Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google search results redirect [Closed]

Started by Worgie , Nov 20 2009 05:22 PM

  • This topic is locked This topic is locked

#1
Worgie
Posted 20 November 2009 - 05:22 PM

Worgie

    New Member

  • Member
  • Pip
  • 7 posts
Hi.

1st post so please be kind.

For the last few months my PC has been suffering from the google redirect virus, I have carried out all the recommended procedures in the Malware and Spyware Cleaning Guide but still no cure.

Logs from Rootrepeal OTL and Malware below.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/20 21:38
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB19E6000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB0965000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xf7679b30

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xf76796f0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xf7679470

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xf7679c50

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xf7679990

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xf76798d0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xf7679d60

==EOF==






OTL logfile created on: 20/11/2009 21:49:33 - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = C:\Documents and Settings\Chris Worgan\My Documents\Downloads\Software downloaded from geeks to go
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 44.86% Memory free
2.35 Gb Paging File | 1.66 Gb Available in Paging File | 70.40% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 14.79 Gb Free Space | 19.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.92 Gb Total Space | 0.23 Gb Free Space | 11.99% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: STUDY
Current User Name: Chris Worgan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/20 21:46:38 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris Worgan\My Documents\Downloads\Software downloaded from geeks to go\OTL.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/08/19 21:26:47 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/30 19:16:34 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe
PRC - [2009/07/30 19:16:34 | 00,230,640 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\cavrid.exe
PRC - [2009/07/30 19:16:34 | 00,230,640 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\cavrid.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/21 15:43:51 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2009/05/21 15:43:51 | 00,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2009/05/21 15:43:51 | 00,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2009/04/08 10:38:14 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/06 10:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/11 00:46:18 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
PRC - [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2007/09/25 01:11:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2005/10/19 07:59:12 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2005/10/19 07:59:12 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2004/10/15 18:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
PRC - [2002/10/14 20:03:18 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
PRC - [2002/10/14 20:00:41 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/20 21:46:38 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris Worgan\My Documents\Downloads\Software downloaded from geeks to go\OTL.exe
MOD - [2008/04/14 00:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 00:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll
MOD - [2004/10/15 17:32:10 | 00,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\SSSensor.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/19 21:26:42 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/07/30 19:16:34 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe -- (VETMSGNT)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/21 15:43:51 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2009/04/08 10:38:14 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/03/11 00:46:18 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe -- (CAISafe)
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/10/15 18:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)
SRV - [2003/12/04 15:21:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/10/14 20:03:18 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 22:03:40 | 00,000,000 | ---D | M]

