Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Removing antimalware doctor [Closed]

Started by HugoLLoris , Apr 30 2010 12:54 AM

  • This topic is locked This topic is locked

#1
HugoLLoris
Posted 30 April 2010 - 12:54 AM

HugoLLoris

    Member

  • Member
  • PipPip
  • 14 posts
Hi there

I have tried removing antimalware doctor with malwarebytes but it didnīt work in safe mode. It has got rid of most of the bad stuff and my computer is pretty functional, but the program still re-appears on each new start-up.
I followed the steps you put in a different post and have the GMER log and the OTS log.
So attached is the GMER log and below is the OTS log.
Thanks in advance for your help.
OTS logfile created on: 29/04/2010 15:08:19 - Run 1
OTS by OldTimer - Version 3.1.30.0 Folder = C:\Documents and Settings\Nathan Dobson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 284.00 Mb Available Physical Memory | 57.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.27 Gb Total Space | 5.33 Gb Free Space | 20.29% Space Free | Partition Type: FAT32
Drive D: | 26.66 Gb Total Space | 26.66 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive E: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.74% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-AC84C68AD2
Current User Name: Nathan Dobson
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Nathan Dobson\Desktop\OTS.exe -> [2010/04/29 15:03:38 | 000,639,488 | ---- | M] (OldTimer Tools)
clpsls.exe -> C:\Program Files\Comodo\COMODO livePCsupport\CLPSLS.exe -> [2010/02/12 19:23:32 | 000,148,744 | ---- | M] (COMODO)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/04/14 09:54:06 | 000,307,704 | ---- | M] (Mozilla Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Nathan Dobson\Desktop\OTS.exe -> [2010/04/29 15:03:38 | 000,639,488 | ---- | M] (OldTimer Tools)
guard32.dll -> C:\WINDOWS\system32\guard32.dll -> [2010/04/13 07:12:06 | 000,277,240 | ---- | M] (COMODO)

[Win32 Services - Safe List]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Stopped] -> -> File not found
(cmdAgent) COMODO Internet Security Helper Service [Auto | Stopped] -> C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -> [2010/04/13 07:11:28 | 001,769,216 | ---- | M] ()
(RapportMgmtService) Rapport Management Service [Auto | Stopped] -> C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -> [2010/03/15 13:47:22 | 000,779,496 | ---- | M] (Trusteer Ltd.)
(CLPSLS) COMODO livePCsupport Service [Auto | Running] -> C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -> [2010/02/12 19:23:32 | 000,148,744 | ---- | M] (COMODO)
(anbmService) Notebook Manager Service [Auto | Stopped] -> C:\Acer\eManager\anbmServ.exe -> [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.)

[Driver Services - Safe List]
(cmdGuard) COMODO Internet Security Sandbox Driver [File_System | System | Stopped] -> C:\WINDOWS\system32\drivers\cmdGuard.sys -> [2010/04/13 07:12:04 | 000,225,344 | ---- | M] (COMODO)
(Inspect) COMODO Internet Security Firewall Driver [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\inspect.sys -> [2010/04/13 07:12:04 | 000,086,800 | ---- | M] (COMODO)
(cmdHlp) COMODO Internet Security Helper Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\cmdhlp.sys -> [2010/04/13 07:12:04 | 000,025,240 | ---- | M] (COMODO)
(cmderd) COMODO Internet Security Eradication Driver [File_System | System | Running] -> C:\WINDOWS\system32\drivers\cmderd.sys -> [2010/04/13 07:12:04 | 000,015,464 | ---- | M] (COMODO)
(RapportPG) RapportPG [Kernel | System | Stopped] -> C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -> [2010/03/15 13:47:30 | 000,116,328 | ---- | M] (Trusteer Ltd.)
(RapportKELL) RapportKELL [Kernel | System | Stopped] -> C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -> [2010/03/15 13:47:30 | 000,058,984 | ---- | M] (Trusteer Ltd.)
(tap0901) TAP-Win32 Adapter V9 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\tap0901.sys -> [2009/10/14 19:08:32 | 000,032,000 | ---- | M] (The OpenVPN Project)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Stopped] -> C:\WINDOWS\system32\drivers\mfehidk.sys -> [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mfeavfk.sys -> [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mfesmfk.sys -> [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mfebopk.sys -> [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mferkdk.sys -> [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.)
(NSCIRDA) NSC Infrared Device Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nscirda.sys -> [2008/04/13 19:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation)
(usbsermpt) Motorola USB Modem Driver for MPT [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbsermpt.sys -> [2006/06/25 22:59:12 | 000,022,768 | ---- | M] (Microsoft Corporation)
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\NTIDrvr.sys -> [2005/03/30 12:23:44 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.)
(EpmShd) Acer EPM System Hardware Driver [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\epm-shd.sys -> [2005/03/24 16:54:08 | 000,078,208 | ---- | M] (Acer Value Labs, USA)
(osaio) osaio [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\osaio.sys -> [2005/03/04 16:37:26 | 000,008,704 | ---- | M] (Avocent/OSA Technologies Inc.)
(tifm21) tifm21 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\tifm21.sys -> [2005/02/10 09:52:36 | 000,157,056 | ---- | M] (Texas Instruments)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HSF_DPV.sys -> [2005/01/24 23:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.)
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HSFHWICH.sys -> [2005/01/24 23:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2005/01/24 23:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.)
(osanbm) osanbm [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\osanbm.sys -> [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider)
(int15.sys) int15.sys [Kernel | On_Demand | Stopped] -> C:\Program Files\acer\eRecovery\int15.sys -> [2005/01/13 14:46:16 | 000,069,632 | ---- | M] ()
(AR5211) Atheros Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ar5211.sys -> [2005/01/10 00:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.)
(UBHelper) UBHelper [Kernel | System | Stopped] -> C:\WINDOWS\system32\drivers\UBHelper.sys -> [2004/12/17 17:14:44 | 000,013,952 | ---- | M] ()
(DKbFltr) Dritek HotKey Keyboard Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\DKbFltr.SYS -> [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.)
(w29n51) Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\w29n51.sys -> [2004/10/29 18:48:10 | 003,222,784 | ---- | M] (IntelŪ Corporation)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SynTP.sys -> [2004/10/07 23:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.)
(EpmPsd) Acer EPM Power Scheme Driver [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\epm-psd.sys -> [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA)
(CAMCHALA) CAMCHALA [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\camchal.sys -> [2004/06/24 23:31:00 | 000,276,480 | ---- | M] (Conexant Systems Inc.)
(CAMCAUD) Conexant AMC Audio [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\camcaud.sys -> [2004/06/24 23:29:00 | 000,034,048 | ---- | M] (Conexant Systems Inc.)
(pfc) Padus ASPI Shell [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\pfc.sys -> [2003/12/05 03:46:36 | 000,010,368 | ---- | M] (Padus, Inc.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2003/09/25 19:41:12 | 000,044,032 | ---- | M] (Broadcom Corporation)
(b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\b57xp32.sys -> [2003/05/21 19:47:12 | 000,175,360 | ---- | M] (Broadcom Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.pucuy.com/ ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\] > -> ->
HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\: Main\\"Start Page" -> http://www.pucuy.com/ ->
HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\: SearchURL\\"provider" -> gogl ->
HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Nathan Dobson\Application Data\Mozilla\FireFox\Profiles\yxd7hm9f.default\prefs.js ->
browser.search.update -> false ->
browser.startup.homepage -> "http://www.bbc.co.uk/" ->
extensions.enabledItems -> [email protected]:11.0.0.0 ->
network.proxy.no_proxies_on -> "*.local" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES\HOTBAR\BIN\11.0.120.0\FIREFOX\EXTENSIONS ->
HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2008/07/04 22:38:14 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2008/07/04 22:38:14 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Nathan Dobson\Application Data\Mozilla\Extensions -> [2008/07/04 22:38:36 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Nathan Dobson\Application Data\Mozilla\Firefox\Profiles\yxd7hm9f.default\extensions -> [2008/07/04 22:38:36 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2008/07/04 22:38:14 | 000,000,000 | ---D | M]
< HOSTS File > ([2004/08/04 05:00:00 | 000,000,734 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2009/02/27 12:07:32 | 000,061,816 | ---- | M] (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2009/08/04 15:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> [2006/12/15 03:23:24 | 000,440,056 | ---- | M] (Sun Microsystems, Inc.)
{C7B76B90-3455-4AE6-A752-EAC4D19689E5} [HKLM] -> C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll [EoBHO Class] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\] > -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AVFX Engine" -> C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe [C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe] -> File not found
"COMODO Internet Security" -> C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ["C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h] -> [2010/04/13 07:11:40 | 002,029,456 | ---- | M] (COMODO)
"EoEngine" -> C:\Program Files\EoRezo\EoEngine.exe ["C:\Program Files\EoRezo\EoEngine.exe"] -> File not found
"eRecoveryService" -> C:\WINDOWS\system32\Check.exe [C:\Windows\System32\Check.exe] -> [2005/03/23 10:01:12 | 000,245,760 | ---- | M] (acer Inc.)
"HotbarSA" -> C:\Program Files\Hotbar\bin\11.0.120.0\HotbarSA.exe ["C:\Program Files\Hotbar\bin\11.0.120.0\HotbarSA.exe"] -> File not found
"IMJPMIG8.1" -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2004/08/04 05:00:00 | 000,208,952 | ---- | M] (Microsoft Corporation)
"KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found
"LaunchApp" -> C:\WINDOWS\Alaunch.exe [Alaunch] -> [2004/11/02 19:07:30 | 000,499,712 | ---- | M] (Acer Inc.)
"LManager" -> C:\Program Files\Launch Manager\QtZgAcer.EXE [C:\Program Files\Launch Manager\QtZgAcer.EXE] -> [2005/03/28 12:20:00 | 000,319,488 | ---- | M] (Dritek System Inc.)
"MSPY2002" -> C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] -> [2004/08/04 05:00:00 | 000,059,392 | ---- | M] ()
"PHIME2002A" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2004/08/04 05:00:00 | 000,455,168 | ---- | M] (Microsoft Corporation)
"PHIME2002ASync" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> [2004/08/04 05:00:00 | 000,455,168 | ---- | M] (Microsoft Corporation)
"SoftwareHelper" -> C:\Documents and Settings\Nathan Dobson\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [C:\Documents and Settings\Nathan Dobson\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe] -> File not found
"SunJavaUpdateSched" -> C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe ["C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"] -> [2006/12/15 03:23:28 | 000,075,520 | ---- | M] (Sun Microsystems, Inc.)
"SynTPLpr" -> C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> [2004/10/07 23:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.)
"TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2007/12/03 13:58:24 | 000,185,632 | ---- | M] (RealNetworks, Inc.)
"WinampAgent" -> C:\Program Files\Winamp\winampa.exe ["C:\Program Files\Winamp\winampa.exe"] -> File not found
< Run [HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\] > -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Livestation" -> C:\Program Files\Livestation\AppStart.exe [C:\Program Files\Livestation\AppStart.exe -nosplash -systemstartup] -> File not found
"newupdate1142C.exe" -> C:\Documents and Settings\Nathan Dobson\Application Data\B842FDCA20727E3105CCE153642E103D\newupdate1142C.exe [C:\Documents and Settings\Nathan Dobson\Application Data\B842FDCA20727E3105CCE153642E103D\newupdate1142C.exe] -> [2010/04/28 21:37:20 | 000,730,624 | ---- | M] ()
"WeatherDPA" -> C:\Program Files\Hotbar\bin\11.0.120.0\Weather.exe ["C:\Program Files\Hotbar\bin\11.0.120.0\Weather.exe" -auto] -> File not found
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE -> [1999/02/17 21:05:56 | 000,065,588 | ---- | M] (Microsoft Corporation)
< Nathan Dobson Startup Folder > -> C:\Documents and Settings\Nathan Dobson\Start Menu\Programs\Startup ->
C:\Documents and Settings\Nathan Dobson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 000,038,912 | ---- | M] ()
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005] > -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll [Menu: Sun Java Console] -> [2006/12/15 03:23:26 | 000,075,528 | ---- | M] (Sun Microsystems, Inc.)
{5067A26B-1337-4436-8AFE-EE169C2DA79F}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Menu: Skype add-on for Internet Explorer] -> [2009/08/04 15:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2009/08/04 15:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll [Sun Java Console] -> [2006/12/15 03:23:26 | 000,075,528 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{5067A26B-1337-4436-8AFE-EE169C2DA79F}" [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on for Internet Explorer] -> [2009/08/04 15:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2009/08/04 15:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll [Sun Java Console] -> [2006/12/15 03:23:26 | 000,075,528 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{5067A26B-1337-4436-8AFE-EE169C2DA79F}" [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on for Internet Explorer] -> [2009/08/04 15:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2009/08/04 15:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\] > -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll [Sun Java Console] -> [2006/12/15 03:23:26 | 000,075,528 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{5067A26B-1337-4436-8AFE-EE169C2DA79F}" [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on for Internet Explorer] -> [2009/08/04 15:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2009/08/04 15:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\"{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{C2A80015-C447-4dc4-82DD-AED83D6ED57E}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\] > -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\] > -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macr...director/sw.cab [Shockwave ActiveX Control] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail....es/MSNPUpld.cab [MSN Photo Upload Tool] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...ows-i586-jc.cab [Java Plug-in 1.5.0_11] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.ma...r/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.5.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.5.0_11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macr...ash/swflash.cab [Shockwave Flash Object] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0C825A4F-AB77-4E78-A192-3C4FC4E0AF71}\\NameServer -> 156.154.70.22,156.154.71.22 (Intel® PRO/Wireless 2200BG Network Connection) ->
{5056137B-4372-47F5-BCAB-B3A8681EDD2F}\\DhcpNameServer -> 192.168.1.1 (Broadcom NetXtreme Gigabit Ethernet) ->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\WINDOWS\system32\guard32.dll -> C:\WINDOWS\system32\guard32.dll -> [2010/04/13 07:12:06 | 000,277,240 | ---- | M] (COMODO)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005] > -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2005/02/08 10:32:16 | 000,348,160 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\PROGRAM FILES\LIVESTATION\1.0.77.3\LIVESTATION.EXE" -> C:\Program Files\Livestation\1.0.77.3\Livestation.exe [C:\Program Files\Livestation\1.0.77.3\Livestation.exe] -> File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Documents and Settings\Nathan Dobson\My Documents\My Games\fm.exe" -> C:\Documents and Settings\Nathan Dobson\My Documents\My Games\fm.exe [C:\Documents and Settings\Nathan Dobson\My Documents\My Games\fm.exe:*:Disabled:Football Manager 2008] -> File not found
"C:\Program Files\DealBook 360\DealBook 360.exe" -> C:\Program Files\DealBook 360\DealBook 360.exe [C:\Program Files\DealBook 360\DealBook 360.exe:*:Enabled:DealBook 360] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2006/06/14 16:48:00 | 014,276,608 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\Kontiki\KService.exe" -> C:\Program Files\Kontiki\KService.exe [C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service] -> File not found
"C:\PROGRAM FILES\LIVESTATION\1.0.77.3\LIVESTATION.EXE" -> C:\Program Files\Livestation\1.0.77.3\Livestation.exe [C:\Program Files\Livestation\1.0.77.3\Livestation.exe] -> File not found
"C:\Program Files\Messenger\MSMSGS.EXE" -> C:\Program Files\Messenger\MSMSGS.EXE [C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger] -> File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2009/04/14 09:54:06 | 000,307,704 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" -> C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe [C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008] -> File not found
"C:\Program Files\Spotify\spotify.exe" -> C:\Program Files\Spotify\spotify.exe [C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify] -> [2010/03/25 15:06:28 | 002,902,864 | ---- | M] (Spotify AB)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" -> C:\Program Files\TVUPlayer\TVUPlayer.exe [C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component] -> File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found
"C:\WINDOWS\System32\ppshell.exe" -> C:\WINDOWS\System32\ppshell.exe [C:\WINDOWS\System32\ppshell.exe:*:Enabled:ppshell] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\AUTOEXEC.BAT [ FAT32 ] -> [2005/03/30 12:23:20 | 000,000,050 | ---- | M] ()
E:\autorun.inf [[AutoRun] | open=p3vwxx.exe | shell\open\Command=p3vwxx.exe | ] -> E:\autorun.inf [ FAT ] -> [2010/03/03 19:28:52 | 000,000,059 | RHS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\SOFTWARE\Classes\<extension>\ ->
.exe [@ = exefile] -> Reg Error: Key error. -> File not found

[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/14 01:12:42 | 000,199,680 | ---- | M] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010/01/29 16:43:40 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/14 01:10:50 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/04 05:00:00 | 000,008,192 | ---- | M] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/14 01:12:08 | 000,053,760 | ---- | M] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008/04/14 01:11:54 | 000,080,384 | ---- | M] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 05:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 05:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/14 01:12:42 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/14 01:11:56 | 000,755,200 | ---- | M] (Intel Corporation)
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2008/03/28 23:37:44 | 000,779,568 | ---- | M] (Apple Inc.)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2008/03/28 23:37:44 | 000,779,568 | ---- | M] (Apple Inc.)
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [DivXBrowserPlugin Object] -> [2009/11/14 01:47:26 | 002,471,224 | ---- | M] (DivX,Inc.)
{69725738-CD68-4f36-8D02-8C43722EE5DA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{A3E67DAA-DA01-4da5-98BE-3088B554A11E} [HKLM] -> C:\Program Files\Hotbar\bin\11.0.120.0\HotbarSAAX.dll [Hotbar UserProfiles Class] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [Behavior Object] -> [2008/03/28 23:37:44 | 000,779,568 | ---- | M] (Apple Inc.)
{D95C7240-0282-4c01-93F5-673BCA03DA86} [HKLM] -> C:\Program Files\Hotbar\bin\11.0.120.0\HotbarSAAX.dll [Hotbar Info Class] -> File not found
{DFEAF541-F3E1-4c24-ACAC-99C30715084A} [HKLM] -> C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll [Microsoft Silverlight] -> [2010/01/06 00:33:56 | 000,876,872 | ---- | M] ( Microsoft Corporation)
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> C:\WINDOWS\system32\proctexe.ocx [Additive Surface] -> [2008/04/14 01:10:36 | 000,081,920 | ---- | M] (Intel Corporation)
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2008/03/28 23:37:44 | 000,779,568 | ---- | M] (Apple Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2009/02/27 12:07:32 | 000,061,816 | ---- | M] (Adobe Systems Incorporated)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{17DDDB41-B9AD-0832-0A4E-2B16CE3DFDFE} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{1EB0FE44-B210-47FE-BADE-04D617312B39} [HKLM] -> C:\Program Files\Veetle\plugins\Veetle.ocx [Veetle TV Core] -> [2010/03/18 01:35:48 | 000,886,808 | ---- | M] (Veetle Inc)
{22BF413B-C6D2-4D91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2009/08/04 15:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Macromed\Director\SwDir.dll [Shockwave ActiveX Control] -> [2006/09/03 23:10:30 | 000,054,960 | ---- | M] (Adobe Systems, Inc.)
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} [HKLM] -> C:\Program Files\TVUPlayer\npTVUAx.dll [CTVUAxCtrl Object] -> File not found
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2008/03/28 23:37:44 | 000,779,568 | ---- | M] (Apple Inc.)
{474F00F5-3853-492C-AC3A-476512BBC336} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll [MSN Photo Upload Tool] -> [2006/06/20 15:44:04 | 000,379,704 | ---- | M] ()
{5067A26B-1337-4436-8AFE-EE169C2DA79F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{6F68E97B-8687-4683-B996-002DEB768270} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> [2006/12/15 03:23:24 | 000,440,056 | ---- | M] (Sun Microsystems, Inc.)
{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2009/08/04 15:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8A4227BF-0CC2-4EEF-B076-DAFFF941EEA5} [HKLM] -> C:\Program Files\Veetle\Player\axvlc.dll [Veetle TV Player 0.9.17] -> [2010/03/23 01:40:08 | 000,208,408 | ---- | M] ()
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{A57462DE-ED2A-4B41-B55B-A0463AAE3E66} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{B91B0A7A-B6E9-476d-8560-4ACA2E3C01B1} [HKLM] -> C:\Program Files\Veetle\VLCBroadcast\axvbp.dll [Veetle Broadcaster Plugin 0.9.17] -> [2010/03/23 01:40:08 | 000,747,032 | ---- | M] ()
{C7B76B90-3455-4AE6-A752-EAC4D19689E5} [HKLM] -> C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll [EoBHO Class] -> File not found
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2009/02/27 12:07:48 | 000,660,840 | ---- | M] (Adobe Systems, Inc.)
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [HKLM] -> C:\WINDOWS\system32\rmoc3260.dll [RealPlayer G2 Control] -> [2007/12/03 13:59:02 | 000,185,688 | ---- | M] (RealNetworks, Inc.)
{D2517915-48CE-4286-970F-921E881B8C5C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx [Shockwave Flash Object] -> [2009/02/03 03:07:18 | 003,866,528 | R--- | M] (Adobe Systems, Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2004/03/08 14:07:14 | 000,049,152 | ---- | M] ()
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} [HKLM] -> C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll [Microsoft Silverlight] -> [2010/01/06 00:33:56 | 000,876,872 | ---- | M] ( Microsoft Corporation)
{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E9FAB13D-4600-49E1-90D1-EE961C859D39} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FCD61199-E187-4ADD-88E5-9AF238486D11} [HKLM] -> C:\WINDOWS\System32\forcetv.dll [ForceP2PPlayer Object] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} [HKEY_LOCAL_MACHINE] -> C:\Program Files\Hotbar\bin\11.0.120.0\HostIE.dll [Hotbar Information Window] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\] > -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} [HKEY_LOCAL_MACHINE] -> C:\Program Files\Hotbar\bin\11.0.120.0\HostIE.dll [Hotbar Information Window] -> File not found
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
Ias -> C:\WINDOWS\system32\ias -> [2005/03/30 11:40:26 | 000,000,000 | ---D | M]
Iprip -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
Wmi -> C:\WINDOWS\system32\wmi.dll -> [2008/04/14 01:11:16 | 000,005,632 | ---- | M] (Microsoft Corporation)
WmdmPmSp -> -> File not found
SSHNAS -> -> File not found
*MultiFile Done* -> ->
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
CLPSLS -> C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -> [2010/02/12 19:23:32 | 000,148,744 | ---- | M] (COMODO)
File system -> Driver Group
Filter -> Driver Group
mcmscsvc -> Service
MCODS -> Service
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
CLPSLS -> C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -> [2010/02/12 19:23:32 | 000,148,744 | ---- | M] (COMODO)
File system -> Driver Group
Filter -> Driver Group
mcmscsvc -> Service
MCODS -> Service
MpfService -> Service
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver

[Files/Folders - Created Within 90 Days]
OTS.exe -> C:\Documents and Settings\Nathan Dobson\Desktop\OTS.exe -> [2010/04/29 15:03:36 | 000,639,488 | ---- | C] (OldTimer Tools)
ERDNT -> C:\WINDOWS\ERDNT -> [2010/04/29 15:02:57 | 000,000,000 | ---D | C]
ERUNT -> C:\Program Files\ERUNT -> [2010/04/29 15:01:56 | 000,000,000 | ---D | C]
Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2010/04/29 00:50:41 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\Nathan Dobson\Application Data\Malwarebytes -> [2010/04/29 00:15:38 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/04/29 00:14:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/04/29 00:14:39 | 000,000,000 | ---D | C]
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/04/29 00:14:37 | 000,020,824 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/04/29 00:14:34 | 000,000,000 | ---D | C]
mapp.bat -> C:\Documents and Settings\Nathan Dobson\Desktop\mapp.bat -> [2010/04/28 23:56:22 | 005,918,776 | ---- | C] (Malwarebytes Corporation )
Intel -> C:\Program Files\Intel -> [2010/04/28 22:02:55 | 000,000,000 | ---D | C]
B842FDCA20727E3105CCE153642E103D -> C:\Documents and Settings\Nathan Dobson\Application Data\B842FDCA20727E3105CCE153642E103D -> [2010/04/28 21:37:16 | 000,000,000 | ---D | C]
Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2010/04/22 09:43:02 | 000,000,000 | ---D | C]
VritualRoot -> C:\VritualRoot -> [2010/04/13 20:14:11 | 000,000,000 | -H-D | C]
Veetle -> C:\Program Files\Veetle -> [2010/03/31 22:00:29 | 000,000,000 | ---D | C]
vlc -> C:\Documents and Settings\Nathan Dobson\Application Data\vlc -> [2010/03/21 22:16:48 | 000,000,000 | ---D | C]
TVU Networks -> C:\Documents and Settings\Nathan Dobson\Local Settings\Application Data\TVU Networks -> [2010/03/21 21:48:25 | 000,000,000 | ---D | C]
TVU Networks -> C:\Documents and Settings\All Users\Application Data\TVU Networks -> [2010/03/21 21:48:25 | 000,000,000 | ---D | C]
Trusteer -> C:\Documents and Settings\NetworkService\Application Data\Trusteer -> [2010/03/21 11:36:57 | 000,000,000 | ---D | C]
Trusteer -> C:\Documents and Settings\Nathan Dobson\Application Data\Trusteer -> [2010/03/11 13:02:18 | 000,000,000 | ---D | C]
Trusteer -> C:\Program Files\Trusteer -> [2010/03/11 13:01:39 | 000,000,000 | ---D | C]
Trusteer -> C:\Documents and Settings\All Users\Application Data\Trusteer -> [2010/03/11 12:59:14 | 000,000,000 | ---D | C]
RapportSetup.exe -> C:\Documents and Settings\Nathan Dobson\Desktop\RapportSetup.exe -> [2010/03/11 12:58:53 | 000,152,808 | ---- | C] (Trusteer Ltd.)
moviemk.exe -> C:\WINDOWS\System32\dllcache\moviemk.exe -> [2010/03/10 13:14:02 | 003,558,912 | ---- | C] (Microsoft Corporation)
browseui.dll -> C:\WINDOWS\System32\dllcache\browseui.dll -> [2010/03/10 06:33:38 | 001,025,024 | ---- | C] (Microsoft Corporation)
Sandbox -> C:\Sandbox -> [2010/03/08 09:54:24 | 000,000,000 | -H-D | C]
COMODO -> C:\Documents and Settings\All Users\Application Data\COMODO -> [2010/03/08 09:52:55 | 000,000,000 | ---D | C]
Comodo -> C:\Documents and Settings\Nathan Dobson\Application Data\Comodo -> [2010/03/08 09:29:19 | 000,000,000 | ---D | C]
tap0901.sys -> C:\WINDOWS\System32\drivers\tap0901.sys -> [2010/03/08 09:29:01 | 000,032,000 | ---- | C] (The OpenVPN Project)
Comodo -> C:\Program Files\Comodo -> [2010/03/08 09:29:00 | 000,000,000 | ---D | C]
Comodo Downloader -> C:\Documents and Settings\All Users\Application Data\Comodo Downloader -> [2010/03/08 09:23:25 | 000,000,000 | ---D | C]
browserchoice.exe -> C:\WINDOWS\System32\browserchoice.exe -> [2010/03/05 17:01:22 | 000,293,376 | ---- | C] (Microsoft Corporation)
Real -> C:\Documents and Settings\All Users\Application Data\Real -> [2010/03/04 16:42:24 | 000,000,000 | ---D | C]
Socialeconomy -> C:\Documents and Settings\Nathan Dobson\My Documents\Socialeconomy -> [2010/03/03 18:32:15 | 000,000,000 | ---D | C]
iepeers.dll -> C:\WINDOWS\System32\dllcache\iepeers.dll -> [2010/02/26 07:43:54 | 000,251,904 | ---- | C] (Microsoft Corporation)
6to4svc.dll -> C:\WINDOWS\System32\dllcache\6to4svc.dll -> [2010/02/12 06:33:11 | 000,100,864 | ---- | C] (Microsoft Corporation)
perlou -> C:\Documents and Settings\Nathan Dobson\Desktop\perlou -> [2010/02/02 15:28:15 | 000,000,000 | ---D | C]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
4 C:\Documents and Settings\Nathan Dobson\My Documents\*.tmp files -> C:\Documents and Settings\Nathan Dobson\My Documents\*.tmp ->
1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\Documents and Settings\Nathan Dobson\*.tmp files -> C:\Documents and Settings\Nathan Dobson\*.tmp ->

[Files/Folders - Modified Within 90 Days]
OTS.exe -> C:\Documents and Settings\Nathan Dobson\Desktop\OTS.exe -> [2010/04/29 15:03:38 | 000,639,488 | ---- | M] (OldTimer Tools)
ERUNT AutoBackup.lnk -> C:\Documents and Settings\Nathan Dobson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2010/04/29 15:02:00 | 000,000,675 | ---- | M] ()
NTREGOPT.lnk -> C:\Documents and Settings\Nathan Dobson\Desktop\NTREGOPT.lnk -> [2010/04/29 15:01:58 | 000,000,519 | ---- | M] ()
ERUNT.lnk -> C:\Documents and Settings\Nathan Dobson\Desktop\ERUNT.lnk -> [2010/04/29 15:01:58 | 000,000,500 | ---- | M] ()
The_Comedian.exe -> C:\Documents and Settings\Nathan Dobson\Desktop\The_Comedian.exe -> [2010/04/29 15:01:08 | 000,794,112 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/04/29 14:59:24 | 000,001,158 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/04/29 14:58:40 | 000,002,048 | --S- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/04/29 14:57:20 | 000,000,006 | -H-- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Nathan Dobson\NTUSER.DAT -> [2010/04/29 14:57:16 | 006,291,456 | -H-- | M] ()
ntuser.ini -> C:\Documents and Settings\Nathan Dobson\ntuser.ini -> [2010/04/29 14:57:16 | 000,000,178 | -HS- | M] ()
lsrslt.ini -> C:\WINDOWS\lsrslt.ini -> [2010/04/29 14:57:08 | 000,001,566 | ---- | M] ()
IconCache.db -> C:\Documents and Settings\Nathan Dobson\Local Settings\Application Data\IconCache.db -> [2010/04/29 14:57:04 | 003,240,486 | -H-- | M] ()
eRLog.ini -> C:\WINDOWS\System32\eRLog.ini -> [2010/04/29 14:46:00 | 000,000,706 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/04/29 12:59:26 | 000,000,643 | ---- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/04/29 12:45:02 | 000,000,284 | ---- | M] ()
RIiYj0K8 -> C:\Documents and Settings\Nathan Dobson\Local Settings\Application Data\RIiYj0K8 -> [2010/04/29 11:39:46 | 000,006,774 | -HS- | M] ()
RIiYj0K8 -> C:\Documents and Settings\All Users\Application Data\RIiYj0K8 -> [2010/04/29 11:39:46 | 000,006,774 | -HS- | M] ()
mapp.bat -> C:\Documents and Settings\Nathan Dobson\Desktop\mapp.bat -> [2010/04/28 23:52:28 | 005,918,776 | ---- | M] (Malwarebytes Corporation )
Yvyroa.exe -> C:\WINDOWS\Yvyroa.exe -> [2010/04/28 21:37:20 | 000,161,280 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Nathan Dobson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/04/28 19:20:48 | 000,066,560 | ---- | M] ()
Old websites (Socecon France).doc -> C:\Documents and Settings\Nathan Dobson\My Documents\Old websites (Socecon France).doc -> [2010/04/25 11:07:20 | 000,079,360 | ---- | M] ()
Old websites.doc -> C:\Documents and Settings\Nathan Dobson\My Documents\Old websites.doc -> [2010/04/24 15:07:14 | 000,039,936 | ---- | M] ()
080925_mschandbook.pdf -> C:\Documents and Settings\Nathan Dobson\Desktop\080925_mschandbook.pdf -> [2010/04/20 14:13:10 | 001,207,785 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/04/15 08:53:38 | 000,001,374 | ---- | M] ()
for french blog.doc -> C:\Documents and Settings\Nathan Dobson\My Documents\for french blog.doc -> [2010/04/13 11:44:46 | 000,025,600 | ---- | M] ()
Notepad (2).lnk -> C:\Documents and Settings\Nathan Dobson\Desktop\Notepad (2).lnk -> [2010/04/08 11:57:56 | 000,001,415 | ---- | M] ()
Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2010/04/05 10:36:42 | 000,002,265 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation)
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/03/28 12:58:36 | 000,182,632 | ---- | M] ()
playlog.xml -> C:\WINDOWS\System32\playlog.xml -> [2010/03/21 22:31:38 | 000,000,324 | ---- | M] ()
vlc-1.0.5-win32.exe -> C:\Documents and Settings\Nathan Dobson\Desktop\vlc-1.0.5-win32.exe -> [2010/03/21 22:07:02 | 018,499,623 | ---- | M] ()
RapportSetup.exe -> C:\Documents and Settings\Nathan Dobson\Desktop\RapportSetup.exe -> [2010/03/11 12:58:52 | 000,152,808 | ---- | M] (Trusteer Ltd.)
shdocvw.dll -> C:\WINDOWS\System32\dllcache\shdocvw.dll -> [2010/03/10 06:33:42 | 001,509,888 | ---- | M] (Microsoft Corporation)
browseui.dll -> C:\WINDOWS\System32\dllcache\browseui.dll -> [2010/03/10 06:33:38 | 001,025,024 | ---- | M] (Microsoft Corporation)
vbscript.dll -> C:\WINDOWS\System32\vbscript.dll -> [2010/03/09 13:09:18 | 000,430,080 | ---- | M] (Microsoft Corporation)
vbscript.dll -> C:\WINDOWS\System32\dllcache\vbscript.dll -> [2010/03/09 13:09:18 | 000,430,080 | ---- | M] (Microsoft Corporation)
sfi.dat -> C:\WINDOWS\System32\drivers\sfi.dat -> [2010/03/08 09:52:46 | 000,000,272 | ---- | M] ()
COMODO Internet Security.lnk -> C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk -> [2010/03/08 09:34:30 | 000,001,653 | ---- | M] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2010/03/06 10:52:08 | 000,000,118 | ---- | M] ()
PPPOE.lnk -> C:\Documents and Settings\All Users\Desktop\PPPOE.lnk -> [2010/03/05 16:29:12 | 000,000,534 | ---- | M] ()
wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2010/02/26 07:43:58 | 000,667,136 | ---- | M] (Microsoft Corporation)
urlmon.dll -> C:\WINDOWS\System32\dllcache\urlmon.dll -> [2010/02/26 07:43:58 | 000,627,712 | ---- | M] (Microsoft Corporation)
mshtml.dll -> C:\WINDOWS\System32\dllcache\mshtml.dll -> [2010/02/26 07:43:56 | 003,073,024 | ---- | M] (Microsoft Corporation)
tdc.ocx -> C:\WINDOWS\System32\dllcache\tdc.ocx -> [2010/02/26 07:43:56 | 000,061,952 | ---- | M] (Microsoft Corporation)
iepeers.dll -> C:\WINDOWS\System32\iepeers.dll -> [2010/02/26 07:43:54 | 000,251,904 | ---- | M] (Microsoft Corporation)
iepeers.dll -> C:\WINDOWS\System32\dllcache\iepeers.dll -> [2010/02/26 07:43:54 | 000,251,904 | ---- | M] (Microsoft Corporation)
ieencode.dll -> C:\WINDOWS\System32\ieencode.dll -> [2010/02/26 07:43:54 | 000,081,920 | ---- | M] (Microsoft Corporation)
ieencode.dll -> C:\WINDOWS\System32\dllcache\ieencode.dll -> [2010/02/26 07:43:54 | 000,081,920 | ---- | M] (Microsoft Corporation)
html.iec -> C:\WINDOWS\System32\html.iec -> [2010/02/25 13:17:24 | 000,369,664 | ---- | M] (Microsoft Corporation)
mrxsmb.sys -> C:\WINDOWS\System32\dllcache\mrxsmb.sys -> [2010/02/24 15:11:08 | 000,455,680 | ---- | M] (Microsoft Corporation)
ntoskrnl.exe -> C:\WINDOWS\System32\ntoskrnl.exe -> [2010/02/17 09:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation)
ntoskrnl.exe -> C:\WINDOWS\System32\dllcache\ntoskrnl.exe -> [2010/02/17 09:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation)
ntkrnlmp.exe -> C:\WINDOWS\System32\dllcache\ntkrnlmp.exe -> [2010/02/16 16:08:50 | 002,146,304 | ---- | M] (Microsoft Corporation)
ntkrnlpa.exe -> C:\WINDOWS\System32\ntkrnlpa.exe -> [2010/02/16 15:25:04 | 002,066,816 | ---- | M] (Microsoft Corporation)
ntkrnlpa.exe -> C:\WINDOWS\System32\dllcache\ntkrnlpa.exe -> [2010/02/16 15:25:04 | 002,066,816 | ---- | M] (Microsoft Corporation)
ntkrpamp.exe -> C:\WINDOWS\System32\dllcache\ntkrpamp.exe -> [2010/02/16 15:25:04 | 002,024,448 | ---- | M] (Microsoft Corporation)
browserchoice.exe -> C:\WINDOWS\System32\browserchoice.exe -> [2010/02/12 11:03:04 | 000,293,376 | ---- | M] (Microsoft Corporation)
6to4svc.dll -> C:\WINDOWS\System32\dllcache\6to4svc.dll -> [2010/02/12 06:33:12 | 000,100,864 | ---- | M] (Microsoft Corporation)
tcpip6.sys -> C:\WINDOWS\System32\drivers\tcpip6.sys -> [2010/02/11 14:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation)
tcpip6.sys -> C:\WINDOWS\System32\dllcache\tcpip6.sys -> [2010/02/11 14:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation)
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
4 C:\Documents and Settings\Nathan Dobson\My Documents\*.tmp files -> C:\Documents and Settings\Nathan Dobson\My Documents\*.tmp ->
19 C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\*.tmp ->
19 C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\*.tmp ->
100 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
100 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
100 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\Documents and Settings\Nathan Dobson\*.tmp files -> C:\Documents and Settings\Nathan Dobson\*.tmp ->

[Files - No Company Name]
ERUNT AutoBackup.lnk -> C:\Documents and Settings\Nathan Dobson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2010/04/29 15:01:59 | 000,000,675 | ---- | C] ()
NTREGOPT.lnk -> C:\Documents and Settings\Nathan Dobson\Desktop\NTREGOPT.lnk -> [2010/04/29 15:01:57 | 000,000,519 | ---- | C] ()
ERUNT.lnk -> C:\Documents and Settings\Nathan Dobson\Desktop\ERUNT.lnk -> [2010/04/29 15:01:57 | 000,000,500 | ---- | C] ()
The_Comedian.exe -> C:\Documents and Settings\Nathan Dobson\Desktop\The_Comedian.exe -> [2010/04/29 15:01:05 | 000,794,112 | ---- | C] ()
lsrslt.ini -> C:\WINDOWS\lsrslt.ini -> [2010/04/29 12:49:10 | 000,001,566 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/04/29 00:15:02 | 000,000,643 | ---- | C] ()
verfile.tic -> C:\WINDOWS\System32\drivers\verfile.tic -> [2010/04/28 22:02:57 | 000,000,013 | ---- | C] ()
RIiYj0K8 -> C:\Documents and Settings\Nathan Dobson\Local Settings\Application Data\RIiYj0K8 -> [2010/04/28 21:38:44 | 000,006,774 | -HS- | C] ()
RIiYj0K8 -> C:\Documents and Settings\All Users\Application Data\RIiYj0K8 -> [2010/04/28 21:38:44 | 000,006,774 | -HS- | C] ()
Yvyroa.exe -> C:\WINDOWS\Yvyroa.exe -> [2010/04/28 21:37:43 | 000,161,280 | ---- | C] ()
Old websites (Socecon France).doc -> C:\Documents and Settings\Nathan Dobson\My Documents\Old websites (Socecon France).doc -> [2010/04/25 11:07:18 | 000,079,360 | ---- | C] ()
080925_mschandbook.pdf -> C:\Documents and Settings\Nathan Dobson\Desktop\080925_mschandbook.pdf -> [2010/04/20 14:13:10 | 001,207,785 | ---- | C] ()
for french blog.doc -> C:\Documents and Settings\Nathan Dobson\My Documents\for french blog.doc -> [2010/04/13 11:44:43 | 000,025,600 | ---- | C] ()
playlog.xml -> C:\WINDOWS\System32\playlog.xml -> [2010/03/21 22:24:18 | 000,000,324 | ---- | C] ()
vlc-1.0.5-win32.exe -> C:\Documents and Settings\Nathan Dobson\Desktop\vlc-1.0.5-win32.exe -> [2010/03/21 22:06:09 | 018,499,623 | ---- | C] ()
Old websites.doc -> C:\Documents and Settings\Nathan Dobson\My Documents\Old websites.doc -> [2010/03/21 10:41:12 | 000,039,936 | ---- | C] ()
sfi.dat -> C:\WINDOWS\System32\drivers\sfi.dat -> [2010/03/08 09:52:44 | 000,000,272 | ---- | C] ()
COMODO Internet Security.lnk -> C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk -> [2010/03/08 09:34:28 | 000,001,653 | ---- | C] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2010/03/06 10:52:07 | 000,000,118 | ---- | C] ()
PPPOE.lnk -> C:\Documents and Settings\All Users\Desktop\PPPOE.lnk -> [2010/03/05 16:29:11 | 000,000,534 | ---- | C] ()
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2007/12/03 14:02:25 | 000,000,099 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/09/19 09:40:22 | 000,000,376 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
eRLog.ini -> C:\WINDOWS\System32\eRLog.ini -> [2006/05/09 11:55:52 | 000,000,706 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
fpprintmon.dll -> C:\WINDOWS\System32\fpprintmon.dll -> [2005/06/11 11:47:00 | 000,045,056 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2005/03/30 13:05:21 | 000,000,061 | ---- | C] ()
Acer.ini -> C:\WINDOWS\Acer.ini -> [2005/03/30 12:59:27 | 000,000,033 | ---- | C] ()
uninstall.ini -> C:\WINDOWS\uninstall.ini -> [2005/03/30 12:59:26 | 000,000,313 | ---- | C] ()
NTIBUN4.dll -> C:\WINDOWS\System32\NTIBUN4.dll -> [2005/03/30 12:23:43 | 000,001,024 | RH-- | C] ()
NTIMPEG2.dll -> C:\WINDOWS\System32\NTIMPEG2.dll -> [2005/03/30 12:22:49 | 000,001,024 | RH-- | C] ()
NTIMP3.dll -> C:\WINDOWS\System32\NTIMP3.dll -> [2005/03/30 12:22:49 | 000,001,024 | RH-- | C] ()
NTIFCD3.dll -> C:\WINDOWS\System32\NTIFCD3.dll -> [2005/03/30 12:22:49 | 000,001,024 | RH-- | C] ()
NTICDMK7.dll -> C:\WINDOWS\System32\NTICDMK7.dll -> [2005/03/30 12:22:49 | 000,001,024 | RH-- | C] ()
oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2005/03/30 11:59:38 | 000,037,776 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2005/03/30 11:51:12 | 000,001,793 | ---- | C] ()
UBHelper.sys -> C:\WINDOWS\System32\drivers\UBHelper.sys -> [2004/12/17 17:14:44 | 000,013,952 | ---- | C] ()
tifmicon.dll -> C:\WINDOWS\System32\tifmicon.dll -> [2004/01/13 03:46:34 | 000,172,032 | ---- | C] ()
libeay32.dll -> C:\WINDOWS\System32\libeay32.dll -> [2003/11/20 15:28:00 | 000,651,264 | ---- | C] ()
ssleay32.dll -> C:\WINDOWS\System32\ssleay32.dll -> [2003/11/20 15:28:00 | 000,147,456 | ---- | C] ()
multiplex_vcd.dll -> C:\WINDOWS\System32\multiplex_vcd.dll -> [2001/12/26 16:12:30 | 000,065,536 | R--- | C] ()
Hmpg12.dll -> C:\WINDOWS\System32\Hmpg12.dll -> [2001/09/03 23:46:38 | 000,110,592 | R--- | C] ()
HMPV2_ENC.dll -> C:\WINDOWS\System32\HMPV2_ENC.dll -> [2001/07/30 16:33:56 | 000,118,784 | R--- | C] ()
HMPV2_ENC_MMX.dll -> C:\WINDOWS\System32\HMPV2_ENC_MMX.dll -> [2001/07/23 22:04:36 | 000,118,784 | R--- | C] ()
MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 19:46:58 | 000,065,536 | ---- | C] ()
ANTIV.INI -> C:\WINDOWS\ANTIV.INI -> [1980/01/01 00:00:00 | 000,002,790 | ---- | C] ()
ALaunch.ini -> C:\WINDOWS\ALaunch.ini -> [1980/01/01 00:00:00 | 000,000,089 | ---- | C] ()

[File - Lop Check]
Trusteer -> C:\Documents and Settings\Default User\Application Data\Trusteer -> [2010/03/20 20:02:48 | 000,000,000 | ---D | M]
Prism -> C:\Documents and Settings\All Users\Application Data\Prism -> [2006/07/10 22:37:12 | 000,000,000 | ---D | M]
NtiDvdCopy -> C:\Documents and Settings\All Users\Application Data\NtiDvdCopy -> [2006/07/19 21:10:28 | 000,000,000 | ---D | M]
Kontiki -> C:\Documents and Settings\All Users\Application Data\Kontiki -> [2008/03/22 13:04:44 | 000,000,000 | ---D | M]
Trusteer -> C:\Documents and Settings\All Users\Application Data\Trusteer -> [2010/03/11 12:59:16 | 000,000,000 | ---D | M]
Trusteer -> C:\Documents and Settings\NetworkService\Application Data\Trusteer -> [2010/03/21 11:36:58 | 000,000,000 | ---D | M]
My Games -> C:\Documents and Settings\Nathan Dobson\Application Data\My Games -> [2007/06/08 19:05:34 | 000,000,000 | ---D | M]
Sports Interactive -> C:\Documents and Settings\Nathan Dobson\Application Data\Sports Interactive -> [2007/11/06 23:14:12 | 000,000,000 | ---D | M]
MSNInstaller -> C:\Documents and Settings\Nathan Dobson\Application Data\MSNInstaller -> [2008/06/23 12:24:20 | 000,000,000 | ---D | M]
TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1 -> C:\Documents and Settings\Nathan Dobson\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1 -> [2009/03/06 10:56:18 | 000,000,000 | ---D | M]
EoRezo -> C:\Documents and Settings\Nathan Dobson\Application Data\EoRezo -> [2009/03/12 17:32:42 | 000,000,000 | ---D | M]
Spotify -> C:\Documents and Settings\Nathan Dobson\Application Data\Spotify -> [2009/10/29 17:21:10 | 000,000,000 | ---D | M]
Trusteer -> C:\Documents and Settings\Nathan Dobson\Application Data\Trusteer -> [2010/03/11 13:02:20 | 000,000,000 | ---D | M]
B842FDCA20727E3105CCE153642E103D -> C:\Documents and Settings\Nathan Dobson\Application Data\B842FDCA20727E3105CCE153642E103D -> [2010/04/28 21:37:18 | 000,000,000 | ---D | M]
Trusteer -> C:\Documents and Settings\Administrator\Application Data\Trusteer -> [2010/03/20 20:02:48 | 000,000,000 | ---D | M]

[File - Purity Scan]

< End of report >
  • 0

Advertisements

#2
SweetTech
Posted 30 April 2010 - 12:23 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
I see you have a thread open at BleepingComputer. (reference link: http://www.bleepingc...pic313696.html) You need to decide which forum you'd like to receive help on and ask that the other thread be closed, whether it be this thread or the thread at BC.

Thanks,
ST.

Edited by SweetTech, 01 May 2010 - 03:56 PM.

  • 0

#3
HugoLLoris
Posted 03 May 2010 - 03:10 AM

HugoLLoris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello ST

Thanks for getting back to me. I had a look on their website and couldnīt work out how to ask for the thread to be deleted. Do you know how to do it?
  • 0

#4
SweetTech
Posted 03 May 2010 - 12:15 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

I will request that your thread be closed over at BC. I'll be back with instructions shortly.

ST.
  • 0

#5
SweetTech
Posted 03 May 2010 - 02:50 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Stopped] -> 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.pucuy.com/
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\] > -> 
YN -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\: Main\\"Start Page" -> http://www.pucuy.com/
YN -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\: SearchURL\\"provider" -> gogl
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\] > -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k]
< Run [HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\] > -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "newupdate1142C.exe" -> C:\Documents and Settings\Nathan Dobson\Application Data\B842FDCA20727E3105CCE153642E103D\newupdate1142C.exe [C:\Documents and Settings\Nathan Dobson\Application Data\B842FDCA20727E3105CCE153642E103D\newupdate1142C.exe]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YY -> {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger]
YY -> {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YY -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YY -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\] > -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{C2A80015-C447-4dc4-82DD-AED83D6ED57E}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5}" [HKLM] -> [Reg Error: Key error.]
YY -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger]
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
YN -> "" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found.
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> "MaxScriptStatements" -> Reg Error: Invalid data type.
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\SOFTWARE\Classes\<extension>\
YN -> .exe [@ = exefile] -> Reg Error: Key error.
[Registry - Additional Scans - Safe List]
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
YN -> {69725738-CD68-4f36-8D02-8C43722EE5DA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.]
YN -> {17DDDB41-B9AD-0832-0A4E-2B16CE3DFDFE} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {474F00F5-3853-492C-AC3A-476512BBC336} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {5067A26B-1337-4436-8AFE-EE169C2DA79F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {6F68E97B-8687-4683-B996-002DEB768270} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {A57462DE-ED2A-4B41-B55B-A0463AAE3E66} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {D2517915-48CE-4286-970F-921E881B8C5C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {E9FAB13D-4600-49E1-90D1-EE961C859D39} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Created Within 90 Days]
NY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 4 C:\Documents and Settings\Nathan Dobson\My Documents\*.tmp files -> C:\Documents and Settings\Nathan Dobson\My Documents\*.tmp
NY -> 1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 1 C:\Documents and Settings\Nathan Dobson\*.tmp files -> C:\Documents and Settings\Nathan Dobson\*.tmp
[Files/Folders - Modified Within 90 Days]
NY -> The_Comedian.exe -> C:\Documents and Settings\Nathan Dobson\Desktop\The_Comedian.exe
NY -> RIiYj0K8 -> C:\Documents and Settings\Nathan Dobson\Local Settings\Application Data\RIiYj0K8
NY -> RIiYj0K8 -> C:\Documents and Settings\All Users\Application Data\RIiYj0K8
NY -> mapp.bat -> C:\Documents and Settings\Nathan Dobson\Desktop\mapp.bat
NY -> Yvyroa.exe -> C:\WINDOWS\Yvyroa.exe
NY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 4 C:\Documents and Settings\Nathan Dobson\My Documents\*.tmp files -> C:\Documents and Settings\Nathan Dobson\My Documents\*.tmp
NY -> 19 C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\*.tmp
NY -> 19 C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\*.tmp
NY -> 100 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY -> 100 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY -> 100 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY -> 1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 1 C:\Documents and Settings\Nathan Dobson\*.tmp files -> C:\Documents and Settings\Nathan Dobson\*.tmp
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.



NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the OTS fix.
3. The log that was produced after running the ComboFix scan.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
  • 0

#6
HugoLLoris
Posted 04 May 2010 - 03:50 AM

HugoLLoris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi again


1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
Thanks for your help. Everything went as you said. The logs are pasted below and attached.

4. An update on how your computer is currently running.
I ran the fixes in safe mode and it all went ok. When I booted in normal mode it was very slow. There are no pop-up ads for the antimalware doctor but the task manager was working at 100 per cent almost all the time and it kept getting stuck doing small tasks. I had to go back into safe mode to send this reply. I had a look at what processes the taskmanager was trying to execute when I wasn't doing anything. Among the things trying to do stuff was "dumprep.exe", "Qt2gAcer.exe", "SVCHost.exe", "CMDAgent.exe", and "CSASS.exe". Also I saw that a thing called "Trusteer rapport" was trying to do stuff. This is some kind of antivirus thing that might not have been turned off during the scans (oops). Let me know if I need to uninstall that and then re-run the scans.

2. The log that was produced after running the OTS fix:
All Processes Killed
[Win32 Services - Safe List]
Service Automatic LiveUpdate Scheduler stopped successfully!
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Main not found.
Registry key HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Main not found.
Registry key HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SearchURL not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\newupdate1142C.exe deleted successfully.
C:\Documents and Settings\Nathan Dobson\Application Data\B842FDCA20727E3105CCE153642E103D\newupdate1142C.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec\ not found.
File C:\Program Files\Messenger\msmsgs.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec\ not found.
File C:\Program Files\Messenger\msmsgs.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
File C:\Program Files\Messenger\msmsgs.exe not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
File C:\Program Files\Messenger\msmsgs.exe not found.
Registry value HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry value HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{C2A80015-C447-4dc4-82DD-AED83D6ED57E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2A80015-C447-4dc4-82DD-AED83D6ED57E}\ not found.
Registry value HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5}\ not found.
Registry value HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
File C:\Program Files\Messenger\msmsgs.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ created successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\NameServer updated successfully.
Registry key HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005_classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-4040331678-2490374350-1798654716-1005_classes\exefile\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\shell\open\exefile\\'' updated successfully.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69725738-CD68-4f36-8D02-8C43722EE5DA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{17DDDB41-B9AD-0832-0A4E-2B16CE3DFDFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17DDDB41-B9AD-0832-0A4E-2B16CE3DFDFE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{474F00F5-3853-492C-AC3A-476512BBC336}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{474F00F5-3853-492C-AC3A-476512BBC336}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5067A26B-1337-4436-8AFE-EE169C2DA79F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5067A26B-1337-4436-8AFE-EE169C2DA79F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F68E97B-8687-4683-B996-002DEB768270}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F68E97B-8687-4683-B996-002DEB768270}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A57462DE-ED2A-4B41-B55B-A0463AAE3E66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A57462DE-ED2A-4B41-B55B-A0463AAE3E66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2517915-48CE-4286-970F-921E881B8C5C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2517915-48CE-4286-970F-921E881B8C5C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2E2DD38-D088-4134-82B7-F2BA38496583}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9FAB13D-4600-49E1-90D1-EE961C859D39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9FAB13D-4600-49E1-90D1-EE961C859D39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11D2-BB9E-00C04F795683}\ not found.
[Files/Folders - Created Within 90 Days]
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET70.tmp deleted successfully.
C:\WINDOWS\System32\SET74.tmp deleted successfully.
C:\WINDOWS\System32\SET7C.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\My Documents\~WRL0852.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\My Documents\~WRL3434.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\My Documents\~WRL2042.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\My Documents\~WRL4071.tmp deleted successfully.
C:\WINDOWS\System32\drivers\OLD51.tmp deleted successfully.
C:\WINDOWS\002796_.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\ntuser.tmp deleted successfully.
[Files/Folders - Modified Within 90 Days]
C:\Documents and Settings\Nathan Dobson\Desktop\The_Comedian.exe moved successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Application Data\RIiYj0K8 moved successfully.
C:\Documents and Settings\All Users\Application Data\RIiYj0K8 moved successfully.
C:\Documents and Settings\Nathan Dobson\Desktop\mapp.bat moved successfully.
C:\WINDOWS\Yvyroa.exe moved successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\forcetv2.tmp folder deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\cis2.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\cis3.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\~WRF0699.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\~WRS0961.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\~WRC0998.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\cis4.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\cisF.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\cis5.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\cis6.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\cis8.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\~WRS1580.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\~WRF1674.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\cis9.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\cisA.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\cis7.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\~DF3F98.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\1.tmp folder deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\mwaceornsx.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\reawsmnxco.tmp deleted successfully.
C:\Documents and Settings\Nathan Dobson\Local Settings\Temp\cisB.tmp deleted successfully.
C:\WINDOWS\Temp\wyrbpf7d.TMP deleted successfully.
C:\WINDOWS\Temp\ztoidpub.TMP deleted successfully.
C:\WINDOWS\Temp\ver5.tmp deleted successfully.
C:\WINDOWS\Temp\5ti6w0zm.TMP deleted successfully.
C:\WINDOWS\Temp\rx2s97xk.TMP deleted successfully.
C:\WINDOWS\Temp\ver8.tmp deleted successfully.
C:\WINDOWS\Temp\eku4qbgu.TMP deleted successfully.
C:\WINDOWS\Temp\0rg7rthv.TMP deleted successfully.
C:\WINDOWS\Temp\CB2F.tmp deleted successfully.
C:\WINDOWS\Temp\CB30.tmp deleted successfully.
C:\WINDOWS\Temp\CB31.tmp deleted successfully.
C:\WINDOWS\Temp\CB32.tmp deleted successfully.
C:\WINDOWS\Temp\Cab1F7.tmp deleted successfully.
C:\WINDOWS\Temp\CB33.tmp deleted successfully.
C:\WINDOWS\Temp\CB34.tmp deleted successfully.
C:\WINDOWS\Temp\CB35.tmp deleted successfully.
C:\WINDOWS\Temp\CB36.tmp deleted successfully.
C:\WINDOWS\Temp\CB37.tmp deleted successfully.
C:\WINDOWS\Temp\CB38.tmp deleted successfully.
C:\WINDOWS\Temp\CB39.tmp deleted successfully.
C:\WINDOWS\Temp\CB3A.tmp deleted successfully.
C:\WINDOWS\Temp\CB3B.tmp deleted successfully.
C:\WINDOWS\Temp\CB3C.tmp deleted successfully.
C:\WINDOWS\Temp\CB3D.tmp deleted successfully.
C:\WINDOWS\Temp\CB3E.tmp deleted successfully.
C:\WINDOWS\Temp\CB171.tmp deleted successfully.
C:\WINDOWS\Temp\CB172.tmp deleted successfully.
C:\WINDOWS\Temp\CB173.tmp deleted successfully.
C:\WINDOWS\Temp\CB174.tmp deleted successfully.
C:\WINDOWS\Temp\CB175.tmp deleted successfully.
C:\WINDOWS\Temp\CB176.tmp deleted successfully.
C:\WINDOWS\Temp\CB177.tmp deleted successfully.
C:\WINDOWS\Temp\CB178.tmp deleted successfully.
C:\WINDOWS\Temp\CB179.tmp deleted successfully.
C:\WINDOWS\Temp\CB17A.tmp deleted successfully.
C:\WINDOWS\Temp\CB17B.tmp deleted successfully.
C:\WINDOWS\Temp\CB17C.tmp deleted successfully.
C:\WINDOWS\Temp\CB17D.tmp deleted successfully.
C:\WINDOWS\Temp\CB17E.tmp deleted successfully.
C:\WINDOWS\Temp\CB1E.tmp deleted successfully.
C:\WINDOWS\Temp\CB1F.tmp deleted successfully.
C:\WINDOWS\Temp\CB20.tmp deleted successfully.
C:\WINDOWS\Temp\CB21.tmp deleted successfully.
C:\WINDOWS\Temp\CB22.tmp deleted successfully.
C:\WINDOWS\Temp\CB23.tmp deleted successfully.
C:\WINDOWS\Temp\CB24.tmp deleted successfully.
C:\WINDOWS\Temp\CB25.tmp deleted successfully.
C:\WINDOWS\Temp\CB26.tmp deleted successfully.
C:\WINDOWS\Temp\CB27.tmp deleted successfully.
C:\WINDOWS\Temp\CB28.tmp deleted successfully.
C:\WINDOWS\Temp\gbyr.tmp folder deleted successfully.
C:\WINDOWS\Temp\fpyl.tmp folder deleted successfully.
C:\WINDOWS\Temp\mdmd.tmp folder deleted successfully.
C:\WINDOWS\Temp\qduy.tmp folder deleted successfully.
C:\WINDOWS\Temp\uiqo.tmp folder deleted successfully.
C:\WINDOWS\Temp\pbvs.tmp folder deleted successfully.
C:\WINDOWS\Temp\pdqi.tmp folder deleted successfully.
C:\WINDOWS\Temp\conh.tmp folder deleted successfully.
C:\WINDOWS\Temp\ecye.tmp folder deleted successfully.
C:\WINDOWS\Temp\dwan.tmp folder deleted successfully.
C:\WINDOWS\Temp\mwwl.tmp folder deleted successfully.
C:\WINDOWS\Temp\rynp.tmp folder deleted successfully.
C:\WINDOWS\Temp\irgc.tmp folder deleted successfully.
C:\WINDOWS\Temp\qqjx.tmp folder deleted successfully.
C:\WINDOWS\Temp\hrob.tmp folder deleted successfully.
C:\WINDOWS\Temp\xxiy.tmp folder deleted successfully.
C:\WINDOWS\Temp\fliv.tmp folder deleted successfully.
C:\WINDOWS\Temp\fspw.tmp folder deleted successfully.
C:\WINDOWS\Temp\odmu.tmp folder deleted successfully.
C:\WINDOWS\Temp\iepv.tmp folder deleted successfully.
C:\WINDOWS\Temp\dkga.tmp folder deleted successfully.
C:\WINDOWS\Temp\ucgd.tmp folder deleted successfully.
C:\WINDOWS\Temp\unyh.tmp folder deleted successfully.
C:\WINDOWS\Temp\mknt.tmp folder deleted successfully.
C:\WINDOWS\Temp\mjqe.tmp folder deleted successfully.
C:\WINDOWS\Temp\akig.tmp folder deleted successfully.
C:\WINDOWS\Temp\culj.tmp folder deleted successfully.
C:\WINDOWS\Temp\ivpn.tmp folder deleted successfully.
C:\WINDOWS\Temp\samc.tmp folder deleted successfully.
C:\WINDOWS\Temp\xxqh.tmp folder deleted successfully.
C:\WINDOWS\Temp\wmvo.tmp folder deleted successfully.
C:\WINDOWS\Temp\nnee.tmp folder deleted successfully.
C:\WINDOWS\Temp\caeq.tmp folder deleted successfully.
C:\WINDOWS\Temp\omkp.tmp folder deleted successfully.
C:\WINDOWS\Temp\dwqe.tmp folder deleted successfully.
C:\WINDOWS\Temp\siri.tmp folder deleted successfully.
C:\WINDOWS\Temp\ntse.tmp folder deleted successfully.
C:\WINDOWS\Temp\bcet.tmp folder deleted successfully.
C:\WINDOWS\Temp\jpxc.tmp folder deleted successfully.
C:\WINDOWS\Temp\mbcv.tmp folder deleted successfully.
C:\WINDOWS\Temp\eyhp.tmp folder deleted successfully.
C:\WINDOWS\Temp\xncy.tmp folder deleted successfully.
C:\WINDOWS\Temp\sqwm.tmp folder deleted successfully.
C:\WINDOWS\Temp\iqsb.tmp folder deleted successfully.
C:\WINDOWS\Temp\kpfw.tmp folder deleted successfully.
C:\WINDOWS\Temp\xxor.tmp folder deleted successfully.
C:\WINDOWS\Temp\lpfm.tmp folder deleted successfully.
C:\WINDOWS\Temp\vtap.tmp folder deleted successfully.
C:\WINDOWS\Temp\ecbq.tmp folder deleted successfully.
C:\WINDOWS\Temp\prpf.tmp folder deleted successfully.
C:\WINDOWS\Temp\iuxt.tmp folder deleted successfully.
C:\WINDOWS\Temp\kibc.tmp folder deleted successfully.
C:\WINDOWS\Temp\cbqt.tmp folder deleted successfully.
C:\WINDOWS\Temp\erxt.tmp folder deleted successfully.
C:\WINDOWS\Temp\qjpy.tmp folder deleted successfully.
C:\WINDOWS\Temp\vnid.tmp folder deleted successfully.
C:\WINDOWS\Temp\odrx.tmp folder deleted successfully.
C:\WINDOWS\Temp\iyui.tmp folder deleted successfully.
C:\WINDOWS\Temp\vsdq.tmp folder deleted successfully.
C:\WINDOWS\Temp\xmns.tmp folder deleted successfully.
C:\WINDOWS\Temp\ppqr.tmp folder deleted successfully.
C:\WINDOWS\Temp\dptf.tmp folder deleted successfully.
C:\WINDOWS\Temp\qpxj.tmp folder deleted successfully.
[Empty Temp Folders]


User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41044 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2366763 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 34570 bytes

User: Nathan Dobson
->Temp folder emptied: 85786811 bytes
->Temporary Internet Files folder emptied: 822853305 bytes
->Java cache emptied: 6484832 bytes
->FireFox cache emptied: 66789034 bytes
->Flash cache emptied: 162832 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41044 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69650399 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23910854 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35213 bytes
RecycleBin emptied: 336617559 bytes

Total Files Cleaned = 1,349.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.30.0 fix logfile created on 05042010_101702

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...






3. THE LOG THAT WAS PRODUCED AFTER RUNNING THE COMBOFIX SCAN:



ComboFix 10-05-03.05 - Nathan Dobson 04/05/2010 10:32:15.1.1 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.377 [GMT 2:00]
Running from: c:\documents and settings\Nathan Dobson\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nathan Dobson\Application Data\B842FDCA20727E3105CCE153642E103D
c:\documents and settings\Nathan Dobson\Application Data\B842FDCA20727E3105CCE153642E103D\enemies-names.txt
c:\documents and settings\Nathan Dobson\Application Data\B842FDCA20727E3105CCE153642E103D\hookdll.dll
c:\documents and settings\Nathan Dobson\Application Data\B842FDCA20727E3105CCE153642E103D\lsrslt.ini
c:\program files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
c:\program files\WindowsUpdate
c:\windows\Uninstall.ini

Infected copy of c:\windows\system32\drivers\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-04 08:17 . 2010-05-04 08:17 -------- d-----w- C:\_OTS
2010-04-29 13:01 . 2010-04-29 13:01 -------- d-----w- c:\program files\ERUNT
2010-04-28 22:45 . 2010-04-28 22:45 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-28 22:15 . 2010-04-28 22:15 -------- d-----w- c:\documents and settings\Nathan Dobson\Application Data\Malwarebytes
2010-04-28 22:14 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 22:14 . 2010-04-28 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-28 22:14 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 22:14 . 2010-04-28 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-28 20:02 . 2010-04-28 20:02 -------- d-----w- c:\program files\Intel
2010-04-22 07:43 . 2010-04-22 07:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-13 18:14 . 2010-04-13 18:14 -------- d-----w- C:\VritualRoot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 10:30 . 2010-03-28 16:44 439816 ----a-w- c:\documents and settings\Nathan Dobson\Application Data\Real\Update\setup3.10\setup.exe
2010-04-13 05:12 . 2010-03-03 17:54 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-13 05:12 . 2010-03-03 17:54 86800 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-04-13 05:12 . 2010-03-03 17:54 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-13 05:12 . 2010-03-03 17:54 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-13 05:12 . 2010-03-03 17:54 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-03-31 20:00 . 2010-03-31 20:00 -------- d-----w- c:\program files\Veetle
2010-03-21 20:16 . 2010-03-21 20:16 -------- d-----w- c:\documents and settings\Nathan Dobson\Application Data\vlc
2010-03-21 19:48 . 2010-03-21 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2010-03-21 09:36 . 2010-03-21 09:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trusteer
2010-03-20 18:02 . 2010-04-29 10:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trusteer
2010-03-11 11:02 . 2010-03-11 11:02 -------- d-----w- c:\documents and settings\Nathan Dobson\Application Data\Trusteer
2010-03-11 11:01 . 2010-03-11 11:01 -------- d-----w- c:\program files\Trusteer
2010-03-11 10:59 . 2010-03-11 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
2010-03-09 11:09 . 2005-03-30 09:38 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 07:52 . 2010-03-08 07:52 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-03-08 07:52 . 2010-03-08 07:52 272 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-03-08 07:29 . 2010-03-08 07:29 -------- d-----w- c:\documents and settings\Nathan Dobson\Application Data\Comodo
2010-03-08 07:29 . 2010-03-08 07:29 -------- d-----w- c:\program files\Comodo
2010-03-08 07:25 . 2010-03-08 07:25 1510584 ----a-w- c:\documents and settings\All Users\Application Data\Comodo Downloader\trustconnectclient.exe
2010-03-08 07:25 . 2010-03-08 07:25 5542592 ----a-w- c:\documents and settings\All Users\Application Data\Comodo Downloader\hopsurf.exe
2010-03-08 07:23 . 2010-03-08 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-02-26 05:43 . 2005-03-30 09:38 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2005-03-30 09:38 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2005-03-30 09:38 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 07:10 . 2005-03-30 09:38 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 20:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 09:03 . 2010-03-05 15:01 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2005-03-30 09:37 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2005-03-30 09:38 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488]
"eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-03 185632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-13 2029456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Nathan Dobson\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [03/03/2010 19:54 15464]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [03/03/2010 19:54 25240]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\Comodo\COMODO livePCsupport\CLPSLS.exe [12/02/2010 19:23 148744]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [03/03/2010 19:54 225344]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 13:47 58984]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 13:47 116328]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 13:47 779496]
S3 PRISM_A00;Sitecom Wireless Network PCI adapter g+ WL-121v3;c:\windows\system32\DRIVERS\PRISMA00.sys --> c:\windows\system32\DRIVERS\PRISMA00.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pucuy.com/
mStart Page = hxxp://www.pucuy.com/
uInternet Connection Wizard,ShellNext = iexplore
TCP: {0C825A4F-AB77-4E78-A192-3C4FC4E0AF71} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\Nathan Dobson\Application Data\Mozilla\Firefox\Profiles\yxd7hm9f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Livestation - c:\program files\Livestation\AppStart.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-AVFX Engine - c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
HKLM-Run-EoEngine - c:\program files\EoRezo\EoEngine.exe
HKLM-Run-SoftwareHelper - c:\documents and settings\Nathan Dobson\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-SoftwareUpdate_is1 - c:\documents and settings\Nathan Dobson\Application Data\eoRezo\SoftwareUpdate\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 10:42
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82E93EE4]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8743f28
\Driver\ACPI -> ACPI.sys @ 0xf8696cb8
\Driver\atapi -> atapi.sys @ 0xf8630852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
SecurityProcedure -> ntoskrnl.exe @ 0x8059b445
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
SecurityProcedure -> ntoskrnl.exe @ 0x8059b445
user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-05-04 10:45:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-04 08:45

Pre-Run: 7,394,230,272 bytes free
Post-Run: 7,321,665,536 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3F59F9EDD84EFCB36DA7407FF6F7A84C

4. An update on how your computer is currently runnin
  • 0

#7
SweetTech
Posted 04 May 2010 - 03:16 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
FileLook::
c:\windows\system32\drivers\sfi.dat

DirLook::c:\documents and settings\NetworkService\UserData
C:\VritualRoot

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=-

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



OTL Custom Scan
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Extra Registry select Use Safe List
  • Under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.


NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the ComboFix scan.
3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the ESET Online Virus Scanner.
5. The logs that were produced after running the OTL scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
  • 0

#8
HugoLLoris
Posted 05 May 2010 - 09:01 AM

HugoLLoris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hel1o.

1. Everything went as you said. I've uninstalled the virus protection that I think was getting in the way before. I'm sure that it had gone but the Malaware Bytes program said that it was still running. The combofix had to re-boot the computer because it found "rootkit activity".
Is there anymore we need to do?
If I start a new thread can you help me with a problem I have on another computer?

2. ComboFix scan:
ComboFix 10-05-03.05 - Nathan Dobson 05/05/2010 8:28.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.303 [GMT 2:00]
Running from: c:\documents and settings\Nathan Dobson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nathan Dobson\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-04 08:17 . 2010-05-04 08:17 -------- d-----w- C:\_OTS
2010-04-29 13:01 . 2010-04-29 13:01 -------- d-----w- c:\program files\ERUNT
2010-04-28 22:45 . 2010-04-28 22:45 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-28 22:15 . 2010-04-28 22:15 -------- d-----w- c:\documents and settings\Nathan Dobson\Application Data\Malwarebytes
2010-04-28 22:14 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 22:14 . 2010-04-28 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-28 22:14 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 22:14 . 2010-04-28 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-28 20:02 . 2010-04-28 20:02 -------- d-----w- c:\program files\Intel
2010-04-22 07:43 . 2010-04-22 07:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-13 18:14 . 2010-04-13 18:14 -------- d-----w- C:\VritualRoot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 10:30 . 2010-03-28 16:44 439816 ----a-w- c:\documents and settings\Nathan Dobson\Application Data\Real\Update\setup3.10\setup.exe
2010-03-31 20:00 . 2010-03-31 20:00 -------- d-----w- c:\program files\Veetle
2010-03-21 20:16 . 2010-03-21 20:16 -------- d-----w- c:\documents and settings\Nathan Dobson\Application Data\vlc
2010-03-21 19:48 . 2010-03-21 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2010-03-21 09:36 . 2010-03-21 09:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trusteer
2010-03-20 18:02 . 2010-04-29 10:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trusteer
2010-03-11 11:02 . 2010-03-11 11:02 -------- d-----w- c:\documents and settings\Nathan Dobson\Application Data\Trusteer
2010-03-11 10:59 . 2010-03-11 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
2010-03-09 11:09 . 2005-03-30 09:38 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 07:52 . 2010-03-08 07:52 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-03-08 07:52 . 2010-03-08 07:52 272 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-03-08 07:29 . 2010-03-08 07:29 -------- d-----w- c:\program files\Comodo
2010-03-08 07:25 . 2010-03-08 07:25 1510584 ----a-w- c:\documents and settings\All Users\Application Data\Comodo Downloader\trustconnectclient.exe
2010-03-08 07:25 . 2010-03-08 07:25 5542592 ----a-w- c:\documents and settings\All Users\Application Data\Comodo Downloader\hopsurf.exe
2010-03-08 07:23 . 2010-03-08 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-02-26 05:43 . 2005-03-30 09:38 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2005-03-30 09:38 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2005-03-30 09:38 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 07:10 . 2005-03-30 09:38 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 20:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 09:03 . 2010-03-05 15:01 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2005-03-30 09:37 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2005-03-30 09:38 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\sfi.dat ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 272
Created time: 2010-03-08 07:52
Modified time: 2010-03-08 07:52
MD5: D3FC26580CEA5AEFBE9227695DF8DCDA
SHA1: 992B1C578DBF246FB1FFA3C9D2971AE413764146

---- Directory of C:\VritualRoot ----



((((((((((((((((((((((((((((( SnapShot@2010-05-04_08.42.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-05 05:44 . 2010-05-05 05:44 278528 c:\windows\ERDNT\AutoBackup\05-05-2010\Users\00000002\UsrClass.dat
+ 2010-05-05 05:44 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\05-05-2010\ERDNT.EXE
+ 2010-05-04 08:51 . 2010-05-04 08:51 278528 c:\windows\ERDNT\AutoBackup\04-05-2010\Users\00000002\UsrClass.dat
+ 2010-05-04 08:51 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\04-05-2010\ERDNT.EXE
+ 2010-05-05 05:44 . 2010-05-05 05:44 6230016 c:\windows\ERDNT\AutoBackup\05-05-2010\Users\00000001\NTUSER.DAT
+ 2010-05-04 08:51 . 2010-05-04 08:51 6230016 c:\windows\ERDNT\AutoBackup\04-05-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488]
"eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-03 185632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Nathan Dobson\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 PRISM_A00;Sitecom Wireless Network PCI adapter g+ WL-121v3;c:\windows\system32\DRIVERS\PRISMA00.sys --> c:\windows\system32\DRIVERS\PRISMA00.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pucuy.com/
mStart Page = hxxp://www.pucuy.com/
uInternet Connection Wizard,ShellNext = iexplore
TCP: {0C825A4F-AB77-4E78-A192-3C4FC4E0AF71} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\Nathan Dobson\Application Data\Mozilla\Firefox\Profiles\yxd7hm9f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 08:38
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82E8EEE4]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8727f28
\Driver\ACPI -> ACPI.sys @ 0xf867acb8
\Driver\atapi -> atapi.sys @ 0xf8614852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
SecurityProcedure -> ntoskrnl.exe @ 0x8059b445
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
SecurityProcedure -> ntoskrnl.exe @ 0x8059b445
NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf8576bb0
PacketIndicateHandler -> NDIS.sys @ 0xf8565a0d
SendHandler -> NDIS.sys @ 0xf8579b40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(684)
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2010-05-05 08:43:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-05 06:43
ComboFix2.txt 2010-05-04 08:45

Pre-Run: 6,506,004,480 bytes free
Post-Run: 7,154,761,728 bytes free

- - End Of File - - A4B5C46094817A308D8AD7FE3B50FE0A

3. MalwareBytes' Anti-Malware scan:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

05/05/2010 13:04:22
mbam-log-2010-05-05 (13-04-22).txt

Scan type: Quick scan
Objects scanned: 113330
Time elapsed: 9 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4. The log that was produced after running the ESET Online Virus Scanner:
C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP0\A0000019.sys Win32/Patched.EQ trojan
C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP4\A0000493.sys Win32/Patched.EQ trojan
C:\_OTS\MovedFiles\05042010_101702\C_Documents and Settings\Nathan Dobson\Application Data\B842FDCA20727E3105CCE153642E103D\newupdate1142C.exe a variant of Win32/Kryptik.EBN trojan
C:\_OTS\MovedFiles\05042010_101702\C_WINDOWS\Yvyroa.exe Win32/TrojanDownloader.FakeAlert.AQI trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\isapnp.sys.vir Win32/Patched.EQ trojan

5. The logs that were produced after running the OTL scan. (extras first then OTL):
OTL Extras logfile created on: 05/05/2010 16:35:06 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Nathan Dobson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 367.00 Mb Available Physical Memory | 73.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.27 Gb Total Space | 6.57 Gb Free Space | 25.02% Space Free | Partition Type: FAT32
Drive D: | 26.66 Gb Total Space | 26.66 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-AC84C68AD2
Current User Name: Nathan Dobson
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\PROGRAM FILES\LIVESTATION\1.0.77.3\LIVESTATION.EXE" = C:\Program Files\Livestation\1.0.77.3\Livestation.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{4B9535BF-CC90-4158-AF32-CAF57A8820CA}" = Macromedia Contribute 3.11
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Video FX Engine" = Advanced Video FX Engine
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_00661025" = SoftV92 Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"DVD Shrink_is1" = DVD Shrink 3.1.5
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"GridVista" = Acer GridVista
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{32004F6B-6C1C-496F-A68B-8CD576249D21}" = Sitecom Wireless LAN Utility
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = Texas Instruments PCIxx21/x515 drivers.
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RealPlayer 6.0" = RealPlayer
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/04/2010 03:12:21 | Computer Name = ACER-AC84C68AD2 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 30/04/2010 03:12:22 | Computer Name = ACER-AC84C68AD2 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 30/04/2010 03:12:23 | Computer Name = ACER-AC84C68AD2 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 30/04/2010 03:12:24 | Computer Name = ACER-AC84C68AD2 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 30/04/2010 03:12:25 | Computer Name = ACER-AC84C68AD2 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 30/04/2010 03:12:26 | Computer Name = ACER-AC84C68AD2 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 30/04/2010 03:12:28 | Computer Name = ACER-AC84C68AD2 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 30/04/2010 03:12:32 | Computer Name = ACER-AC84C68AD2 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 30/04/2010 03:12:34 | Computer Name = ACER-AC84C68AD2 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 05/05/2010 06:50:17 | Computer Name = ACER-AC84C68AD2 | Source = MBAMService | ID = 131073
Description =

[ System Events ]
Error - 05/05/2010 06:44:31 | Computer Name = ACER-AC84C68AD2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 05/05/2010 06:44:31 | Computer Name = ACER-AC84C68AD2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 05/05/2010 06:44:36 | Computer Name = ACER-AC84C68AD2 | Source = Service Control Manager | ID = 7000
Description = The AEGIS Protocol (IEEE 802.1x) v2.3.1.6 service failed to start
due to the following error: %%2

Error - 05/05/2010 06:44:36 | Computer Name = ACER-AC84C68AD2 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%3

Error - 05/05/2010 08:09:59 | Computer Name = ACER-AC84C68AD2 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 05/05/2010 08:09:59 | Computer Name = ACER-AC84C68AD2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 05/05/2010 08:09:59 | Computer Name = ACER-AC84C68AD2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 05/05/2010 08:10:23 | Computer Name = ACER-AC84C68AD2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/05/2010 08:10:51 | Computer Name = ACER-AC84C68AD2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm mfehidk

Error - 05/05/2010 08:12:47 | Computer Name = ACER-AC84C68AD2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >

OTL logfile created on: 05/05/2010 16:35:06 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Nathan Dobson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 367.00 Mb Available Physical Memory | 73.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.27 Gb Total Space | 6.57 Gb Free Space | 25.02% Space Free | Partition Type: FAT32
Drive D: | 26.66 Gb Total Space | 26.66 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-AC84C68AD2
Current User Name: Nathan Dobson
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Nathan Dobson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Nathan Dobson\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Automatic LiveUpdate Scheduler) -- File not found
SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)


========== Driver Services (SafeList) ==========

DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (Avocent/OSA Technologies Inc.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider)
DRV - (int15.sys) -- C:\Program Files\acer\eRecovery\int15.sys ()
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (UBHelper) -- C:\WINDOWS\system32\drivers\UBHelper.sys ()
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (IntelŪ Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pucuy.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pucuy.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.0.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/07/04 22:38:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/07/04 22:38:14 | 000,000,000 | ---D | M]

[2008/07/04 22:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Dobson\Application Data\Mozilla\Extensions
[2008/07/04 22:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Dobson\Application Data\Mozilla\Firefox\Profiles\yxd7hm9f.default\extensions
[2008/07/04 22:38:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/16 21:20:48 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/03/16 21:20:48 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/03/16 21:20:48 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/03/16 21:20:48 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
[2010/03/21 23:30:02 | 000,000,615 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pucuy.xml

O1 HOSTS File: ([2010/05/05 08:38:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EoBHO Class) - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll File not found
O4 - HKLM..\Run: [eRecoveryService] C:\WINDOWS\system32\Check.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Nathan Dobson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...ows-i586-jc.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Nathan Dobson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nathan Dobson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/30 12:23:20 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{58bcba0e-f88f-11de-a1e6-00c09fe0f246}\Shell\AutoRun\command - "" = p3vwxx.exe
O33 - MountPoints2\{58bcba0e-f88f-11de-a1e6-00c09fe0f246}\Shell\open\Command - "" = p3vwxx.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/03/30 11:40:26 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/05/05 16:32:22 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nathan Dobson\Desktop\OTL.exe
[2010/05/05 13:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/05 11:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/05 08:43:38 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/05/05 08:43:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/05 08:10:25 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/04 10:26:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/04 10:25:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/04 10:25:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/04 10:25:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/04 10:25:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/04 10:24:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/04 10:17:02 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/04/29 15:03:36 | 000,639,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nathan Dobson\Desktop\OTS.exe
[2010/04/29 15:02:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/29 15:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/29 00:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/29 00:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nathan Dobson\Application Data\Malwarebytes
[2010/04/29 00:14:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 00:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/29 00:14:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 00:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/28 22:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/04/22 09:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/13 20:14:11 | 000,000,000 | ---D | C] -- C:\VritualRoot

========== Files - Modified Within 30 Days ==========

[2010/05/05 16:32:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nathan Dobson\Desktop\OTL.exe
[2010/05/05 14:10:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/05 14:09:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/05 14:08:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/05 14:08:14 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Nathan Dobson\NTUSER.DAT
[2010/05/05 14:08:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nathan Dobson\ntuser.ini
[2010/05/05 14:07:54 | 003,768,246 | -H-- | M] () -- C:\Documents and Settings\Nathan Dobson\Local Settings\Application Data\IconCache.db
[2010/05/05 13:06:02 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Nathan Dobson\Desktop\esetsmartinstaller_enu.exe
[2010/05/05 12:45:00 | 000,000,649 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010/05/05 08:39:02 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/04 10:26:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/04 10:23:52 | 003,945,592 | R--- | M] () -- C:\Documents and Settings\Nathan Dobson\Desktop\ComboFix.exe
[2010/04/29 15:58:02 | 000,001,566 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 15:12:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nathan Dobson\Desktop\GAMERS.EXE
[2010/04/29 15:03:38 | 000,639,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nathan Dobson\Desktop\OTS.exe
[2010/04/29 15:02:00 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Nathan Dobson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/04/29 15:01:58 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Nathan Dobson\Desktop\NTREGOPT.lnk
[2010/04/29 15:01:58 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\Nathan Dobson\Desktop\ERUNT.lnk
[2010/04/29 12:59:26 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/28 19:20:48 | 000,066,560 | ---- | M] () -- C:\Documents and Settings\Nathan Dobson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/26 15:58:14 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 11:07:20 | 000,079,360 | ---- | M] () -- C:\Documents and Settings\Nathan Dobson\My Documents\Old websites (Socecon France).doc
[2010/04/24 15:07:14 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Nathan Dobson\My Documents\Old websites.doc
[2010/04/20 14:13:10 | 001,207,785 | ---- | M] () -- C:\Documents and Settings\Nathan Dobson\Desktop\080925_mschandbook.pdf
[2010/04/15 08:53:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 11:44:46 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Nathan Dobson\My Documents\for french blog.doc
[2010/04/08 11:57:56 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\Nathan Dobson\Desktop\Notepad (2).lnk

========== Files Created - No Company Name ==========

[2010/05/05 13:05:55 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Nathan Dobson\Desktop\esetsmartinstaller_enu.exe
[2010/05/04 10:26:46 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/04 10:26:40 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/04 10:25:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/04 10:25:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/04 10:25:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/04 10:25:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/04 10:25:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/04 10:23:41 | 003,945,592 | R--- | C] () -- C:\Documents and Settings\Nathan Dobson\Desktop\ComboFix.exe
[2010/04/29 15:12:58 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Nathan Dobson\Desktop\GAMERS.EXE
[2010/04/29 15:01:59 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Nathan Dobson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/04/29 15:01:57 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Nathan Dobson\Desktop\NTREGOPT.lnk
[2010/04/29 15:01:57 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\Nathan Dobson\Desktop\ERUNT.lnk
[2010/04/29 12:49:10 | 000,001,566 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/04/29 00:15:02 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/28 22:02:57 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\drivers\verfile.tic
[2010/04/25 11:07:18 | 000,079,360 | ---- | C] () -- C:\Documents and Settings\Nathan Dobson\My Documents\Old websites (Socecon France).doc
[2010/04/20 14:13:10 | 001,207,785 | ---- | C] () -- C:\Documents and Settings\Nathan Dobson\Desktop\080925_mschandbook.pdf
[2010/04/13 11:44:43 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Nathan Dobson\My Documents\for french blog.doc
[2010/03/06 10:52:07 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/12/03 14:02:25 | 000,000,099 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/19 09:40:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/09 11:55:52 | 000,000,649 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005/06/11 11:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2005/03/30 13:05:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/30 12:59:27 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/30 12:23:43 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/30 11:59:38 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/30 11:51:12 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/01/13 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/11/20 15:28:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/11/20 15:28:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== LOP Check ==========

[2006/07/10 22:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2006/07/19 21:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2008/03/22 13:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2010/03/11 12:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2007/06/08 19:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Dobson\Application Data\My Games
[2007/11/06 23:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Dobson\Application Data\Sports Interactive
[2008/06/23 12:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Dobson\Application Data\MSNInstaller
[2009/03/06 10:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Dobson\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/03/12 17:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Dobson\Application Data\EoRezo
[2009/10/29 17:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Dobson\Application Data\Spotify
[2010/03/11 13:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Dobson\Application Data\Trusteer

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2010/04/30 09:17:44 | 000,000,326 | ---- | M] () -- C:\rkill.log
[2005/03/30 13:08:54 | 000,000,076 | RHS- | M] () -- C:\PRELOAD.AAA
[2010/05/05 14:09:16 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2008/11/28 11:38:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/04 10:26:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2005/03/30 11:54:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/03/30 12:23:20 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/03/30 11:54:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/03/30 11:54:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/05 08:43:10 | 000,011,701 | ---- | M] () -- C:\ComboFix.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2006/05/20 00:40:42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/05 12:54:36 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/03/30 11:45:10 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2005/03/30 11:45:10 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/03/30 11:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/24 15:11:08 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 14:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
< End of report >

6. An update on how your computer is currently running:
It seems to be working better since I uninstalled the antivirus software, I think that was clogging things up quite alot.
  • 0

#9
SweetTech
Posted 05 May 2010 - 04:48 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

"I've uninstalled the virus protection that I think was getting in the way before."
I assume this means you uninstalled Comodo. It's not a good idea to run your computer without anti-virus protection.

"Is there anymore we need to do?"
Yes, we still have some more work to do.

"If I start a new thread can you help me with a problem I have on another computer?"
Yes, but I prefer to work with one computer at a time. So I'd prefer to work with this computer right now and deal with the other infected computer after we have gotten this computer cleaned up. :)



NEXT:



No Anti-Virus Present

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O33 - MountPoints2\{58bcba0e-f88f-11de-a1e6-00c09fe0f246}\Shell\AutoRun\command - "" = p3vwxx.exe
O33 - MountPoints2\{58bcba0e-f88f-11de-a1e6-00c09fe0f246}\Shell\open\Command - "" = p3vwxx.exe

:Files
C:\Documents and Settings\Nathan Dobson\Desktop\esetsmartinstaller_enu.exe
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



MalwareBytes' Anti-Malware scan:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4052

The current version of MBAM is 1.46 and the current database version is: 4070.

Please follow the instructions below for running an updated MalwareBytes' Anti-Malware scan.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Java Outdated
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.


NEXT



Clean Java Cache & Temporary Files
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT



Update FireFox
While in Firefox go to the Help menu.
Locate Check for Updates.
Allow Firefox to install the latest update. Which is 3.6.3



NEXT


Download Combofix from either of the links below.

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download.


Link 1
Link 2



-----------------------------------------------------------

  • Double click on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" for further review.
    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


    -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------



NEXT



Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply


NEXT



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the OTL fix.
3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the ComboFix scan.
5. The log that was produced after running the Kaspersky Online Scanner.
6. The log that was produced after running the SecurityCheck.
7. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 05 May 2010 - 04:49 PM.

  • 0

#10
HugoLLoris
Posted 06 May 2010 - 06:27 AM

HugoLLoris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
1. I couldn't complete all of the porcesses you asked me to, the Kapersky one said "Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program." The internet connection was fine.
I downloaded Avira but might have picked up another virus before that because a dodgy website came up in a new tab on Firefox without any prompting.

2. The log that was produced after running the OTL fix.
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Process explorer.exe killed successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58bcba0e-f88f-11de-a1e6-00c09fe0f246}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58bcba0e-f88f-11de-a1e6-00c09fe0f246}\ not found.
File p3vwxx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58bcba0e-f88f-11de-a1e6-00c09fe0f246}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58bcba0e-f88f-11de-a1e6-00c09fe0f246}\ not found.
File p3vwxx.exe not found.
========== FILES ==========
C:\Documents and Settings\Nathan Dobson\Desktop\esetsmartinstaller_enu.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 921971 bytes
->Flash cache emptied: 1707 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Nathan Dobson
->Temp folder emptied: 68024 bytes
->Temporary Internet Files folder emptied: 139270 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37956251 bytes
->Flash cache emptied: 560 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 82275 bytes

Total Files Cleaned = 37.00 mb


[EMPTYFLASH]

User: Default User
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService
->Flash cache emptied: 0 bytes

User: LocalService

User: Nathan Dobson
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05062010_115916

3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4070

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

06/05/2010 12:16:00
mbam-log-2010-05-06 (12-16-00).txt

Scan type: Quick scan
Objects scanned: 113436
Time elapsed: 7 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


4. The log that was produced after running the ComboFix scan.
ComboFix 10-05-05.0A - Nathan Dobson 06/05/2010 13:59:58.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.263 [GMT 2:00]
Running from: c:\documents and settings\Nathan Dobson\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-06 11:38 . 2010-05-06 11:38 503808 ----a-w- c:\documents and settings\Nathan Dobson\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-19bd1a20-n\msvcp71.dll
2010-05-06 11:38 . 2010-05-06 11:38 499712 ----a-w- c:\documents and settings\Nathan Dobson\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-19bd1a20-n\jmc.dll
2010-05-06 11:38 . 2010-05-06 11:38 348160 ----a-w- c:\documents and settings\Nathan Dobson\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-19bd1a20-n\msvcr71.dll
2010-05-06 11:38 . 2010-05-06 11:38 61440 ----a-w- c:\documents and settings\Nathan Dobson\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-444b8497-n\decora-sse.dll
2010-05-06 11:38 . 2010-05-06 11:38 12800 ----a-w- c:\documents and settings\Nathan Dobson\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-444b8497-n\decora-d3d.dll
2010-05-06 11:38 . 2010-05-06 11:37 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 11:28 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-06 11:28 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-06 11:28 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-06 11:28 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-06 11:28 . 2010-05-06 11:28 -------- d-----w- c:\program files\Avira
2010-05-06 11:28 . 2010-05-06 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-05-06 11:17 . 2010-05-06 11:17 -------- d-----w- c:\program files\Common Files\Java
2010-05-06 09:59 . 2010-05-06 09:59 -------- d-----w- C:\_OTL
2010-05-05 11:06 . 2010-05-05 11:06 -------- d-----w- c:\program files\ESET
2010-05-05 10:51 . 2010-05-05 10:52 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-05-04 08:17 . 2010-05-04 08:17 -------- d-----w- C:\_OTS
2010-04-29 13:01 . 2010-04-29 13:01 -------- d-----w- c:\program files\ERUNT
2010-04-28 22:45 . 2010-04-28 22:45 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-28 22:15 . 2010-04-28 22:15 -------- d-----w- c:\documents and settings\Nathan Dobson\Application Data\Malwarebytes
2010-04-28 22:14 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 22:14 . 2010-04-28 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-28 22:14 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 22:14 . 2010-04-28 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-28 20:02 . 2010-04-28 20:02 -------- d-----w- c:\program files\Intel
2010-04-22 07:43 . 2010-04-22 07:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-13 18:14 . 2010-04-13 18:14 -------- d-----w- C:\VritualRoot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 10:30 . 2010-03-28 16:44 439816 ----a-w- c:\documents and settings\Nathan Dobson\Application Data\Real\Update\setup3.10\setup.exe
2010-03-31 20:00 . 2010-03-31 20:00 -------- d-----w- c:\program files\Veetle
2010-03-21 20:16 . 2010-03-21 20:16 -------- d-----w- c:\documents and settings\Nathan Dobson\Application Data\vlc
2010-03-21 19:48 . 2010-03-21 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2010-03-21 09:36 . 2010-03-21 09:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trusteer
2010-03-20 18:02 . 2010-04-29 10:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trusteer
2010-03-11 11:02 . 2010-03-11 11:02 -------- d-----w- c:\documents and settings\Nathan Dobson\Application Data\Trusteer
2010-03-11 10:59 . 2010-03-11 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
2010-03-09 11:09 . 2005-03-30 09:38 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 07:52 . 2010-03-08 07:52 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-03-08 07:52 . 2010-03-08 07:52 272 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-03-08 07:29 . 2010-03-08 07:29 -------- d-----w- c:\program files\Comodo
2010-03-08 07:25 . 2010-03-08 07:25 1510584 ----a-w- c:\documents and settings\All Users\Application Data\Comodo Downloader\trustconnectclient.exe
2010-03-08 07:25 . 2010-03-08 07:25 5542592 ----a-w- c:\documents and settings\All Users\Application Data\Comodo Downloader\hopsurf.exe
2010-03-08 07:23 . 2010-03-08 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-02-26 05:43 . 2005-03-30 09:38 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2005-03-30 09:38 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2005-03-30 09:38 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 07:10 . 2005-03-30 09:38 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 20:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 09:03 . 2010-03-05 15:01 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2005-03-30 09:37 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2005-03-30 09:38 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488]
"eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-03 185632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Nathan Dobson\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [06/05/2010 13:28 108289]
S3 PRISM_A00;Sitecom Wireless Network PCI adapter g+ WL-121v3;c:\windows\system32\DRIVERS\PRISMA00.sys --> c:\windows\system32\DRIVERS\PRISMA00.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pucuy.com/
mStart Page = hxxp://www.pucuy.com/
uInternet Connection Wizard,ShellNext = iexplore
TCP: {0C825A4F-AB77-4E78-A192-3C4FC4E0AF71} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\Nathan Dobson\Application Data\Mozilla\Firefox\Profiles\yxd7hm9f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 14:07
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3564)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-06 14:10:58
ComboFix-quarantined-files.txt 2010-05-06 12:10
ComboFix2.txt 2010-05-05 06:43
ComboFix3.txt 2010-05-04 08:45

Pre-Run: 5,968,232,448 bytes free
Post-Run: 5,935,611,904 bytes free

- - End Of File - - 2396E8036C88D730AF581A3B160C0A06

5. The log that was produced after running the Kaspersky Online Scanner.
Couldn't complete the scan. It said "Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program." The connection was fine.
6. The log that was produced after running the SecurityCheck. Didn't try.
7. An update on how your computer is currently running.
Running ok, but still gets bogged down doing stuff. I'm worried that whilst working on cleaning this bug, I've got another, when I turned off antivirus software?
  • 0

Advertisements

#11
SweetTech
Posted 06 May 2010 - 07:27 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
FileLister
1. Go HERE and download FileLister.
  • Save it to your Desktop
  • Right Click ->> Extract all ->> And extract it to your Desktop
  • Additional help on extracting zip files can be found HERE
  • Open the File Lister Folder.
  • Note: Leave the FileLister.vbe file in the folder and run it from there.
Posted Image
  • Right Click FileLister.vbe ->>Select Open Then Open to confirm.
  • When the program is fnished it will produce a log for you Files.txt
  • Which will be located in the default location from which FileLister was run(the FileLister folder)
Copy and paste the contents of that log in your reply.
  • 0

#12
HugoLLoris
Posted 06 May 2010 - 10:54 AM

HugoLLoris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
+++++++++++++++++++++++++++
+ File Lister Version 1.1.4 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++

Report ran on --->>> 06/05/2010 18:52:53

====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Internet Explorer\iexplore.exe

====== BHO's ======
BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll

BHO: (NO NAME) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

====== System Keys (some whitelisted items will not be shown)======

Winlogon\Userinit = C:\WINDOWS\system32\userinit.exe,
Winlogon\Shell = Explorer.exe

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[IgfxTray] = C:\WINDOWS\system32\igfxtray.exe
[HotKeysCmds] = C:\WINDOWS\system32\hkcmd.exe
[SynTPLpr] = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[IMJPMIG8.1] = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[MSPY2002] = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
[PHIME2002ASync] = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[PHIME2002A] = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[LManager] = C:\Program Files\Launch Manager\QtZgAcer.EXE
[eRecoveryService] = C:\Windows\System32\Check.exe
[iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"
[TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[QuickTime Task] = "C:\Program Files\QuickTime\qttask.exe" -atboottime
[Adobe Reader Speed Launcher] = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[SunJavaUpdateSched] = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
[avgnt] = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

====== HKCU\~\Run Keys ======


====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{0C825A4F-AB77-4E78-A192-3C4FC4E0AF71}\ NameServer= 156.154.70.22,156.154.71.22
HKEY_LOCAL_MACHINE\CCS\~\{163C04C9-BECB-4DA8-9F06-C6B8B6830F75}\ NameServer= 156.154.70.22,156.154.71.22

HKEY_LOCAL_MACHINE\CS001\~\{0C825A4F-AB77-4E78-A192-3C4FC4E0AF71}\ NameServer= 156.154.70.22,156.154.71.22

HKEY_LOCAL_MACHINE\CS001\~\{163C04C9-BECB-4DA8-9F06-C6B8B6830F75}\ NameServer= 156.154.70.22,156.154.71.22

NV Hostname = acer-ac84c68ad2
DataBasePath = %SystemRoot%\System32\drivers\etc
ForwardBroadcasts = 0
IPEnableRouter = 0
Hostname = acer-ac84c68ad2
UseDomainNameDevolution = 1
DeadGWDetectDefault = 1
DontAddDefaultGatewayDefault = 0
DhcpNameServer = 192.168.1.1

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

08/03/2010 09:54:24 0 C:\Sandbox
13/04/2010 20:14:11 0 C:\VritualRoot
04/05/2010 10:17:02 7658786 C:\_OTS
04/05/2010 10:17:02 7658786 C:\_OTS\MovedFiles
04/05/2010 10:17:02 7618340 C:\_OTS\MovedFiles\05042010_101702
04/05/2010 10:17:13 7457060 C:\_OTS\MovedFiles\05042010_101702\C_Documents and Settings
04/05/2010 10:17:13 7450286 C:\_OTS\MovedFiles\05042010_101702\C_Documents and Settings\Nathan Dobson
04/05/2010 10:17:13 730624 C:\_OTS\MovedFiles\05042010_101702\C_Documents and Settings\Nathan Dobson\Application Data
04/05/2010 10:17:13 730624 C:\_OTS\MovedFiles\05042010_101702\C_Documents and Settings\Nathan Dobson\Application Data\B842FDCA20727E3105CCE153642E103D
04/05/2010 10:17:14 6712888 C:\_OTS\MovedFiles\05042010_101702\C_Documents and Settings\Nathan Dobson\Desktop
04/05/2010 10:17:14 6774 C:\_OTS\MovedFiles\05042010_101702\C_Documents and Settings\Nathan Dobson\Local Settings
04/05/2010 10:17:14 6774 C:\_OTS\MovedFiles\05042010_101702\C_Documents and Settings\Nathan Dobson\Local Settings\Application Data
04/05/2010 10:17:14 6774 C:\_OTS\MovedFiles\05042010_101702\C_Documents and Settings\All Users
04/05/2010 10:17:14 6774 C:\_OTS\MovedFiles\05042010_101702\C_Documents and Settings\All Users\Application Data
04/05/2010 10:17:14 161280 C:\_OTS\MovedFiles\05042010_101702\C_WINDOWS
04/05/2010 10:26:35 8113414 C:\cmdcons
04/05/2010 10:26:37 860672 C:\cmdcons\SYSTEM32
04/05/2010 10:24:37 1302690 C:\Qoobox
04/05/2010 10:24:37 183620 C:\Qoobox\Quarantine
04/05/2010 10:24:37 14126 C:\Qoobox\Quarantine\Registry_backups
04/05/2010 10:27:53 169137 C:\Qoobox\Quarantine\C
04/05/2010 10:28:10 37561 C:\Qoobox\Quarantine\C\WINDOWS
04/05/2010 10:28:10 37248 C:\Qoobox\Quarantine\C\WINDOWS\system32
04/05/2010 10:28:10 37248 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers
04/05/2010 10:37:34 48328 C:\Qoobox\Quarantine\C\Documents and Settings
04/05/2010 10:37:34 48328 C:\Qoobox\Quarantine\C\Documents and Settings\Nathan Dobson
04/05/2010 10:37:34 48328 C:\Qoobox\Quarantine\C\Documents and Settings\Nathan Dobson\Application Data
04/05/2010 10:37:34 48328 C:\Qoobox\Quarantine\C\Documents and Settings\Nathan Dobson\Application Data\B842FDCA20727E3105CCE153642E103D
04/05/2010 10:37:35 83248 C:\Qoobox\Quarantine\C\Program Files
04/05/2010 10:37:35 83248 C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox
04/05/2010 10:37:35 83248 C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins
06/05/2010 13:59:26 0 C:\Qoobox\BackEnv
06/05/2010 11:59:16 2672468 C:\_OTL
06/05/2010 11:59:17 2672468 C:\_OTL\MovedFiles
06/05/2010 11:59:17 2672312 C:\_OTL\MovedFiles\05062010_115916
06/05/2010 11:59:17 2672312 C:\_OTL\MovedFiles\05062010_115916\C_Documents and Settings
06/05/2010 11:59:17 2672312 C:\_OTL\MovedFiles\05062010_115916\C_Documents and Settings\Nathan Dobson
06/05/2010 11:59:17 2672312 C:\_OTL\MovedFiles\05062010_115916\C_Documents and Settings\Nathan Dobson\Desktop
30/04/2010 09:17:41 326 32 C:\rkill.log
06/05/2010 14:10:59 11386 32 C:\ComboFix.txt
04/05/2010 10:26:40 260272 32 C:\cmldr
04/05/2010 10:26:46 211 32 C:\Boot.bak
06/05/2010 18:50:47 0 32 C:\Files.txt
05/05/2010 12:52:56 109 32 C:\mbam-error.txt
05/05/2010 08:43:11 17048 C:\WINDOWS\temp
10/03/2010 19:44:53 4183818 C:\WINDOWS\$NtUninstallKB975561$
10/03/2010 19:44:53 624906 C:\WINDOWS\$NtUninstallKB975561$\spuninst
31/03/2010 18:03:09 8609874 C:\WINDOWS\$NtUninstallKB980182$
31/03/2010 18:03:09 631890 C:\WINDOWS\$NtUninstallKB980182$\spuninst
14/04/2010 21:13:48 709403 C:\WINDOWS\$NtUninstallKB979309$
14/04/2010 21:13:48 624923 C:\WINDOWS\$NtUninstallKB979309$\spuninst
14/04/2010 21:13:58 801618 C:\WINDOWS\$NtUninstallKB978601$
14/04/2010 21:13:58 624978 C:\WINDOWS\$NtUninstallKB978601$\spuninst
15/04/2010 08:51:01 999318 C:\WINDOWS\$NtUninstallKB977816$
15/04/2010 08:51:01 625046 C:\WINDOWS\$NtUninstallKB977816$\spuninst
15/04/2010 08:51:10 952239 C:\WINDOWS\$NtUninstallKB978338$
15/04/2010 08:51:10 626031 C:\WINDOWS\$NtUninstallKB978338$\spuninst
15/04/2010 08:51:16 1055268 C:\WINDOWS\$NtUninstallKB981349$
15/04/2010 08:51:16 625188 C:\WINDOWS\$NtUninstallKB981349$\spuninst
15/04/2010 08:53:21 1080992 C:\WINDOWS\$NtUninstallKB980232$
15/04/2010 08:53:21 625568 C:\WINDOWS\$NtUninstallKB980232$\spuninst
15/04/2010 08:53:30 9052331 C:\WINDOWS\$NtUninstallKB979683$
15/04/2010 08:53:30 627883 C:\WINDOWS\$NtUninstallKB979683$\spuninst
29/04/2010 15:02:57 320941970 C:\WINDOWS\ERDNT
29/04/2010 15:02:57 38816624 C:\WINDOWS\ERDNT\29-04-2010
29/04/2010 15:03:14 6500352 C:\WINDOWS\ERDNT\29-04-2010\Users
29/04/2010 15:03:14 6217728 C:\WINDOWS\ERDNT\29-04-2010\Users\00000001
29/04/2010 15:03:17 282624 C:\WINDOWS\ERDNT\29-04-2010\Users\00000002
29/04/2010 15:55:17 185485616 C:\WINDOWS\ERDNT\AutoBackup
29/04/2010 15:55:17 37038960 C:\WINDOWS\ERDNT\AutoBackup\29-04-2010
29/04/2010 15:55:45 6500352 C:\WINDOWS\ERDNT\AutoBackup\29-04-2010\Users
29/04/2010 15:55:45 6217728 C:\WINDOWS\ERDNT\AutoBackup\29-04-2010\Users\00000001
29/04/2010 15:55:49 282624 C:\WINDOWS\ERDNT\AutoBackup\29-04-2010\Users\00000002
30/04/2010 08:13:38 37043056 C:\WINDOWS\ERDNT\AutoBackup\30-04-2010
30/04/2010 08:14:09 6500352 C:\WINDOWS\ERDNT\AutoBackup\30-04-2010\Users
30/04/2010 08:14:09 6217728 C:\WINDOWS\ERDNT\AutoBackup\30-04-2010\Users\00000001
30/04/2010 08:14:21 282624 C:\WINDOWS\ERDNT\AutoBackup\30-04-2010\Users\00000002
04/05/2010 10:50:40 37157744 C:\WINDOWS\ERDNT\AutoBackup\04-05-2010
04/05/2010 10:51:13 6508544 C:\WINDOWS\ERDNT\AutoBackup\04-05-2010\Users
04/05/2010 10:51:13 6230016 C:\WINDOWS\ERDNT\AutoBackup\04-05-2010\Users\00000001
04/05/2010 10:51:21 278528 C:\WINDOWS\ERDNT\AutoBackup\04-05-2010\Users\00000002
05/05/2010 07:43:57 37157744 C:\WINDOWS\ERDNT\AutoBackup\05-05-2010
05/05/2010 07:44:26 6508544 C:\WINDOWS\ERDNT\AutoBackup\05-05-2010\Users
05/05/2010 07:44:26 6230016 C:\WINDOWS\ERDNT\AutoBackup\05-05-2010\Users\00000001
05/05/2010 07:44:35 278528 C:\WINDOWS\ERDNT\AutoBackup\05-05-2010\Users\00000002
06/05/2010 11:47:27 37088112 C:\WINDOWS\ERDNT\AutoBackup\06-05-2010
06/05/2010 11:47:45 6512640 C:\WINDOWS\ERDNT\AutoBackup\06-05-2010\Users
06/05/2010 11:47:45 6234112 C:\WINDOWS\ERDNT\AutoBackup\06-05-2010\Users\00000001
06/05/2010 11:47:52 278528 C:\WINDOWS\ERDNT\AutoBackup\06-05-2010\Users\00000002
04/05/2010 10:25:03 37670218 C:\WINDOWS\ERDNT\Hiv-backup
06/05/2010 13:59:14 7065600 C:\WINDOWS\ERDNT\Hiv-backup\Users
06/05/2010 13:59:14 233472 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001
06/05/2010 13:59:15 8192 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002
06/05/2010 13:59:15 6230016 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003
06/05/2010 13:59:19 352256 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004
06/05/2010 13:59:19 233472 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005
06/05/2010 13:59:20 8192 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006
04/05/2010 10:38:17 37655882 C:\WINDOWS\ERDNT\subs
04/05/2010 10:38:32 6995968 C:\WINDOWS\ERDNT\subs\Users
04/05/2010 10:38:32 233472 C:\WINDOWS\ERDNT\subs\Users\00000001
04/05/2010 10:38:33 8192 C:\WINDOWS\ERDNT\subs\Users\00000002
04/05/2010 10:38:33 233472 C:\WINDOWS\ERDNT\subs\Users\00000003
04/05/2010 10:38:33 8192 C:\WINDOWS\ERDNT\subs\Users\00000004
04/05/2010 10:38:33 6230016 C:\WINDOWS\ERDNT\subs\Users\00000005
04/05/2010 10:38:36 282624 C:\WINDOWS\ERDNT\subs\Users\00000006
04/05/2010 10:44:13 21313520 C:\WINDOWS\ERDNT\cache
04/05/2010 10:25:17 212480 32 C:\WINDOWS\SWXCACLS.exe
10/03/2010 19:44:29 6302 32 C:\WINDOWS\KB975561.log
31/03/2010 12:45:08 14922 32 C:\WINDOWS\KB980182.log
14/04/2010 08:08:01 16046 32 C:\WINDOWS\KB979309.log
15/04/2010 08:29:07 10678 32 C:\WINDOWS\KB977816.log
15/04/2010 08:29:28 11222 32 C:\WINDOWS\KB978338.log
28/04/2010 21:36:46 12 32 C:\WINDOWS\srun.log
29/04/2010 12:49:10 1566 32 C:\WINDOWS\lsrslt.ini
15/04/2010 08:29:33 11293 32 C:\WINDOWS\KB981349.log
15/04/2010 08:53:20 6418 32 C:\WINDOWS\KB980232.log
14/04/2010 08:10:23 14319 32 C:\WINDOWS\KB978601.log
15/04/2010 08:53:26 7801 32 C:\WINDOWS\KB979683.log
04/05/2010 10:25:17 136704 32 C:\WINDOWS\SWSC.exe
04/05/2010 10:25:17 98816 32 C:\WINDOWS\sed.exe
29/04/2010 12:50:38 1922930 32 C:\WINDOWS\ntbtlog.txt
04/05/2010 10:25:17 80412 32 C:\WINDOWS\grep.exe
04/05/2010 10:25:17 68096 32 C:\WINDOWS\zip.exe
04/05/2010 10:25:17 161792 32 C:\WINDOWS\SWREG.exe
04/05/2010 10:25:17 256512 32 C:\WINDOWS\PEV.exe
04/05/2010 10:25:17 31232 32 C:\WINDOWS\NIRCMD.exe
04/05/2010 10:25:17 77312 32 C:\WINDOWS\MBR.exe
06/05/2010 13:38:02 145184 32 C:\WINDOWS\system32\java.exe
06/05/2010 13:38:02 145184 32 C:\WINDOWS\system32\javaw.exe
06/05/2010 13:38:02 153376 32 C:\WINDOWS\system32\javaws.exe
06/05/2010 13:38:02 73728 32 C:\WINDOWS\system32\javacpl.cpl
21/03/2010 22:24:18 324 32 C:\WINDOWS\system32\playlog.xml
06/05/2010 13:38:02 411368 32 C:\WINDOWS\system32\deployJava1.dll

====== "\Administrator & All Users\Startup" Last 60 Days======

29/04/2010 12:51:49 84 38 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini


====== "\Program Files" Last 60 Days======

29/04/2010 15:01:56 669389 C:\Program Files\ERUNT
31/03/2010 22:00:29 37376791 C:\Program Files\Veetle
29/04/2010 00:14:34 5069540 C:\Program Files\Malwarebytes' Anti-Malware
05/05/2010 13:06:13 73676340 C:\Program Files\ESET
06/05/2010 13:28:02 62749871 C:\Program Files\Avira
28/04/2010 22:02:55 8347736 C:\Program Files\Intel
22/04/2010 09:43:02 15462931 C:\Program Files\Microsoft Silverlight
08/03/2010 09:29:00 984854 C:\Program Files\Comodo

======"Drivers" Modified Last 60 Days======

08/03/2010 09:52:44 272 32 C:\WINDOWS\system32\drivers\sfi.dat
29/04/2010 00:14:37 20952 32 C:\WINDOWS\system32\drivers\mbam.sys
29/04/2010 00:14:49 38224 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys

====== Files Deleted under "%Temp%" ======

1 Files deleted

======"All Users\Application Data" Last 60 Days======

08/03/2010 09:23:25 52149112 C:\Documents and Settings\All Users\Application Data\Comodo Downloader
08/03/2010 09:52:55 10510880 C:\Documents and Settings\All Users\Application Data\COMODO
08/03/2010 09:55:23 10510880 C:\Documents and Settings\All Users\Application Data\COMODO\Firewall Pro
11/03/2010 12:59:14 3466384 C:\Documents and Settings\All Users\Application Data\Trusteer
11/03/2010 12:59:14 3466384 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport
11/03/2010 12:59:14 1158656 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\logs
11/03/2010 13:02:16 2307728 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store
11/03/2010 13:02:16 2305200 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user
11/03/2010 13:02:52 2299056 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf
11/03/2010 13:02:52 0 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\00000
04/05/2010 11:04:38 2299056 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\18727
04/05/2010 11:04:38 391920 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\18727\logos
04/05/2010 11:04:38 15968 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\18727\strings
11/03/2010 13:02:53 0 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts
11/03/2010 13:03:34 0 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\meta
21/03/2010 21:48:25 0 C:\Documents and Settings\All Users\Application Data\TVU Networks
21/03/2010 21:48:25 0 C:\Documents and Settings\All Users\Application Data\TVU Networks\TVUPlayer
29/04/2010 00:14:39 11017531 C:\Documents and Settings\All Users\Application Data\Malwarebytes
29/04/2010 00:14:40 11017531 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
06/05/2010 13:17:35 154 C:\Documents and Settings\All Users\Application Data\Sun
06/05/2010 13:17:35 154 C:\Documents and Settings\All Users\Application Data\Sun\Java
06/05/2010 13:17:35 154 C:\Documents and Settings\All Users\Application Data\Sun\Java\Java Update
06/05/2010 13:28:02 20328709 C:\Documents and Settings\All Users\Application Data\Avira
06/05/2010 13:28:02 20328709 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop
06/05/2010 13:28:02 0 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTS
06/05/2010 13:28:02 0 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\IDX
06/05/2010 13:28:02 0 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED
06/05/2010 13:28:02 5472 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\JOBS
06/05/2010 13:28:02 96494 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES
06/05/2010 13:28:02 2488 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES
06/05/2010 13:28:02 0 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS
06/05/2010 13:28:02 0 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\SYSSAFE
06/05/2010 13:28:02 20214196 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP
06/05/2010 18:43:37 0 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4c1ec5e9
06/05/2010 13:28:02 0 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\BACKUP
06/05/2010 13:28:02 538 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\CONFIG
06/05/2010 13:28:02 0 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\UPDATE
06/05/2010 13:28:02 9216 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB

====== HKLM\~\ShellServiceObjectDelayLoad======

PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\shell32.dll

CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll

SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll


====== HKLM\~\SharedTaskScheduler======

Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll

Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

======HKLM\~\msconfig\startupreg======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\

====== Services ( Services that are Whitelisted are not shown) ======

avipbb (avipbb)- C:\WINDOWS\system32\DRIVERS\avipbb.sys - System/Running
bcm4sbxp (Broadcom 440x 10/100 Integrated Controller XP Driver)- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys - Manual/Stopped
CAMCAUD (Conexant AMC Audio)- C:\WINDOWS\system32\drivers\camcaud.sys - Manual/Running
CAMCHALA (CAMCHALA)- C:\WINDOWS\system32\drivers\camchal.sys - Manual/Running
DKbFltr (Dritek HotKey Keyboard Filter Driver)- C:\WINDOWS\system32\Drivers\DKbFltr.sys - Manual/Running
EpmPsd (Acer EPM Power Scheme Driver)- \??\C:\WINDOWS\system32\drivers\epm-psd.sys - Auto/Running
EpmShd (Acer EPM System Hardware Driver)- \??\C:\WINDOWS\system32\drivers\epm-shd.sys - Auto/Running
HSFHWICH (HSFHWICH)- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys - Manual/Running
HSF_DPV (HSF_DPV)- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys - Manual/Running
int15.sys (int15.sys)- \??\C:\Program Files\acer\eRecovery\int15.sys - Manual/Running
irda (IrDA Protocol)- C:\WINDOWS\system32\DRIVERS\irda.sys - Auto/Running
MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.6)- C:\WINDOWS\system32\DRIVERS\mdc8021x.sys - Auto/Stopped
NdisIP (Microsoft TV/Video Connection)- C:\WINDOWS\system32\DRIVERS\NdisIP.sys - Manual/Stopped
NSCIRDA (NSC Infrared Device Driver)- C:\WINDOWS\system32\DRIVERS\nscirda.sys - Manual/Running
NTIDrvr (Upper Class Filter Driver)- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys - Manual/Stopped
osaio (osaio)- C:\WINDOWS\system32\drivers\osaio.sys - Auto/Running
osanbm (osanbm)- C:\WINDOWS\system32\drivers\osanbm.sys - Auto/Running
PRISM_A00 (Sitecom Wireless Network PCI adapter g+ WL-121v3)- C:\WINDOWS\system32\DRIVERS\PRISMA00.sys - Manual/Stopped
Rasirda (WAN Miniport (IrDA))- C:\WINDOWS\system32\DRIVERS\rasirda.sys - Manual/Running
s24trans (WLAN Transport)- C:\WINDOWS\system32\DRIVERS\s24trans.sys - Disabled/Stopped
SLIP (BDA Slip De-Framer)- C:\WINDOWS\system32\DRIVERS\SLIP.sys - Manual/Stopped
ssmdrv (ssmdrv)- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys - System/Running
SynTP (Synaptics TouchPad Driver)- C:\WINDOWS\system32\DRIVERS\SynTP.sys - Manual/Running
tap0901 (TAP-Win32 Adapter V9)- C:\WINDOWS\system32\DRIVERS\tap0901.sys - Manual/Stopped
tifm21 (tifm21)- C:\WINDOWS\system32\drivers\tifm21.sys - Manual/Running
UBHelper (UBHelper)- C:\WINDOWS\system32\drivers\UBHelper.sys - System/Stopped
usbsermpt (Motorola USB Modem Driver for MPT)- C:\WINDOWS\system32\DRIVERS\usbsermpt.sys - Manual/Stopped
w29n51 (Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP)- C:\WINDOWS\system32\DRIVERS\w29n51.sys - Manual/Running
WpdUsb (WpdUsb)- C:\WINDOWS\system32\DRIVERS\wpdusb.sys - Manual/Stopped

====== Uninstall List ======

A file named 'UNI.txt' was created and saved to
FileListers default location. Post the results if requested.

======== Other Info ========

TOTAL PHYSICAL RAM: 526 MB

Boot Info

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

OS Type: Microsoft Windows XP Home Edition
Build: 5.1.2600
Service Pack: 3.0

====== Files with Hidden Attributes======

A file named 'Hidden.txt' was created and saved to
FileListers default location. Post the results if requested.

==End of Report==
  • 0

#13
SweetTech
Posted 06 May 2010 - 01:34 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Please confirm that you no longer have Comodo installed on your computer. I would like to remove some of the files and folders that it has left behind, but first want to double check and make sure that you have indeed uninstalled it.

Thanks,
ST.
  • 0

#14
HugoLLoris
Posted 08 May 2010 - 10:53 AM

HugoLLoris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello

Yes it's definitely uninstalled.
  • 0

#15
myrti
Posted 10 May 2010 - 05:22 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

SweetTech is currently unavailable and I'm covering these threads.
How is your PC doing now, still slow? Do you still have the impression that you are running slow?

Let's remove the leftovers from OTL:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :files
C:\WINDOWS\system32\drivers\sfi.dat 
C:\Documents and Settings\All Users\Application Data\Comodo Downloader  
C:\Documents and Settings\All Users\Application Data\COMODO
C:\Windows\tasks\at*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP