr.sys [x]
R2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS);c:\windows\system32\Drivers\icd2w2k.sys [2005-03-30 12427]
R2 MCUSBICD2LDR;Microchip MPLAB ICD 2 Firmware Loader Driver (ICD2W2KL.SYS);c:\windows\system32\Drivers\icd2w2kl.sys [2005-03-30 16556]
R3 AL_ADSFilter;AL_ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\AL_ADSFilter.sys [x]
R3 epcfw2k;SCM Parallel Port CF Driver;c:\windows\system32\DRIVERS\epcfw2k.sys [2001-08-17 144896]
R3 Normandy;Normandy SR2; [x]
R3 trid3d;trid3d;c:\windows\system32\DRIVERS\trid3dm.sys [2001-12-28 149244]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-02-02 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-02-02 59664]
S1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\drivers\pctgntdi.sys [2010-02-05 233136]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S3 pctplsg;pctplsg;c:\windows\SYSTEM32\drivers\pctplsg.sys [2010-04-08 63360]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-02-02 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service [x]


--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://srch-us4.hpwis.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-OpAgent - OpAgent.exe
AddRemove-SLABCOMM - c:\windows\system32\uninstall.exe
AddRemove-Works2002Setup - c:\program files\Microsoft Works and Money 2002\Setup\Launcher.exe \hp\tmp\src\



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 14:36
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2626759393-3991436212-650978795-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
c:\program files\Spyware Doctor\TFEngine\TFNI.dll
c:\program files\Spyware Doctor\TFEngine\TFMon.dll
c:\program files\Spyware Doctor\TFEngine\TFRK.dll

- - - - - - - > 'lsass.exe'(716)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
.
Completion time: 2010-09-10 15:04:16
ComboFix-quarantined-files.txt 2010-09-10 20:03

Pre-Run: 46,909,382,656 bytes free
Post-Run: 49,839,652,864 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows Whistler Personal" /fastdetect /NoExecute=OptIn

- - End Of File - - 597E0888C6F8F224B839689F9E8D12F9


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:25 AM

Posted 10 September 2010 - 05:34 PM

It was most likely your AntiVirus interfering that made the scan take so long, how is the computer running now?


I can see that you have the registry cleaner program Registry Mechanic installed
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is
up to the user, so just take this as a recommendation from my side.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VNUSB.sys -- (VNUSB)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS -- (Freedom)
    DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\AlurFltr.sys -- (AluriaFilter)
    DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\AL_ADSFilter.sys -- (AL_ADSFilter) AL_ADSFilter - (Aluria Filter Driver)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost
    IE - HKU\S-1-5-21-2626759393-3991436212-650978795-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-2626759393-3991436212-650978795-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\S-1-5-21-2626759393-3991436212-650978795-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-2626759393-3991436212-650978795-1003\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
    O3 - HKU\S-1-5-21-2626759393-3991436212-650978795-1003\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
    O3 - HKU\S-1-5-21-2626759393-3991436212-650978795-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKU\S-1-5-21-2626759393-3991436212-650978795-1003..\Run: [OpAgent]  File not found
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutoPlay.exe ()
    O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe ()
    O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Value error. File not found
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} http://helpdesk.richline.cc/inc/kaxRemote.dll (kasRmtHlp Class)
    [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
    [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    :Commands
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan by clicking Run Scan and post the new OTL log.

unite.jpg


#7 DougCKaty

DougCKaty
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 10 September 2010 - 07:34 PM

It seems to be doing better - haven't seen anything start gobbling memory, anyway.

Here's the first OTL / Run Fix log:

All processes killed
========== OTL ==========
Service VNUSB stopped successfully!
Service VNUSB deleted successfully!
File C:\WINDOWS\System32\DRIVERS\VNUSB.sys not found.
Service Freedom stopped successfully!
Service Freedom deleted successfully!
File C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS not found.
Service AluriaFilter stopped successfully!
Service AluriaFilter deleted successfully!
File C:\WINDOWS\System32\DRIVERS\AlurFltr.sys not found.
Error: No service named AL_ADSFilter) AL_ADSFilter - (Aluria Filter Driver was found to stop!
Service\Driver key AL_ADSFilter) AL_ADSFilter - (Aluria Filter Driver not found.
File C:\WINDOWS\System32\DRIVERS\AL_ADSFilter.sys not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2626759393-3991436212-650978795-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
HKU\S-1-5-21-2626759393-3991436212-650978795-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-2626759393-3991436212-650978795-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-2626759393-3991436212-650978795-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ not found.
Registry value HKEY_USERS\S-1-5-21-2626759393-3991436212-650978795-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_USERS\S-1-5-21-2626759393-3991436212-650978795-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-2626759393-3991436212-650978795-1003\Software\Microsoft\Windows\CurrentVersion\Run\\OpAgent not found.
File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutoPlay.exe not found.
File C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {AA299E98-6FB5-409F-99D3-D30D749F4864}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AA299E98-6FB5-409F-99D3-D30D749F4864}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AA299E98-6FB5-409F-99D3-D30D749F4864}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA299E98-6FB5-409F-99D3-D30D749F4864}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AA299E98-6FB5-409F-99D3-D30D749F4864}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA299E98-6FB5-409F-99D3-D30D749F4864}\ not found.
C:\WINDOWS\System32\drivers\SET3A.tmp deleted successfully.
C:\WINDOWS\System32\drivers\SET3D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\riched20.dll.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 4086125 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 180358 bytes
->Flash cache emptied: 596 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7049596 bytes
->Java cache emptied: 140899787 bytes
->Google Chrome cache emptied: 6058247 bytes
->Flash cache emptied: 2140361 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 6503953 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49816 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3988000 bytes

Total Files Cleaned = 163.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09102010_184127

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


HERE'S THE 2ND OTL / RUN SCAN LOG

OTL logfile created on: 9/10/2010 6:49:57 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 66.00 Mb Available Physical Memory | 14.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1200 1800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.56 Gb Total Space | 46.56 Gb Free Space | 66.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINHOME
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/09 13:21:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2008/04/13 19:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\snmp.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/22 21:10:50 | 000,538,096 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\dlbxcoms.exe
PRC - [2007/01/11 13:01:16 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2002/03/18 06:00:57 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb05.exe
PRC - [2001/12/05 02:02:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\SYSTEM32\S3apphk.exe
PRC - [2001/11/29 22:49:24 | 000,032,768 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\SYSTEM32\HpSrvUI.exe


========== Modules (SafeList) ==========

MOD - [2010/09/09 13:21:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/02/26 07:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2010/02/02 09:13:54 | 000,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2001/12/05 02:03:40 | 000,040,960 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\SYSTEM32\S3appdll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2008/04/13 19:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\snmp.exe -- (SNMP)
SRV - [2007/05/22 21:10:50 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\AL_ADSFilter.sys -- (AL_ADSFilter) AL_ADSFilter - (Aluria Filter Driver)
DRV - [2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 09:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 09:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 09:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2005/03/30 14:59:22 | 000,016,556 | ---- | M] (Microchip Technology, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\icd2w2kl.sys -- (MCUSBICD2LDR) Microchip MPLAB ICD 2 Firmware Loader Driver (ICD2W2KL.SYS)
DRV - [2005/03/30 14:59:22 | 000,012,427 | ---- | M] (Microchip Technology, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\icd2w2k.sys -- (MCUSBICD2) Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS)
DRV - [2004/08/19 15:41:58 | 000,084,512 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\slabser.sys -- (slabser)
DRV - [2004/08/19 15:41:32 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\slabbus.sys -- (slabbus) CP2101 USB Composite Device driver (WDM)
DRV - [2003/03/31 15:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/01/28 07:56:00 | 000,187,648 | ---- | M] (NVIDIAŽ Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIAŽ nForce™
DRV - [2002/01/28 07:56:00 | 000,013,056 | ---- | M] (NVIDIAŽ Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\nvax.sys -- (nvax) Service for NVIDIAŽ nForce™
DRV - [2002/01/13 17:44:00 | 000,096,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\NVENET.sys -- (NVENET)
DRV - [2001/12/29 06:10:40 | 000,163,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\sisgrp.sys -- (SiS315)
DRV - [2001/12/27 22:11:10 | 000,149,244 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\trid3dm.sys -- (trid3d)
DRV - [2001/12/15 10:21:44 | 000,013,716 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys -- (pfc)
DRV - [2001/12/11 07:57:00 | 000,793,257 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/12/08 00:26:00 | 000,013,502 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/09/28 21:52:04 | 000,027,008 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP)
DRV - [2001/08/17 16:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 14:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 14:50:20 | 000,144,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\epcfw2k.sys -- (epcfw2k)
DRV - [2001/08/08 16:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 16:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 16:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 16:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 16:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 16:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 16:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 16:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 16:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 16:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/09/10 14:36:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [DLBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL ()
O4 - HKLM..\Run: [hp Silent Service] C:\WINDOWS\SYSTEM32\HpSrvUI.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\ScannerFB.EXE (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\SYSTEM32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [S3apphk] C:\WINDOWS\System32\S3apphk.exe ()
O4 - HKLM..\Run: [ScanSoft OmniPage 16-reminder] C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:1 () - http://www.bleepingcomputer.com/forums/topic34773.html
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/02/04 23:34:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/10 18:41:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/10 15:34:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/10 13:34:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/10 13:26:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/10 13:26:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/10 13:26:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/10 13:26:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/10 13:25:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/10 13:09:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/09 13:21:01 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/09 09:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/09/09 09:28:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/09 09:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/09 09:28:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/09 09:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/28 15:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/08/18 20:00:56 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/08/11 22:43:28 | 000,123,904 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpf3l70v.dll
[2010/08/11 22:43:07 | 000,452,408 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2010/08/11 22:37:39 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2010/08/11 22:37:37 | 000,372,736 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2010/08/11 22:37:27 | 000,315,392 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hposc_p02a.dll
[2010/08/11 22:31:46 | 000,712,704 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hposwia_p02d.dll
[2007/01/30 14:47:52 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxpmui.dll
[2007/01/30 14:46:00 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxserv.dll
[2007/01/30 14:38:18 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxcomm.dll
[2007/01/30 14:36:30 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxlmpm.dll
[2007/01/30 14:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxiesc.dll
[2007/01/30 14:32:06 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxpplc.dll
[2007/01/30 14:31:08 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxcomc.dll
[2007/01/30 14:30:30 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxprox.dll
[2007/01/30 14:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxinpa.dll
[2007/01/30 14:21:46 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxusb1.dll
[2007/01/30 14:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxhbn3.dll

========== Files - Modified Within 30 Days ==========

[2010/09/10 18:46:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/10 18:46:40 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/09/10 18:45:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/10 18:45:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/10 18:45:26 | 502,845,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/10 18:44:25 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/09/10 18:44:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/09/10 15:39:24 | 000,000,399 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Shortcuts.lnk
[2010/09/10 14:37:38 | 000,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/10 14:36:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/10 13:34:38 | 000,000,318 | RHS- | M] () -- C:\BOOT.INI
[2010/09/09 13:21:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/30 18:11:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/08/28 17:07:58 | 000,852,283 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Drive_C.xml
[2010/08/28 17:07:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Drive_C.dat
[2010/08/13 13:23:41 | 000,307,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 00:11:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 00:05:15 | 000,528,256 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 00:05:15 | 000,459,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 00:05:15 | 000,079,204 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/09/10 15:39:24 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Shortcuts.lnk
[2010/09/10 13:34:36 | 000,000,201 | ---- | C] () -- C:\Boot.bak
[2010/09/10 13:34:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/10 13:26:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/10 13:26:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/10 13:26:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/10 13:26:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/10 13:26:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/30 18:11:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/08/28 17:07:57 | 000,852,283 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Drive_C.xml
[2010/08/28 17:07:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Drive_C.dat
[2009/05/29 11:01:59 | 000,000,780 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/02/09 12:59:50 | 000,040,902 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\image.raw
[2008/06/14 14:42:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2007/10/10 10:21:26 | 000,031,931 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/08/30 12:02:28 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2007/08/24 14:09:08 | 000,254,976 | ---- | C] () -- C:\WINDOWS\System32\SMSEQ.DLL
[2007/08/24 14:09:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SMOOTHS.DLL
[2007/08/24 14:09:08 | 000,014,048 | ---- | C] () -- C:\WINDOWS\System32\SMOOTH16.DLL
[2007/08/24 14:09:07 | 000,009,984 | ---- | C] () -- C:\WINDOWS\System32\BTDESIGN.DLL
[2007/07/29 17:12:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/04/02 14:10:30 | 000,000,772 | ---- | C] () -- C:\WINDOWS\libmgr.INI
[2007/02/19 07:26:42 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
[2007/02/19 07:26:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
[2007/02/19 07:26:16 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
[2007/02/19 07:23:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
[2007/02/19 07:23:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
[2007/02/19 07:23:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
[2007/02/19 07:23:08 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
[2007/02/19 07:21:58 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
[2007/02/07 17:57:16 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlbxcoin.dll
[2007/01/22 07:18:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcfg.dll
[2006/12/29 14:55:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DXFIN.DLL
[2006/12/29 14:55:52 | 000,010,720 | ---- | C] () -- C:\WINDOWS\System32\SCRLIB.DLL
[2006/07/14 10:38:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/01/14 18:24:14 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/01/12 17:04:57 | 000,379,262 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\temp.bmp
[2006/01/12 16:50:24 | 000,000,061 | R--- | C] () -- C:\WINDOWS\System32\uninstall.ini
[2006/01/12 12:23:14 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/20 22:18:00 | 000,022,528 | ---- | C] () -- C:\WINDOWS\exeshl.dll
[2005/08/20 22:18:00 | 000,000,144 | ---- | C] () -- C:\WINDOWS\netctrl.ini
[2005/08/18 10:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
[2005/07/08 21:22:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/06/09 18:00:02 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TLTitleData.ini
[2005/06/02 18:45:04 | 000,000,083 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/05/09 10:52:44 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\DLPORTIO.SYS
[2005/05/09 10:52:43 | 000,225,405 | ---- | C] () -- C:\WINDOWS\System32\bxParallelPortXP.dll
[2005/05/09 10:52:43 | 000,002,018 | ---- | C] () -- C:\WINDOWS\System32\drivers\ppdrv.sys
[2005/04/16 14:13:13 | 000,000,106 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/04/16 14:10:28 | 000,004,512 | ---- | C] () -- C:\WINDOWS\HMEW.DLL
[2005/04/16 13:46:43 | 000,766,026 | ---- | C] () -- C:\WINDOWS\System32\ActiveTerra2.dll
[2005/04/16 13:44:51 | 000,000,130 | ---- | C] () -- C:\WINDOWS\Tasswin.INI
[2005/04/16 13:42:16 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\CETNUASM.DLL
[2005/04/15 09:40:38 | 000,105,411 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/04/14 09:29:14 | 000,004,176 | ---- | C] () -- C:\WINDOWS\System32\Hpi_icon.dll
[2005/02/24 21:23:46 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbxcnv4.dll
[2004/07/27 23:44:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SPARKEY.DLL
[2002/02/07 20:50:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/02/05 22:50:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2002/02/05 22:50:21 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/02/05 22:11:47 | 000,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2002/02/05 22:07:18 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2002/02/05 21:47:21 | 000,000,507 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2002/02/05 21:47:21 | 000,000,317 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2002/02/05 21:47:21 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2002/02/05 19:58:20 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2002/02/05 19:58:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2002/02/05 19:57:37 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/02/04 23:39:57 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/02/04 23:29:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/02/04 15:17:18 | 000,000,653 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/01/08 19:03:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MiniBrowser.dll
[2001/08/08 16:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/08 03:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/05/23 03:37:50 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 19:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
PRC - [2010/09/09 13:21:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2008/04/13 19:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\snmp.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/22 21:10:50 | 000,538,096 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\dlbxcoms.exe
PRC - [2007/01/11 13:01:16 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2002/03/18 06:00:57 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb05.exe
PRC - [2001/12/05 02:02:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\SYSTEM32\S3apphk.exe
PRC - [2001/11/29 22:49:24 | 000,032,768 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\SYSTEM32\HpSrvUI.exe


========== Modules (SafeList) ==========

MOD - [2010/09/09 13:21:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/02/26 07:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2010/02/02 09:13:54 | 000,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2001/12/05 02:03:40 | 000,040,960 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\SYSTEM32\S3appdll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2008/04/13 19:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\snmp.exe -- (SNMP)
SRV - [2007/05/22 21:10:50 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\AL_ADSFilter.sys -- (AL_ADSFilter) AL_ADSFilter - (Aluria Filter Driver)
DRV - [2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 09:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 09:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 09:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2005/03/30 14:59:22 | 000,016,556 | ---- | M] (Microchip Technology, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\icd2w2kl.sys -- (MCUSBICD2LDR) Microchip MPLAB ICD 2 Firmware Loader Driver (ICD2W2KL.SYS)
DRV - [2005/03/30 14:59:22 | 000,012,427 | ---- | M] (Microchip Technology, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\icd2w2k.sys -- (MCUSBICD2) Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS)
DRV - [2004/08/19 15:41:58 | 000,084,512 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\slabser.sys -- (slabser)
DRV - [2004/08/19 15:41:32 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\slabbus.sys -- (slabbus) CP2101 USB Composite Device driver (WDM)
DRV - [2003/03/31 15:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/01/28 07:56:00 | 000,187,648 | ---- | M] (NVIDIAŽ Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIAŽ nForce™
DRV - [2002/01/28 07:56:00 | 000,013,056 | ---- | M] (NVIDIAŽ Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\nvax.sys -- (nvax) Service for NVIDIAŽ nForce™
DRV - [2002/01/13 17:44:00 | 000,096,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\NVENET.sys -- (NVENET)
DRV - [2001/12/29 06:10:40 | 000,163,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\sisgrp.sys -- (SiS315)
DRV - [2001/12/27 22:11:10 | 000,149,244 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\trid3dm.sys -- (trid3d)
DRV - [2001/12/15 10:21:44 | 000,013,716 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys -- (pfc)
DRV - [2001/12/11 07:57:00 | 000,793,257 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/12/08 00:26:00 | 000,013,502 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/09/28 21:52:04 | 000,027,008 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP)
DRV - [2001/08/17 16:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 14:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 14:50:20 | 000,144,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\epcfw2k.sys -- (epcfw2k)
DRV - [2001/08/08 16:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 16:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 16:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 16:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 16:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 16:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 16:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 16:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 16:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 16:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/09/10 14:36:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [DLBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL ()
O4 - HKLM..\Run: [hp Silent Service] C:\WINDOWS\SYSTEM32\HpSrvUI.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\ScannerFB.EXE (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\SYSTEM32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [S3apphk] C:\WINDOWS\System32\S3apphk.exe ()
O4 - HKLM..\Run: [ScanSoft OmniPage 16-reminder] C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:1 () - http://www.bleepingcomputer.com/forums/topic34773.html
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/02/04 23:34:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/10 18:41:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/10 15:34:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/10 13:34:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/10 13:26:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/10 13:26:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/10 13:26:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/10 13:26:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/10 13:25:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/10 13:09:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/09 13:21:01 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/09 09:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/09/09 09:28:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/09 09:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/09 09:28:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/09 09:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/28 15:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/08/18 20:00:56 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/08/11 22:43:28 | 000,123,904 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpf3l70v.dll
[2010/08/11 22:43:07 | 000,452,408 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2010/08/11 22:37:39 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2010/08/11 22:37:37 | 000,372,736 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2010/08/11 22:37:27 | 000,315,392 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hposc_p02a.dll
[2010/08/11 22:31:46 | 000,712,704 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hposwia_p02d.dll
[2007/01/30 14:47:52 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxpmui.dll
[2007/01/30 14:46:00 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxserv.dll
[2007/01/30 14:38:18 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxcomm.dll
[2007/01/30 14:36:30 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxlmpm.dll
[2007/01/30 14:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxiesc.dll
[2007/01/30 14:32:06 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxpplc.dll
[2007/01/30 14:31:08 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxcomc.dll
[2007/01/30 14:30:30 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxprox.dll
[2007/01/30 14:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxinpa.dll
[2007/01/30 14:21:46 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxusb1.dll
[2007/01/30 14:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbxhbn3.dll

========== Files - Modified Within 30 Days ==========

[2010/09/10 18:46:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/10 18:46:40 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/09/10 18:45:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/10 18:45:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/10 18:45:26 | 502,845,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/10 18:44:25 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/09/10 18:44:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/09/10 15:39:24 | 000,000,399 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Shortcuts.lnk
[2010/09/10 14:37:38 | 000,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/10 14:36:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/10 13:34:38 | 000,000,318 | RHS- | M] () -- C:\BOOT.INI
[2010/09/09 13:21:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/30 18:11:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/08/28 17:07:58 | 000,852,283 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Drive_C.xml
[2010/08/28 17:07:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Drive_C.dat
[2010/08/13 13:23:41 | 000,307,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 00:11:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 00:05:15 | 000,528,256 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 00:05:15 | 000,459,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 00:05:15 | 000,079,204 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/09/10 15:39:24 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Shortcuts.lnk
[2010/09/10 13:34:36 | 000,000,201 | ---- | C] () -- C:\Boot.bak
[2010/09/10 13:34:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/10 13:26:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/10 13:26:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/10 13:26:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/10 13:26:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/10 13:26:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/30 18:11:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/08/28 17:07:57 | 000,852,283 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Drive_C.xml
[2010/08/28 17:07:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Drive_C.dat
[2009/05/29 11:01:59 | 000,000,780 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/02/09 12:59:50 | 000,040,902 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\image.raw
[2008/06/14 14:42:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2007/10/10 10:21:26 | 000,031,931 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/08/30 12:02:28 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2007/08/24 14:09:08 | 000,254,976 | ---- | C] () -- C:\WINDOWS\System32\SMSEQ.DLL
[2007/08/24 14:09:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SMOOTHS.DLL
[2007/08/24 14:09:08 | 000,014,048 | ---- | C] () -- C:\WINDOWS\System32\SMOOTH16.DLL
[2007/08/24 14:09:07 | 000,009,984 | ---- | C] () -- C:\WINDOWS\System32\BTDESIGN.DLL
[2007/07/29 17:12:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/04/02 14:10:30 | 000,000,772 | ---- | C] () -- C:\WINDOWS\libmgr.INI
[2007/02/19 07:26:42 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
[2007/02/19 07:26:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
[2007/02/19 07:26:16 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
[2007/02/19 07:23:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
[2007/02/19 07:23:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
[2007/02/19 07:23:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
[2007/02/19 07:23:08 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
[2007/02/19 07:21:58 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
[2007/02/07 17:57:16 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlbxcoin.dll
[2007/01/22 07:18:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcfg.dll
[2006/12/29 14:55:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DXFIN.DLL
[2006/12/29 14:55:52 | 000,010,720 | ---- | C] () -- C:\WINDOWS\System32\SCRLIB.DLL
[2006/07/14 10:38:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/01/14 18:24:14 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/01/12 17:04:57 | 000,379,262 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\temp.bmp
[2006/01/12 16:50:24 | 000,000,061 | R--- | C] () -- C:\WINDOWS\System32\uninstall.ini
[2006/01/12 12:23:14 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/20 22:18:00 | 000,022,528 | ---- | C] () -- C:\WINDOWS\exeshl.dll
[2005/08/20 22:18:00 | 000,000,144 | ---- | C] () -- C:\WINDOWS\netctrl.ini
[2005/08/18 10:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
[2005/07/08 21:22:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/06/09 18:00:02 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TLTitleData.ini
[2005/06/02 18:45:04 | 000,000,083 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/05/09 10:52:44 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\DLPORTIO.SYS
[2005/05/09 10:52:43 | 000,225,405 | ---- | C] () -- C:\WINDOWS\System32\bxParallelPortXP.dll
[2005/05/09 10:52:43 | 000,002,018 | ---- | C] () -- C:\WINDOWS\System32\drivers\ppdrv.sys
[2005/04/16 14:13:13 | 000,000,106 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/04/16 14:10:28 | 000,004,512 | ---- | C] () -- C:\WINDOWS\HMEW.DLL
[2005/04/16 13:46:43 | 000,766,026 | ---- | C] () -- C:\WINDOWS\System32\ActiveTerra2.dll
[2005/04/16 13:44:51 | 000,000,130 | ---- | C] () -- C:\WINDOWS\Tasswin.INI
[2005/04/16 13:42:16 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\CETNUASM.DLL
[2005/04/15 09:40:38 | 000,105,411 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/04/14 09:29:14 | 000,004,176 | ---- | C] () -- C:\WINDOWS\System32\Hpi_icon.dll
[2005/02/24 21:23:46 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbxcnv4.dll
[2004/07/27 23:44:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SPARKEY.DLL
[2002/02/07 20:50:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/02/05 22:50:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2002/02/05 22:50:21 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/02/05 22:11:47 | 000,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2002/02/05 22:07:18 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2002/02/05 21:47:21 | 000,000,507 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2002/02/05 21:47:21 | 000,000,317 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2002/02/05 21:47:21 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2002/02/05 19:58:20 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2002/02/05 19:58:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2002/02/05 19:57:37 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/02/04 23:39:57 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/02/04 23:29:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/02/04 15:17:18 | 000,000,653 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/01/08 19:03:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MiniBrowser.dll
[2001/08/08 16:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/08 03:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/05/23 03:37:50 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 19:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:25 AM

Posted 12 September 2010 - 12:39 PM

That is looking ok, let's do one more check.

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push

unite.jpg


#9 DougCKaty

DougCKaty
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 12 September 2010 - 08:29 PM

Here is my ESET scan log. Seemed to go alright. It doesn't seem to nice to have trojans in Startup\Autoplay folders.

On the whole, this computer seems to be working much better, maybe even normal. However, still have to give it a real test.

C:\hp\bin\AUTOPLAY.EXE Win32/Agent.NVP trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutoPlay.exe.vir Win32/Agent.NVP trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe.vir Win32/Agent.NVP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP1871\A0256436.exe Win32/Agent.NVP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP1872\A0256599.exe Win32/Agent.NVP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP1897\A0281256.exe Win32/Agent.NVP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP1897\A0281257.exe Win32/Agent.NVP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP1898\A0281428.EXE Win32/Agent.NVP trojan cleaned by deleting - quarantined


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:25 AM

Posted 13 September 2010 - 07:55 AM

The files found by eset are nothing to worry about, I believe they are a false positive. Your logs are looking fine to me now.

Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /uninstall in the run box and click OK. Note the space between the X and the /, it needs to be there.



Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will
prevent you from getting the malware which uses vulnerabilities found in windows to exploit your computer.
The easiest way to do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware
to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed
applications that are regularly patched to fix vulnerabilities. You can check these by visiting
Calendar of Updates or you can install Secunia PSI.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall
your computer is susceptible to being hacked and taken over. Windows firewall is good for blocking inbound
connections but it does not block outbound connections. So if Malware manages to get onto your computer it
will be able to send data out when it wants. Here are some free firewalls, you only need to install one of these.

Zone Alarm
Outpost
PC Tools

After you install the third party firewall disable your Windows firewall. Go to My Computer >> Control Panel >> Windows Firewall
and choose Off (not recommended) option. Then click Apply and Ok.

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically
mean that, what you are doing will not make a permenant changes to your system, unless you allow it too.
So you can be surfing the web inside Sandboxie then if you happen to stumble upon a bad site and get
infected, you can simply delete the Sanbox and all is gone. Having said that, it can not be considered 100%
secure as no program can be, but it can be a great help and is an excellent program. You can find a download
link and more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install
Firefox and install some addons that will make the browser even safer. You can download the latest version
of Firefox here, if you already have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:25 AM

Posted 15 September 2010 - 06:17 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users