[2008/07/20 16:01:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\Mozilla\Extensions
[2008/07/20 16:01:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Super%20Collapse%20II%20Platinum/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://magnet.2020.n...yerAX_Win32.cab (20-20 Technologies 3D Room Planner)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.truprint....rintActivia.cab (Snapfish Activia)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.my-etrust...er/pestscan.cab (PSFormX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://camserv1.beaz...sCamControl.ocx (CamImage Class)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} https://ukplay.toont...5.22/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Super%20Collapse%203/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: RaptisoftGameLoader http://www.miniclip....tgameloader.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 07:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9201186b-b709-11dc-b4d3-000f9f2a4ed7}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/07/09 16:08:06 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (71498204612395008)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/13 00:17:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris Worgan\Application Data\Malwarebytes
[2009/11/13 00:16:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/13 00:16:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/13 00:16:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/13 00:16:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/13 00:13:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/13 00:12:33 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/12 07:17:30 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/11/08 19:50:10 | 00,000,000 | ---D | C] -- C:\Program Files\Europress
[2008/08/12 19:59:26 | 00,267,056 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\utorrent.exe
[2006/06/21 14:28:06 | 02,042,185 | ---- | C] (Sony Ericsson ) -- C:\Program Files\Install these Drivers befor PC Suite.exe
[2006/06/12 15:35:36 | 43,189,034 | ---- | C] (Sony Ericsson ) -- C:\Program Files\PC_Suite.1.20.237.exe
[1 C:\Documents and Settings\Chris Worgan\My Documents\*.tmp files -> C:\Documents and Settings\Chris Worgan\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/20 20:50:02 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/11/20 19:52:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/20 15:37:02 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/20 15:33:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/20 15:33:47 | 00,002,048 | ---- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/11/20 15:33:45 | 13,401,49760 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/20 00:00:49 | 09,961,472 | ---- | M] () -- C:\Documents and Settings\Chris Worgan\ntuser.dat
[2009/11/20 00:00:49 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Chris Worgan\NTUSER.INI
[2009/11/19 02:58:23 | 00,190,464 | ---- | M] () -- C:\Documents and Settings\Chris Worgan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/12 22:52:50 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/11 23:16:40 | 00,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/10 21:33:28 | 00,621,011 | ---- | M] () -- C:\Documents and Settings\Chris Worgan\My Documents\PanthersProposal.pdf
[2009/11/10 20:07:50 | 03,181,574 | -H-- | M] () -- C:\Documents and Settings\Chris Worgan\Local Settings\Application Data\IconCache.db
[2009/11/10 16:54:43 | 00,432,128 | ---- | M] () -- C:\Documents and Settings\Chris Worgan\My Documents\ST4RS HW.pub
[2009/11/10 08:14:01 | 00,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/09 08:38:48 | 00,739,696 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2009/11/09 08:38:48 | 00,161,008 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys
[2009/11/09 08:38:48 | 00,133,520 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[2009/11/09 08:38:48 | 00,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys
[2009/11/09 08:38:48 | 00,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys
[2009/11/09 08:38:48 | 00,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys
[2009/11/09 00:23:14 | 00,001,540 | ---- | M] () -- C:\Documents and Settings\Chris Worgan\Desktop\Spider Solitaire.lnk
[2009/11/08 19:52:30 | 00,000,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Art Attack.lnk
[2009/11/08 19:52:15 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/11/08 19:52:15 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/11/08 15:47:24 | 00,164,448 | ---- | M] () -- C:\Documents and Settings\Chris Worgan\Desktop\060320115045A_budapest[1].jpg
[1 C:\Documents and Settings\Chris Worgan\My Documents\*.tmp files -> C:\Documents and Settings\Chris Worgan\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/12 07:20:47 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/10 21:33:19 | 00,621,011 | ---- | C] () -- C:\Documents and Settings\Chris Worgan\My Documents\PanthersProposal.pdf
[2009/11/10 16:52:18 | 00,432,128 | ---- | C] () -- C:\Documents and Settings\Chris Worgan\My Documents\ST4RS HW.pub
[2009/11/08 19:52:30 | 00,000,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Art Attack.lnk
[2009/11/08 15:47:43 | 00,164,448 | ---- | C] () -- C:\Documents and Settings\Chris Worgan\Desktop\060320115045A_budapest[1].jpg
[2009/08/16 16:50:27 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/06/19 08:16:17 | 00,000,058 | ---- | C] () -- C:\WINDOWS\colbook.ini
[2009/06/19 08:16:17 | 00,000,057 | ---- | C] () -- C:\WINDOWS\cardfarm.ini
[2009/06/19 08:16:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/04/24 09:40:53 | 00,037,216 | ---- | C] () -- C:\Documents and Settings\Chris Worgan\Application Data\Comma Separated Values (Windows).ADR
[2008/08/10 22:44:25 | 14,394,041 | ---- | C] () -- C:\Program Files\Jalbum-install.exe
[2008/05/17 19:54:41 | 00,000,150 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/05/17 19:54:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/12/03 13:34:42 | 00,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2007/05/31 14:26:24 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/07/11 22:33:49 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/22 08:50:36 | 00,233,021 | ---- | C] () -- C:\Program Files\IMPORTANT Read this before installation_English.pdf
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/03/17 15:54:01 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2006/03/12 22:48:39 | 03,181,574 | -H-- | C] () -- C:\Documents and Settings\Chris Worgan\Local Settings\Application Data\IconCache.db
[2006/02/21 23:57:14 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/08 20:55:54 | 00,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2006/01/07 09:39:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
[2005/08/12 21:57:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/03/30 04:13:22 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/03/23 21:14:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/03/23 21:10:05 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2005/03/22 23:58:35 | 00,000,933 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2005/03/15 23:11:49 | 00,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2004/12/28 15:55:16 | 00,000,068 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/12/28 15:53:22 | 00,000,054 | ---- | C] () -- C:\WINDOWS\swiftphrase9.ini
[2004/12/28 15:53:21 | 00,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2004/12/28 15:53:21 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[2004/12/27 18:17:03 | 00,000,538 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2004/11/20 23:28:58 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/10/15 17:31:56 | 00,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/10/06 17:18:01 | 00,002,991 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2004/10/06 17:14:09 | 00,000,392 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2004/09/01 23:36:18 | 00,083,400 | ---- | C] () -- C:\Documents and Settings\Chris Worgan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/07/25 19:04:16 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/07/20 20:49:20 | 00,190,464 | ---- | C] () -- C:\Documents and Settings\Chris Worgan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/16 22:53:51 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/07/16 21:51:08 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/16 20:36:33 | 00,000,784 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2004/07/16 20:22:15 | 00,000,062 | ---- | C] () -- C:\Documents and Settings\Chris Worgan\Application Data\DESKTOP.INI
[2004/07/09 16:42:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/09 16:31:37 | 00,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/09 16:18:34 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/09 16:18:16 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/09 16:11:34 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 15:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/10/29 10:59:21 | 00,000,010 | R--- | C] () -- C:\WINDOWS\PostmanPat.ini
[2002/10/14 20:39:18 | 00,000,184 | ---- | C] () -- C:\WINDOWS\System32\lxbbcoin.ini
[2002/09/03 07:59:58 | 00,001,063 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 07:50:58 | 00,000,243 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/09/03 07:50:46 | 00,000,062 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2002/08/29 04:00:00 | 00,029,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1999/01/22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 08:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2006/12/14 17:55:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/05/01 23:29:27 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/08/27 17:03:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2004/07/18 09:46:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2006/07/27 21:22:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/10/03 14:34:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/25 09:23:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tesco Photobook Creator
[2008/04/23 22:36:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2005/05/08 14:30:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2005/06/13 23:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/30 19:02:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/10/01 19:11:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/20 17:56:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/01 18:05:05 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}
[2008/04/24 19:30:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\GetRightToGo
[2004/08/18 19:18:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\Jasc
[2004/07/16 22:50:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\Leadertech
[2009/01/02 18:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\LG Electronics
[2004/07/20 21:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\Nikon
[2007/06/02 21:25:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\OfficeUpdate12
[2006/05/07 08:16:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\Raptisoft
[2009/04/08 15:59:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\Red Kawa
[2007/11/25 18:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\Snapfish
[2009/06/19 08:20:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\SpinTop
[2009/11/05 22:29:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\Spotify
[2006/07/27 21:32:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\Teleca
[2006/03/10 19:21:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\Template
[2008/01/02 11:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\TomTom
[2005/05/08 14:30:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\Ulead Systems
[2009/11/14 23:15:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\uTorrent
[2009/07/11 08:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Worgan\Application Data\Zylom
[2002/08/29 04:00:00 | 00,000,065 | ---- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/11/20 15:37:02 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/11/20 15:33:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/02/22 11:50:01 | 00,361,496 | ---- | M] (CA) -- C:\av08_en_us.exe
[2008/01/04 11:13:09 | 12,264,800 | ---- | M] (CA, Inc. ) -- C:\av_en_32.exe
[2006/11/18 12:57:24 | 01,496,208 | ---- | M] (Piriform Ltd) -- C:\ccsetup134.exe
[2007/06/07 22:57:37 | 03,086,467 | ---- | M] () -- C:\FileZilla_2_2_0_setup.exe
[2006/07/27 21:04:52 | 39,746,768 | ---- | M] () -- C:\PC Suite 1.20.237.exe
[2007/02/13 00:28:32 | 05,802,210 | ---- | M] () -- C:\pspmoviecreator-44744.exe
[2008/01/10 22:32:37 | 23,630,592 | ---- | M] (TomTom International B.V. | Macrovision Corporation) -- C:\TomTomHOME2winlatest.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2002/08/29 04:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL
[1 C:\I386\*.tmp files -> C:\I386\*.tmp -> ]
[2004/08/04 07:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2002/08/29 04:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[1 C:\I386\*.tmp files -> C:\I386\*.tmp -> ]
[2004/08/04 07:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2002/08/29 04:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[1 C:\I386\*.tmp files -> C:\I386\*.tmp -> ]
[2004/08/04 07:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2003/04/23 08:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys
[1 C:\I386\*.tmp files -> C:\I386\*.tmp -> ]
[2004/08/04 05:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2001/08/17 12:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS
[1 C:\I386\*.tmp files -> C:\I386\*.tmp -> ]
[2004/08/04 06:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Chris Worgan\Desktop\PPLiveSetup1.1.0.7CN.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\av08_en_us.exe:SummaryInformation
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A30FABE
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31080D0E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294E6480
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:250711E9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10C492A4
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0099434
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF5361E7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B31F16E
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EDC31B3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E0102D2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:734283C9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D9E7A43
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36DB5B4C
< End of report >



OTL Extras logfile created on: 20/11/2009 21:49:33 - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = C:\Documents and Settings\Chris Worgan\My Documents\Downloads\Software downloaded from geeks to go
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 44.86% Memory free
2.35 Gb Paging File | 1.66 Gb Available in Paging File | 70.40% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 14.79 Gb Free Space | 19.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.92 Gb Total Space | 0.23 Gb Free Space | 11.99% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: STUDY
Current User Name: Chris Worgan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6984:TCP" = 6984:TCP:*:Enabled:ppLive
"5272:UDP" = 5272:UDP:*:Enabled:ppLive
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE" = C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Abacast\Abaclient.exe" = C:\Program Files\Abacast\Abaclient.exe:*:Disabled:Abaclient -- (Abacast, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\bin\IA\Core\MDM_Util.exe" = D:\bin\IA\Core\MDM_Util.exe:*:Enabled:MDM_Util -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Documents and Settings\Jake Worgan\My Documents\New Folder\spotify.exe" = C:\Documents and Settings\Jake Worgan\My Documents\New Folder\spotify.exe:*:Disabled:Spotify -- (Spotify AB)
"C:\Program Files\GameHouse\Collapse\Collapse.exe" = C:\Program Files\GameHouse\Collapse\Collapse.exe:*:Disabled:Super Collapse! -- File not found
"C:\Documents and Settings\Sam Worgan\My Documents\My Music\spotify.exe" = C:\Documents and Settings\Sam Worgan\My Documents\My Music\spotify.exe:*:Disabled:Spotify -- (Spotify AB)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2500_series" = Canon iP2500 series
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B602410-D983-4947-98FE-EE749073D15E}" = GamingHarbor Toolbar
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{22DE01B8-1DB3-4204-A5BE-80B2A6D894A0}" = SpongeBob SquarePants - Battle for Bikini Bottom
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{252C3736-B08B-4473-9000-C8EE1AF8EDF6}" = BBC Teletubbies - Favourite Games
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35B60955-6148-4921-8AC9-181FA23F8D06}" = BBC Pingu - Barrel of Fun
"{3CF474D1-BA24-413D-A2A4-CED180ABB810}" = Su Doku Crunch
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5DF68560-292A-11D5-99D1-00010256D40E}" = DV Studio3
"{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"{64F8F956-B8CF-4D66-A200-97EA422775BA}" = BBC Tweenies - Play to the Music
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112171867}" = Magic Ball 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9869D4DD-D553-40D3-8859-F8911D406C69}" = Ulead DVD Workshop 2
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6E91710-5BF5-43C5-AB81-C3E488133346}" = Sony Ericsson Drivers
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D21635EA-7A89-4881-86A9-0C1DCBCD1317}" = Sony Ericsson PC Suite 1.20.237
"{D3EC28C5-C63B-4125-8BA2-1652552B846A}" = Who Wants To Be A Millionaire Junior
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{E57FEDB3-37BD-11D4-9532-005004039EB0}" = LEGO My World School Skills
"{EBE171CC-C465-43FE-AA82-F0B4333764DD}" = WebCam Driver for Panasonic DVC
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"7-Zip" = 7-Zip 4.60 beta
"Abacast Client" = Abacast Client
"ABC 123" = ABC 123
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer
"Art Attack" = Art Attack
"AviSynth" = AviSynth 2.5
"Bejeweled 2 Deluxe_is1" = Bejeweled 2 Deluxe
"Britannica Word Search" = Britannica Word Search
"Canon iP2500 series User Registration" = Canon iP2500 series User Registration
"cciss_av" = CA Anti-Virus
"CCleaner" = CCleaner (remove only)
"CodInstl" = Intel A/V Codecs V2.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer2.0" = Coupon Printer
"Disney's Extremely Goofy Skateboarding" = Disney's Extremely Goofy Skateboarding
"DivX Content Uploader" = DivX Content Uploader
"DVD Shrink_is1" = DVD Shrink 3.1.7
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"ERUNT_is1" = ERUNT 1.1j
"GameHouse" = GameHouse
"GamingHarbor Toolbar" = GamingHarbor Toolbar
"Green Eggs and Ham" = Green Eggs and Ham
"Greeting Card Magic" = Greeting Card Magic
"Guess Who" = Guess Who
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"InstallShield_{EBE171CC-C465-43FE-AA82-F0B4333764DD}" = WebCam Driver for Panasonic DVC
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Jalbum_0" = Jalbum 8.0
"Jalbum_1" = Jalbum 8.1
"LEGOLANDDeInstKey" = LEGOLAND
"Lexmark X74-X75" = Lexmark X74-X75
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MathsQuest" = MathsQuest
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MOTOROLA mp3 maker" = MOTOROLA mp3 maker
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"myphotobook" = myphotobook 3.6
"NB40" = NewsBin Pro 4.22
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pingu and Friends" = Pingu and Friends
"PSPMovieCreator" = PSP Movie Creator(remove only)
"Puzzle Pirates" = Puzzle Pirates
"Puzzle Word_is1" = Puzzle Word
"QuickPar" = QuickPar 0.9
"QuickTime 3.0" = QuickTime 3.0
"RollerCoaster Tycoon Setup" = RolllayN
"Scooby-Doo™, Case File #1 The Glowing Bug Man" = Scooby-Doo™, Case File #1 The Glowing Bug Man
"SereneScreen Aquarium_is1" = SereneScreen Aquarium
"Sonic 3D" = Sonic 3D
"Spotify" = Spotify
"Super Collapse 3" = Super Collapse 3
"Super Collapse 3_is1" = Super Collapse 3
"Super Collapse II Platinum" = Super Collapse II Platinum
"Super Spongebob Collapse_is1" = Super Spongebob Collapse
"Synacast Plug-in" = Synacast Plug-in 1.1.0.7
"Tesco Photobook Creator_is1" = Tesco Photobook Creator
"TomTom HOME" = TomTom HOME 2.6.2.1586
"TS2AC" = Toy Story 2 Activity Center
"TV Player" = Veetle TV Player 0.9.9
"Veetle TV Player" = Veetle TV Player 0.9.9
"VETWIN32Vp5" = CA Anti-Virus
"Videora iPod Converter" = Videora iPod Converter 4.07
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Poster Forge" = Poster Forge 1.01
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/11/2009 11:13:21 | Computer Name = STUDY | Source = Application Error | ID = 1000
Description = Faulting application art attack.exe, version 1.0.0.1, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 16/11/2009 03:58:34 | Computer Name = STUDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/11/2009 03:59:14 | Computer Name = STUDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 17/11/2009 04:31:55 | Computer Name = STUDY | Source = Application Error | ID = 1000
Description = Faulting application isafe.exe, version 8.0.9.0, faulting module isafserv.dll,
version 8.0.9.0, fault address 0x00011790.

Error - 18/11/2009 03:57:59 | Computer Name = STUDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/11/2009 03:57:59 | Computer Name = STUDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 19/11/2009 17:46:00 | Computer Name = STUDY | Source = Application Error | ID = 1000
Description = Faulting application isafe.exe, version 8.0.9.0, faulting module isafserv.dll,
version 8.0.9.0, fault address 0x00011790.

Error - 20/11/2009 11:43:52 | Computer Name = STUDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/11/2009 11:43:52 | Computer Name = STUDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/11/2009 15:21:02 | Computer Name = STUDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 16/11/2009 03:57:08 | Computer Name = STUDY | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 16/11/2009 14:53:22 | Computer Name = STUDY | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 17/11/2009 04:32:12 | Computer Name = STUDY | Source = Service Control Manager | ID = 7031
Description = The CAISafe service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 17/11/2009 13:08:14 | Computer Name = STUDY | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 18/11/2009 03:55:54 | Computer Name = STUDY | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 19/11/2009 15:40:33 | Computer Name = STUDY | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 19/11/2009 17:46:07 | Computer Name = STUDY | Source = Service Control Manager | ID = 7031
Description = The CAISafe service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 20/11/2009 12:55:20 | Computer Name = STUDY | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 20/11/2009 13:53:54 | Computer Name = STUDY | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 20/11/2009 16:38:35 | Computer Name = STUDY | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >




Malwarebytes' Anti-Malware 1.41
Database version: 3204
Windows 5.1.2600 Service Pack 3

20/11/2009 21:34:09
mbam-log-2009-11-20 (21-34-09).txt

Scan type: Quick Scan
Objects scanned: 128476
Time elapsed: 13 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)








One other point to mention, my antivirus CA keeps popping up with an infectionWin32/TDSS!PACKED which it quarantines.





Any help would be greatly appreciated. Thank you.
  • 0

Advertisements

#2
Rorschach112
Posted 20 November 2009 - 05:25 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Files to move:
C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply
  • 0

#3
Worgie
Posted 20 November 2009 - 05:46 PM

Worgie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi.

Thank you for your swift response.

No data is in my Avenger folder- it appears my CA anti virus has deleted it, below I have pasted my real time log scanner as evidence.

20/11/2009 23:31:53 File infection: C:\cleanup.exe is Win32/Crykee.A trojan. Deleted
20/11/2009 23:38:29 File infection: C:\WINDOWS\SYSTEM32\tdlcmd.dll may have unknown infection. Quarantined
20/11/2009 23:42:23 File infection: C:\Avenger\atapi.sys is Win32/Olmarik!generic trojan. Deleted


Please advise what I should do next?

Thanks.
  • 0

#4
Rorschach112
Posted 20 November 2009 - 05:48 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#5
Worgie
Posted 20 November 2009 - 07:48 PM

Worgie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi text file below.


ComboFix 09-11-20.02 - Chris Worgan 21/11/2009 0:28.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.735 [GMT 0:00]
Running from: c:\documents and settings\Chris Worgan\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jake Worgan\Application Data\alot
c:\documents and settings\Sam Worgan\Application Data\alot
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\Quarantine
c:\windows\run.log
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\pciide.sys

.
((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-20 23:31 . 2009-11-20 23:31 574 ----a-w- C:\cleanup.bat
2009-11-20 23:31 . 2009-11-20 23:31 135168 ----a-w- C:\zip.exe
2009-11-13 20:29 . 2009-11-13 20:29 -------- d-----w- c:\documents and settings\Jake Worgan\Application Data\Malwarebytes
2009-11-13 16:26 . 2009-11-13 16:26 -------- d-----w- c:\documents and settings\Sam Worgan\Application Data\Malwarebytes
2009-11-13 00:17 . 2009-11-13 00:17 -------- d-----w- c:\documents and settings\Chris Worgan\Application Data\Malwarebytes
2009-11-13 00:16 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-13 00:16 . 2009-11-13 00:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-13 00:16 . 2009-11-13 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-13 00:16 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-13 00:12 . 2009-11-13 00:12 -------- d-----w- c:\program files\ERUNT
2009-11-12 07:20 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-12 07:17 . 2009-11-12 07:17 -------- d-----w- c:\program files\Windows Defender
2009-11-08 19:50 . 2009-11-08 19:50 -------- d-----w- c:\program files\Europress
2009-10-30 21:44 . 2009-10-30 21:44 -------- d-----w- c:\program files\iPod
2009-10-30 21:43 . 2009-10-30 21:45 -------- d-----w- c:\program files\iTunes
2009-10-30 21:26 . 2009-10-30 21:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 20:05 . 2009-08-21 18:22 -------- d-----w- c:\documents and settings\Sam Worgan\Application Data\Spotify
2009-11-19 03:13 . 2004-08-08 20:32 -------- d-----w- c:\program files\nbpro
2009-11-14 23:15 . 2008-08-12 20:00 -------- d-----w- c:\documents and settings\Chris Worgan\Application Data\uTorrent
2009-11-13 00:56 . 2005-04-02 14:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-09 08:38 . 2008-04-24 19:33 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-11-09 08:38 . 2008-04-24 19:33 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-11-09 08:38 . 2008-04-24 19:33 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-11-09 08:38 . 2008-04-24 19:33 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-11-09 08:38 . 2008-04-24 19:33 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-11-09 08:38 . 2008-04-24 19:33 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-11-05 22:29 . 2009-09-08 19:31 -------- d-----w- c:\documents and settings\Chris Worgan\Application Data\Spotify
2009-11-05 00:05 . 2005-04-02 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-30 21:44 . 2008-12-26 11:30 -------- d-----w- c:\program files\Common Files\Apple
2009-10-26 23:46 . 2004-07-20 19:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-13 14:44 . 2008-01-04 17:22 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
2009-10-11 08:29 . 2009-10-11 08:29 20299296 ----a-w- c:\documents and settings\Chris Worgan\Application Data\TomTom\HOME\Profiles\dk91773z.default\Updates\v2_7_2_1825_win.exe
2009-10-03 14:34 . 2007-02-23 18:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-01 19:23 . 2008-12-26 11:37 -------- d-----w- c:\documents and settings\Chris Worgan\Application Data\Apple Computer
2009-10-01 19:11 . 2009-10-01 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-01 19:04 . 2004-07-20 19:26 -------- d-----w- c:\program files\QuickTime
2009-09-21 15:19 . 2009-08-28 19:55 16 ----a-w- c:\windows\popcinfo.dat
2009-09-12 09:06 . 2004-10-06 17:58 83400 ----a-w- c:\documents and settings\Sam Worgan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2002-08-29 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-03-29 19:48 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-02-06 17:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 19:32 . 2009-08-28 19:27 16 ----a-w- c:\windows\bfpw.dat
2009-08-28 18:42 . 2009-06-10 07:01 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-06-10 07:01 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 10:21 . 2009-09-01 18:05 3020324 -c--a-w- c:\documents and settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\Setup.exe
2009-08-28 07:47 . 2009-09-01 18:02 147456 -c--a-w- c:\documents and settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\36F1A852\3E688669\MyDll.dll
2009-08-28 07:47 . 2009-09-01 18:02 483328 -c--a-w- c:\documents and settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\EB91CE86\3E688669\stbdl.exe
2009-08-28 07:47 . 2009-09-01 18:02 90112 -c--a-w- c:\documents and settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\15D3A7BB\3E688669\stbappHelper.exe
2009-08-28 07:47 . 2009-09-01 18:02 1134592 -c--a-w- c:\documents and settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\29A73ACD\3E688669\stb0.dll
2009-08-28 07:46 . 2009-09-01 18:02 868352 -c--a-w- c:\documents and settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\B75FA91E\3E688669\stbsvc.exe
2009-08-28 07:46 . 2009-09-01 18:02 487424 -c--a-w- c:\documents and settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\BED3DEFB\3E688669\stbasst.exe
2009-08-28 07:45 . 2009-09-01 18:02 475136 -c--a-w- c:\documents and settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\mFileBagIDE.dll\bag\stbpx.exe
2009-08-28 07:45 . 2009-09-01 18:02 208896 -c--a-w- c:\documents and settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\50EF6DF6\3E688669\Riched20Smiley.dll
2009-08-28 07:45 . 2009-09-01 18:02 204800 -c--a-w- c:\documents and settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\CC8FDF08\3E688669\OEActiveXDLL.dll
2009-08-28 07:45 . 2009-09-01 18:02 98304 -c--a-w- c:\documents and settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\3FA86A06\3E688669\HookAPINT.dll
2009-08-28 07:45 . 2009-09-01 18:02 147456 -c--a-w- c:\documents and settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\C90EEF64\3E688669\AxGifAnimator.dll
2009-08-28 07:44 . 2009-09-01 18:02 176128 -c--a-w- c:\documents and settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\mFileBagIDE.dll\bag\ProductInfo.dll
2009-08-28 07:44 . 2009-09-01 18:02 176128 -c--a-w- c:\documents and settings\All Users\Application Data\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\CE8732D\3E688669\ProductInfo.dll
2009-08-27 17:02 . 2009-08-17 07:37 436644 ----a-w- c:\documents and settings\Sam Worgan\Application Data\Zylom Games\Build-a-lot 4 - Power Source Deluxe\buildalot4powersource.exe
2009-08-27 17:02 . 2009-08-17 07:37 2048000 ----a-w- c:\documents and settings\Sam Worgan\Application Data\Zylom Games\Build-a-lot 4 - Power Source Deluxe\buildalot4powersource.dll
2009-08-26 08:00 . 2002-08-29 04:00 247326 ------w- c:\windows\system32\strmdll.dll
2008-08-23 18:14 . 2008-08-12 19:59 267056 ----a-w- c:\program files\utorrent.exe
2008-08-10 22:44 . 2008-08-10 22:44 14394041 ----a-w- c:\program files\Jalbum-install.exe
2006-06-22 08:50 . 2006-06-22 08:50 233021 ----a-w- c:\program files\IMPORTANT Read this before installation_English.pdf
2006-06-21 14:28 . 2006-06-21 14:28 2042185 ----a-w- c:\program files\Install these Drivers befor PC Suite.exe
2006-06-12 15:35 . 2006-06-12 15:35 43189034 ----a-w- c:\program files\PC_Suite.1.20.237.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAVRID"="c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2009-07-30 230640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-05-21 181488]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"LexBceS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Abacast\\Abaclient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Jake Worgan\\My Documents\\New Folder\\spotify.exe"=
"c:\\Documents and Settings\\Sam Worgan\\My Documents\\My Music\\spotify.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6984:TCP"= 6984:TCP:ppLive
"5272:UDP"= 5272:UDP:ppLive

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 10:38 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\SYSTEM32\DRIVERS\w300mgmt.sys [25/12/2007 10:55 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\SYSTEM32\DRIVERS\w300obex.sys [25/12/2007 10:51 85696]
.
Contents of the 'Scheduled Tasks' folder

2009-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-11-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\windows\system32\VetRedir.dll
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/haphazard/raptisoftgameloader.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Sonic 3D - c:\sega\Sonic3D\directx\setup



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 00:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3672)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sygate\SPF\smc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
c:\windows\System32\locator.exe
c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
.
**************************************************************************
.
Completion time: 2009-11-21 01:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-21 01:00

Pre-Run: 16,000,761,856 bytes free
Post-Run: 13,474,435,072 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 6BC1CE2551B06F5F5FA41FDC223B4BE9
  • 0

#6
Rorschach112
Posted 21 November 2009 - 05:33 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services

:Reg

:Files
C:\cleanup.bat
C:\zip.exe

:Commands
[purity]
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#7
Worgie
Posted 21 November 2009 - 06:45 AM

Worgie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi.

I am posting on this forum from another PC, my previous posts were fom my other PC which will now not boot up, I get a message about windows will not start due to a virus and the a blue screen with a load of writing. I have tried to logon on a DOS screen using Windows Recovery Screen but I am prompted for which windows installation would i like to log onto, at this stage I do not know what to enter so I can't be my PC to load windows. This is obviously very worrying, any assistance with getting me logged onto to Windows would be greatly appreciated.

Many thanks.
  • 0

#8
Rorschach112
Posted 21 November 2009 - 06:46 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
any idea when that happened ?

Start the machine, keep pressing f8, select last known good configuration

that get you in ?
  • 0

#9
Worgie
Posted 21 November 2009 - 06:56 AM

Worgie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi.

Switched PC off last night and it happened when I switched on this morning.

I get a message of "which windows instalation would you like to log onto"

at this stage i do not know what to type in
  • 0

#10
Rorschach112
Posted 21 November 2009 - 07:01 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
did you try the above step ?
  • 0

#11
Worgie
Posted 21 November 2009 - 07:46 AM

Worgie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Yes. I tried to log on using f8 selecting last good known configuration but I am propmted to enter into a DOS prompt "which windows instalation would you like to log onto" at this stage I do not know what to type
  • 0

#12
Rorschach112
Posted 21 November 2009 - 10:53 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
not sure why that is

head over to the windows xp forum, explain your problem, they should be able to fix you up
  • 0

#13
Rorschach112
Posted 29 November 2009 - 09:31 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP