Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vmain.class & vload.class [Solved]

Started by surjohn , Jun 04 2010 01:23 AM

  • This topic is locked This topic is locked

#1
surjohn
Posted 04 June 2010 - 01:23 AM

surjohn

    New Member

  • Member
  • Pip
  • 6 posts
Hello, this is my first post here.

My internet was slower than normal then NortonAV detected the vmain.class & vload.class trojans and quarantined them. As i was concerned about my PC being compromised i searched for info and discovered your site. I have followed all the steps you recommend in your malware and spyware cleaning guide but my net connection is still slow despite the all-clear from NAV. Below are my logs, which if you could please check for any problems would be appreciated.

MBAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4163

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

04/06/2010 08:13:55
mbam-log-2010-06-04 (08-13-55).txt

Scan type: Quick scan
Objects scanned: 123217
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-03 23:11:11
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\John\AppData\Local\Temp\pxldypog.sys


---- System - GMER 1.0.15 ----

SSDT 86192160 ZwAlertResumeThread
SSDT 86253810 ZwAlertThread
SSDT 86012BA0 ZwAllocateVirtualMemory
SSDT 86069F08 ZwAlpcConnectPort
SSDT 8628A048 ZwAssignProcessToJobObject
SSDT 86D99FC0 ZwCreateMutant
SSDT 86D96060 ZwCreateSymbolicLinkObject
SSDT 86012FB0 ZwCreateThread
SSDT 861C6048 ZwDebugActiveProcess
SSDT 86012CF8 ZwDuplicateObject
SSDT 86012A00 ZwFreeVirtualMemory
SSDT 8623F048 ZwImpersonateAnonymousToken
SSDT 862D84D0 ZwImpersonateThread
SSDT 86064D70 ZwLoadDriver
SSDT 86012920 ZwMapViewOfSection
SSDT 86240048 ZwOpenEvent
SSDT 86012E98 ZwOpenProcess
SSDT 8616BED0 ZwOpenProcessToken
SSDT 8616A1D0 ZwOpenSection
SSDT 86012DC8 ZwOpenThread
SSDT 86D96008 ZwProtectVirtualMemory
SSDT 86AA4048 ZwResumeThread
SSDT 86CC9048 ZwSetContextThread
SSDT 860127C8 ZwSetInformationProcess
SSDT 86199068 ZwSetSystemInformation
SSDT 8622C048 ZwSuspendProcess
SSDT 86B64048 ZwSuspendThread
SSDT 86219120 ZwTerminateProcess
SSDT 86CC2048 ZwTerminateThread
SSDT 865BD310 ZwUnmapViewOfSection
SSDT 86012AD0 ZwWriteVirtualMemory
SSDT 86D96130 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 820CB880 8 Bytes [60, 21, 19, 86, 10, 38, 25, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 820CB894 4 Bytes [A0, 2B, 01, 86]
.text ntkrnlpa.exe!KeSetEvent + 13D 820CB8A0 4 Bytes [08, 9F, 06, 86]
.text ntkrnlpa.exe!KeSetEvent + 191 820CB8F4 4 Bytes [48, A0, 28, 86]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820CB958 4 Bytes [C0, 9F, D9, 86]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1844] ntdll.dll!RtlEncodeSystemPointer + 873 7786938B 10 Bytes JMP 04BF003A
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CreateDialogParamW 770C72A2 5 Bytes JMP 6C3CDE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!GetAsyncKeyState 770C863C 5 Bytes JMP 6C2E8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!SetWindowsHookExW 770C87AD 5 Bytes JMP 6C3C9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CallNextHookEx 770C8E3B 5 Bytes JMP 6C3BD101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!UnhookWindowsHookEx 770C98DB 5 Bytes JMP 6C33466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!EnableWindow 770CCD8B 5 Bytes JMP 6C3CDCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CreateWindowExW 770D1305 5 Bytes JMP 6C3CDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!GetKeyState 770D8CB1 5 Bytes JMP 6C3CD28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!IsDialogMessageW 770E0745 5 Bytes JMP 6C2F5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CreateDialogParamA 770E17AA 5 Bytes JMP 6C4C53AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!IsDialogMessage 770E1847 5 Bytes JMP 6C4C4C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CreateDialogIndirectParamA 770E26F1 5 Bytes JMP 6C4C53E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CreateDialogIndirectParamW 770E9A62 5 Bytes JMP 6C4C5419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!SetKeyboardState 770F0987 5 Bytes JMP 6C4C4FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxParamW 770F10B0 5 Bytes JMP 6C2F5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxIndirectParamW 770F2EF5 5 Bytes JMP 6C4C473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!SendInput 770F2F75 5 Bytes JMP 6C4C5B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!EndDialog 770F326E 5 Bytes JMP 6C2F7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!SetCursorPos 77106FB2 5 Bytes JMP 6C4C5BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxParamA 77108152 5 Bytes JMP 6C4C46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxIndirectParamA 7710847D 5 Bytes JMP 6C4C47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxIndirectA 7711D4D9 5 Bytes JMP 6C4C4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxIndirectW 7711D5D3 5 Bytes JMP 6C4C4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxExA 7711D639 5 Bytes JMP 6C4C45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxExW 7711D65D 5 Bytes JMP 6C4C4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!keybd_event 7711D972 5 Bytes JMP 6C4C5EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] SHELL32.dll!SHRestricted + D95 75F78988 4 Bytes [4D, 30, 88, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] SHELL32.dll!SHRestricted + D9D 75F78990 8 Bytes [57, 2F, 88, 6E, 9C, 5B, 87, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] ole32.dll!OleLoadFromStream 76CF1E12 5 Bytes JMP 6C4C4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] ole32.dll!CoGetTreatAsClass + D2F 76D0FAB7 7 Bytes JMP 04BF01A9
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] ole32.dll!CoCreateInstance 76D29EA6 5 Bytes JMP 6C3CDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1844] ole32.dll!CoCreateInstance + 3E 76D29EE4 7 Bytes JMP 04BF00F3
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!CreateWindowExW 770D1305 5 Bytes JMP 6C3CDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!DialogBoxParamW 770F10B0 5 Bytes JMP 6C2F5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!DialogBoxIndirectParamW 770F2EF5 5 Bytes JMP 6C4C473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!DialogBoxParamA 77108152 5 Bytes JMP 6C4C46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!DialogBoxIndirectParamA 7710847D 5 Bytes JMP 6C4C47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!MessageBoxIndirectA 7711D4D9 5 Bytes JMP 6C4C4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!MessageBoxIndirectW 7711D5D3 5 Bytes JMP 6C4C4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!MessageBoxExA 7711D639 5 Bytes JMP 6C4C45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] USER32.dll!MessageBoxExW 7711D65D 5 Bytes JMP 6C4C4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] ntdll.dll!RtlEncodeSystemPointer + 873 7786938B 10 Bytes JMP 03E000AF
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!CreateDialogParamW 770C72A2 5 Bytes JMP 6C3CDE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!GetAsyncKeyState 770C863C 5 Bytes JMP 6C2E8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!SetWindowsHookExW 770C87AD 5 Bytes JMP 6C3C9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!CallNextHookEx 770C8E3B 5 Bytes JMP 6C3BD101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!UnhookWindowsHookEx 770C98DB 5 Bytes JMP 6C33466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!EnableWindow 770CCD8B 5 Bytes JMP 6C3CDCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!CreateWindowExW 770D1305 5 Bytes JMP 6C3CDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!GetKeyState 770D8CB1 5 Bytes JMP 6C3CD28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!IsDialogMessageW 770E0745 5 Bytes JMP 6C2F5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!CreateDialogParamA 770E17AA 5 Bytes JMP 6C4C53AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!IsDialogMessage 770E1847 5 Bytes JMP 6C4C4C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!CreateDialogIndirectParamA 770E26F1 5 Bytes JMP 6C4C53E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!CreateDialogIndirectParamW 770E9A62 5 Bytes JMP 6C4C5419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!SetKeyboardState 770F0987 5 Bytes JMP 6C4C4FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!DialogBoxParamW 770F10B0 5 Bytes JMP 6C2F5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!DialogBoxIndirectParamW 770F2EF5 5 Bytes JMP 6C4C473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!SendInput 770F2F75 5 Bytes JMP 6C4C5B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!EndDialog 770F326E 5 Bytes JMP 6C2F7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!SetCursorPos 77106FB2 5 Bytes JMP 6C4C5BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!DialogBoxParamA 77108152 5 Bytes JMP 6C4C46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!DialogBoxIndirectParamA 7710847D 5 Bytes JMP 6C4C47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!MessageBoxIndirectA 7711D4D9 5 Bytes JMP 6C4C4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!MessageBoxIndirectW 7711D5D3 5 Bytes JMP 6C4C4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!MessageBoxExA 7711D639 5 Bytes JMP 6C4C45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!MessageBoxExW 7711D65D 5 Bytes JMP 6C4C4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] USER32.dll!keybd_event 7711D972 5 Bytes JMP 6C4C5EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] SHELL32.dll!SHRestricted + D95 75F78988 4 Bytes [4D, 30, 88, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] SHELL32.dll!SHRestricted + D9D 75F78990 8 Bytes [57, 2F, 88, 6E, 9C, 5B, 87, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] ole32.dll!OleLoadFromStream 76CF1E12 5 Bytes JMP 6C4C4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] ole32.dll!CoGetTreatAsClass + D2F 76D0FAB7 7 Bytes JMP 03E00451
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] ole32.dll!CoCreateInstance 76D29EA6 5 Bytes JMP 6C3CDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4480] ole32.dll!CoCreateInstance + 3E 76D29EE4 7 Bytes JMP 03E0039B

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


OTL log:
OTL logfile created on: 03/06/2010 23:13:03 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\John\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.70 Gb Total Space | 14.97 Gb Free Space | 15.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.28 Gb Free Space | 52.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-PC
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/03 23:04:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/11/16 20:58:38 | 000,839,168 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe


========== Modules (SafeList) ==========

MOD - [2010/06/03 23:04:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
MOD - [2010/05/14 06:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 09:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 09:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/05/28 20:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100528.003\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/27 12:49:25 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/27 12:49:24 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/11 01:42:41 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100603.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/11 01:42:41 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100603.005\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/06 05:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 18:44:04 | 000,537,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/04/29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/17 00:45:08 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/26 01:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2009/10/15 04:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/12/03 20:32:42 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/12/03 12:58:16 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/03/19 13:11:52 | 000,103,680 | ---- | M] (AMOI Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\S2usbser.sys -- (S2usbser)
DRV - [2007/10/05 13:29:00 | 000,107,264 | ---- | M] (e3C, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EC168BDA.sys -- (EC168BDA)
DRV - [2007/04/01 02:39:42 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/04/01 02:39:42 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/04/01 02:39:42 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/02/08 06:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/01/26 00:45:02 | 000,006,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2006/12/12 10:49:56 | 001,476,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/28 00:14:18 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/11/20 20:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 20:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 20:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/18 00:52:38 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/12 00:10:40 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/12 00:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/12 00:10:38 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/12 00:10:38 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcaudsl.sys -- (alcaudsl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {a5682e73-386d-43eb-a4d3-271157a8a617} - C:\Program Files\Love_Systems\tbLove.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...amp;ibd=2070401
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.....mail.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {a5682e73-386d-43eb-a4d3-271157a8a617} - C:\Program Files\Love_Systems\tbLove.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://login.yahoo....rc=ym&.intl=uk"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/27 12:48:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/03/17 00:57:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/12 15:23:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/02 17:22:18 | 000,000,000 | ---D | M]

[2010/01/03 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2010/01/03 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/06/03 14:58:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions
[2009/08/04 18:18:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/30 21:39:21 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/10/20 14:48:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/10/02 05:19:12 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions\[email protected]
[2009/11/25 04:56:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions\[email protected]
[2010/06/02 17:37:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions\[email protected]
[2010/06/02 17:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/19 11:35:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/02 17:09:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/01/08 01:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/06/02 17:08:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/02 17:18:30 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/05/12 15:23:38 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/05/12 15:23:38 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/05/12 15:23:38 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/05/12 15:23:38 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Diigo Toolbar Helper) - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O2 - BHO: (Love Systems Toolbar) - {a5682e73-386d-43eb-a4d3-271157a8a617} - C:\Program Files\Love_Systems\tbLove.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Diigo Toolbar) - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Love Systems Toolbar) - {a5682e73-386d-43eb-a4d3-271157a8a617} - C:\Program Files\Love_Systems\tbLove.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Love Systems Toolbar) - {A5682E73-386D-43EB-A4D3-271157A8A617} - C:\Program Files\Love_Systems\tbLove.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O9 - Extra Button: Diigo - {B952F2E0-5F9F-4898-89A8-4FB770625E09} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{09ffc887-4a13-11df-97b3-0019b95d7c55}\Shell - "" = AutoRun
O33 - MountPoints2\{09ffc887-4a13-11df-97b3-0019b95d7c55}\Shell\AutoRun\command - "" = F:\AutoInstall.exe -- File not found
O33 - MountPoints2\{23857929-c8e1-11de-bd8d-0019b95d7c55}\Shell - "" = AutoRun
O33 - MountPoints2\{23857929-c8e1-11de-bd8d-0019b95d7c55}\Shell\AutoRun\command - "" = F:\AutoInstall.exe -- File not found
O33 - MountPoints2\{6162ec7d-76c6-11de-aa89-0019b95d7c55}\Shell - "" = AutoRun
O33 - MountPoints2\{6162ec7d-76c6-11de-aa89-0019b95d7c55}\Shell\AutoRun\command - "" = F:\AutoInstall.exe -- File not found
O33 - MountPoints2\{e5557d81-9790-11dc-bcfb-0019b95d7c55}\Shell\AutoRun\command - "" = F:\.\MigWiz\migsetup.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\MigWiz\migsetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/31 05:40:05 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/06/03 23:04:03 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2010/06/03 20:37:38 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\OpenDNS Updater
[2010/06/03 20:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDNS Updater
[2010/06/02 17:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/06/02 17:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2010/06/02 17:22:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/02 17:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/06/02 17:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/06/02 15:24:55 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\GeekToGo
[2010/06/02 14:28:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2010/06/02 14:28:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/02 14:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/02 14:28:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/02 14:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/02 14:23:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/02 14:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/20 14:54:45 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\Books
[2010/05/14 19:20:51 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Media Player Classic
[2010/05/14 19:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema
[2010/05/12 15:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/04/16 12:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/16 12:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/16 12:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/16 12:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/16 12:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/26 03:25:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CrashDumps
[2010/03/10 17:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\Diigo

========== Files - Modified Within 90 Days ==========

[2010/06/03 23:15:27 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F94D9F01-74D1-44D2-84AF-39B03312628F}.job
[2010/06/03 23:14:12 | 001,926,226 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\Cat.DB
[2010/06/03 23:13:19 | 003,670,016 | -HS- | M] () -- C:\Users\John\NTUSER.DAT
[2010/06/03 23:04:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2010/06/03 23:01:15 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/03 23:01:15 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/03 21:01:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/03 21:01:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/03 20:59:46 | 000,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 20:59:46 | 000,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/06/03 20:59:39 | 002,484,514 | -H-- | M] () -- C:\Users\John\AppData\Local\IconCache.db
[2010/06/03 12:28:54 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/03 12:28:54 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/03 12:28:54 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/02 21:21:32 | 000,001,786 | ---- | M] () -- C:\Users\John\Desktop\Update Checker.lnk
[2010/05/31 19:52:21 | 145,978,794 | ---- | M] () -- C:\Users\John\Desktop\Gilles_Peterson-live_on_radio_1-05-26-2010.mp3
[2010/05/30 20:00:00 | 000,000,602 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - John.job
[2010/05/25 12:18:06 | 144,390,270 | ---- | M] () -- C:\Users\John\Desktop\Gilles_Peterson-live_on_radio_1-05-19-2010 with James Blake.mp3
[2010/05/14 07:40:03 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\isolate.ini
[2010/05/06 05:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/05/06 05:01:43 | 000,001,473 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/05/06 05:01:43 | 000,001,445 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\symnet.inf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/04/29 06:03:51 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\iron.cat
[2010/04/29 06:03:51 | 000,000,741 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\iron.inf
[2010/04/28 18:10:31 | 000,325,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/26 09:18:40 | 000,007,873 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\symefa.cat
[2010/04/24 12:31:04 | 000,003,373 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\symefa.inf
[2010/04/22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\symefa.sys
[2010/04/22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/04/22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/04/22 03:29:50 | 000,007,442 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/04/22 03:29:50 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/04/22 03:29:50 | 000,001,388 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/04/22 03:29:50 | 000,001,382 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/04/01 13:33:22 | 000,072,192 | ---- | M] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/17 00:45:08 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/03/17 00:45:08 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/03/17 00:45:08 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

========== Files Created - No Company Name ==========

[2010/06/02 21:21:32 | 000,001,786 | ---- | C] () -- C:\Users\John\Desktop\Update Checker.lnk
[2010/05/31 19:52:19 | 145,978,794 | ---- | C] () -- C:\Users\John\Desktop\Gilles_Peterson-live_on_radio_1-05-26-2010.mp3
[2010/05/25 12:18:03 | 144,390,270 | ---- | C] () -- C:\Users\John\Desktop\Gilles_Peterson-live_on_radio_1-05-19-2010 with James Blake.mp3
[2009/09/01 16:33:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/29 02:50:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\PCSuiteShareFile.ini
[2009/07/29 02:50:20 | 000,000,023 | ---- | C] () -- C:\Windows\System32\PCSuiteConfigFile.ini
[2009/07/29 02:50:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\PCSuiteParamFile.ini
[2008/11/30 15:34:13 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/08/18 23:21:28 | 000,000,014 | ---- | C] () -- C:\Windows\System32\SystemInfo32.sys
[2008/08/05 23:02:12 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/05 22:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/08/05 22:59:04 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/08/05 22:58:14 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/07/17 21:58:49 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/07/17 21:58:48 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/02/29 05:14:04 | 000,223,744 | ---- | C] () -- C:\Windows\System32\b4fm.dll
[2007/09/29 17:33:14 | 000,000,163 | ---- | C] () -- C:\Windows\wininit.ini
[2007/06/12 20:24:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/06/02 16:44:29 | 002,067,140 | R--- | C] () -- C:\Windows\System32\avcodec.dll
[2007/05/26 21:27:07 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007/04/08 11:27:06 | 000,005,606 | ---- | C] () -- C:\Windows\System32\stci.dll
[2007/04/01 02:40:13 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2007/04/01 02:40:13 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/04/01 02:40:13 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/04/01 02:39:57 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/04/01 02:39:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/03/31 19:01:31 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/01/26 00:45:02 | 000,006,784 | ---- | C] () -- C:\Windows\System32\drivers\whfltr2k.sys
[2006/12/12 11:13:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2006/12/12 10:02:50 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2008/07/03 16:35:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Auslogics
[2007/05/26 22:18:05 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Autodesk
[2010/01/25 01:24:35 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/04/02 15:39:54 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BitTorrent
[2007/06/12 20:47:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ConvertTemp
[2010/02/17 00:20:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DNA
[2008/11/29 18:20:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Free Audio Editor
[2009/07/29 15:41:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\NCH Swift Sound
[2010/06/03 20:37:38 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenDNS Updater
[2008/12/18 22:10:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenOffice.org
[2008/12/03 12:58:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Recordpad
[2008/12/03 20:33:47 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Samsung
[2010/01/30 12:50:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Skinux
[2010/06/03 20:21:38 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Spotify
[2007/06/12 20:47:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Temporary
[2010/01/03 12:54:32 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TomTom
[2007/10/28 15:14:47 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TransRender
[2010/06/03 20:59:51 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/03 23:15:27 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F94D9F01-74D1-44D2-84AF-39B03312628F}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 22:59:07 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/06/12 21:09:34 | 000,000,000 | ---- | M] () -- C:\conmgr.log
[2007/04/01 02:40:21 | 000,004,098 | RH-- | M] () -- C:\dell.sdr
[2008/01/22 10:48:45 | 000,005,370 | ---- | M] () -- C:\DeviceLink.log
[2008/08/18 23:29:09 | 000,000,000 | ---- | M] () -- C:\dxva.log
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/05/23 16:39:38 | 000,000,178 | ---- | M] () -- C:\INSTALL.LOG
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/11/25 02:54:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/05/10 19:38:32 | 000,000,017 | ---- | M] () -- C:\log.txt
[2009/11/25 02:54:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/08/29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2007/06/12 21:11:35 | 000,001,897 | ---- | M] () -- C:\NServer.log
[2010/06/03 21:00:50 | 2451,267,584 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2008/08/18 23:29:09 | 000,000,000 | ---- | M] () -- C:\VO.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/28 00:09:16 | 000,065,536 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\John\Main Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\Samsung PC Studio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\Remote Assistance Logs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\My PSP Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\My Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\My Art:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\Etc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\Dell Laptop:Roxio EMC Stream
< End of report >


Extras log:
OTL Extras logfile created on: 03/06/2010 23:13:03 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\John\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.70 Gb Total Space | 14.97 Gb Free Space | 15.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.28 Gb Free Space | 52.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-PC
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3D9A16D0-E86C-4DFF-9CAA-3489F437B0E1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4DB9CFE3-EB36-4621-AD2C-CB4D701C7994}" = lport=86 | protocol=6 | dir=in | name=broadcam web server |
"{D90650C2-9301-45D4-BB67-197BDB100185}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D52F6EF-011C-4322-8F81-C35CB2C67881}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{3F83CFDF-D7A4-4050-96B1-638489E6A980}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{50E623AE-DB7D-4454-83FF-3E0D709E0BC2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5AE94D2A-EF0F-4D39-826D-0579BD3B56A9}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{5EA2DEF8-D561-46F2-AAF5-EE67F4B6ED17}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7677BAFB-9A27-426C-AF0D-E433F1195214}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{9AB32E90-663A-4376-AF4B-B2CB14E8A2C5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C37E664-30DC-40F9-AF18-4B499130752B}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{9C61B547-8B14-42B1-8D2C-B031A7A747A9}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{9EB566A9-4C3C-4C2C-A9AE-3BBB570A41A0}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{B4380364-D2E5-4736-B3B1-4F101B2F7937}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{BDA8A415-EC8E-4830-A4FC-041088093861}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CC0CBE13-56CB-4FB6-87CA-2E97493985B7}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{ED51A0B3-94C0-4BAD-9CBC-DA4505D99092}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{F136D385-BB6F-4E5B-8C0C-67CAAC0D0D02}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20F0F67B-CB0F-4C85-B6F2-133D9CB70614}" = Samsung PC Studio
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{A0CD0434-C975-4E5B-989B-066CE4D35597}" = USB DVB-T TV Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{CCBEE2A5-D0D2-4E0C-8550-4C7F2B78FA62}" = USB DVB-T TV Tuner
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECFDD53-35DB-4235-9363-7964A0C88E0E}" = Samsung PC Studio
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DiigoToolbar" = Diigo Toolbar for Internet Explorer
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader" = Foxit Reader
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{A0CD0434-C975-4E5B-989B-066CE4D35597}" = USB DVB-T TV Driver
"Love_Systems Toolbar" = Love_Systems Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"Mp3 Knife_is1" = Mp3 Knife 3.2
"N360" = Norton 360
"OpD2d" = OpD2d
"OpenDNS Updater" = OpenDNS Updater 2.2
"RealPlayer 12.0" = RealPlayer
"Soulseek" = SoulSeek Client 156c
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Veoh Web Player Beta" = Veoh Web Player
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/06/2010 08:52:52 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6740

Error - 01/06/2010 08:52:52 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6740

Error - 01/06/2010 08:52:53 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01/06/2010 08:52:53 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7863

Error - 01/06/2010 08:52:53 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7863

Error - 01/06/2010 14:36:19 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01/06/2010 14:36:19 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15741

Error - 01/06/2010 14:36:19 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15741

Error - 01/06/2010 21:28:13 | Computer Name = John-PC | Source = EventSystem | ID = 4621
Description =

Error - 03/06/2010 17:48:17 | Computer Name = John-PC | Source = Perflib | ID = 1010
Description =

[ Broadcom Wireless LAN Events ]
Error - 12/01/2010 14:37:16 | Computer Name = John-PC | Source = WLAN-Tray | ID = 0
Description = 18:37:16, Tue, Jan 12, 10 Error - Unable to gain access to user store


[ System Events ]
Error - 02/06/2010 09:18:58 | Computer Name = John-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 02/06/2010 12:22:27 | Computer Name = John-PC | Source = DCOM | ID = 10005
Description =

Error - 02/06/2010 12:22:28 | Computer Name = John-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 02/06/2010 12:22:28 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02/06/2010 13:32:33 | Computer Name = John-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 02/06/2010 16:12:55 | Computer Name = John-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 02/06/2010 19:05:45 | Computer Name = John-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 03/06/2010 07:14:10 | Computer Name = John-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 03/06/2010 13:04:21 | Computer Name = John-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 03/06/2010 16:02:22 | Computer Name = John-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

Advertisements

#2
andrewuk
Posted 05 June 2010 - 11:56 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hello surjohn

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


also:

We will run OTL , but go for a shortened log.
  • Close all windows and open it by double clicking on the icon
  • we are targetting a selective output, hence:
    • on the left hand side, in the box titled "Processes" select none
    • on the left hand side, in the box titled "Drivers" select none
    • on the left hand side, in the box titled "Extra Registry" select none
    • on the right hand side, in the box titled "Files created within" select none
    • on the right hand side, in the box titled "Files modified within" select none
    • >>>> so, you should only have "Services", "Standard Registry" and "Modules" selected for Use Safelist
    • tick both the boxes marked Purity check and Lop check
  • Click Run Scan and let the program run uninterrupted
  • It will produce one log for you called OTL.txt. Please post that log here in reply.
  • You may need to use two posts to get it all on the forum
andrewuk
  • 0

#3
surjohn
Posted 06 June 2010 - 05:32 AM

surjohn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for your help AndrewUK. My internet speed does seem back to normal but here are my log files anyway.


ComboFix 10-06-05.02 - John 06/06/2010 11:35:17.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2038.1258 [GMT 1:00]
Running from: c:\users\John\Desktop\ComboFix1.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 10:43 . 2010-06-06 10:43 -------- d-----w- c:\users\John\AppData\Local\temp
2010-06-06 10:43 . 2010-06-06 10:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-03 19:37 . 2010-06-03 19:37 -------- d-----w- c:\users\John\AppData\Roaming\OpenDNS Updater
2010-06-03 19:37 . 2010-06-03 19:37 -------- d-----w- c:\program files\OpenDNS Updater
2010-06-02 16:44 . 2010-06-02 16:44 -------- d-----w- c:\program files\Auslogics
2010-06-02 16:36 . 2010-06-02 16:36 -------- d-----w- c:\program files\FileHippo.com
2010-06-02 16:19 . 2010-06-02 16:20 -------- d-----w- c:\program files\Ask.com
2010-06-02 16:19 . 2010-06-02 16:19 -------- d-----w- c:\program files\Foxit Software
2010-06-02 16:09 . 2010-06-02 16:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-02 13:28 . 2010-06-02 13:28 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
2010-06-02 13:28 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 13:28 . 2010-06-02 13:28 -------- d-----w- c:\programdata\Malwarebytes
2010-06-02 13:28 . 2010-06-02 13:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 13:28 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 13:22 . 2010-06-02 13:23 -------- d-----w- c:\program files\ERUNT
2010-05-27 11:56 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-14 18:20 . 2010-05-14 18:22 -------- d-----w- c:\users\John\AppData\Roaming\Media Player Classic
2010-05-14 18:20 . 2010-05-14 18:20 -------- d-----w- c:\program files\MPC HomeCinema
2010-05-12 14:20 . 2010-05-12 14:20 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-05-12 11:16 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 11:37 . 2010-05-11 11:37 655360 ----a-w- c:\users\John\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-11 11:37 . 2010-05-11 11:37 282624 ----a-w- c:\users\John\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-11 11:37 . 2010-05-11 11:37 208896 ----a-w- c:\users\John\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 10:44 . 2008-05-07 19:30 -------- d-----w- c:\programdata\Kontiki
2010-06-06 01:27 . 2009-06-15 19:00 -------- d-----w- c:\users\John\AppData\Roaming\Spotify
2010-06-05 14:27 . 2008-12-18 21:10 1 ----a-w- c:\users\John\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-05 10:08 . 2009-08-22 13:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 16:22 . 2007-06-16 22:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-02 16:13 . 2007-03-31 17:56 -------- d-----w- c:\program files\Common Files\Java
2010-06-02 15:08 . 2007-03-31 17:56 -------- d-----w- c:\program files\Java
2010-05-12 11:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 11:53 . 2010-01-25 00:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-16 11:44 . 2010-04-16 11:42 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-16 11:44 . 2010-04-16 11:42 -------- d-----w- c:\program files\iTunes
2010-04-16 11:42 . 2010-04-16 11:42 -------- d-----w- c:\program files\iPod
2010-04-16 11:42 . 2008-08-28 07:17 -------- d-----w- c:\program files\Common Files\Apple
2010-04-16 11:40 . 2010-04-16 11:39 -------- d-----w- c:\program files\QuickTime
2010-04-16 11:32 . 2010-04-16 11:32 -------- d-----w- c:\program files\Bonjour
2010-04-16 11:31 . 2010-04-16 11:31 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-16 23:45 . 2009-04-09 14:44 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2008-06-30 12:44 . 2008-09-26 20:41 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2007-04-01 01:39 . 2007-04-01 01:39 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a5682e73-386d-43eb-a4d3-271157a8a617}"= "c:\program files\Love_Systems\tbLove.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{a5682e73-386d-43eb-a4d3-271157a8a617}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a5682e73-386d-43eb-a4d3-271157a8a617}]
2010-02-22 12:05 2353176 ----a-w- c:\program files\Love_Systems\tbLove.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-07-21 23:08 806912 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-07-21 806912]
"{a5682e73-386d-43eb-a4d3-271157a8a617}"= "c:\program files\Love_Systems\tbLove.dll" [2010-02-22 2353176]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CLASSES_ROOT\clsid\{a5682e73-386d-43eb-a4d3-271157a8a617}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-07-21 806912]
"{A5682E73-386D-43EB-A4D3-271157A8A617}"= "c:\program files\Love_Systems\tbLove.dll" [2010-02-22 2353176]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CLASSES_ROOT\clsid\{a5682e73-386d-43eb-a4d3-271157a8a617}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2009-11-16 839168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-31 50688]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-3-31 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):40,50,3e,34,6e,2b,ca,01

R3 EC168BDA;EC168BDA service;c:\windows\system32\DRIVERS\EC168BDA.sys [2007-10-05 107264]
R3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\S2usbser.sys [2008-03-19 103680]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [2010-04-29 537136]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100528.003\IDSvix86.sys [2010-05-28 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS [2010-05-06 339504]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe [2010-02-26 126392]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-05-30 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - John.job
- c:\program files\Norton 360\Engine\4.2.0.12\navw32.exe [2010-05-25 05:34]

2010-06-06 c:\windows\Tasks\User_Feed_Synchronization-{F94D9F01-74D1-44D2-84AF-39B03312628F}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.....mail.yahoo.com
uInternet Settings,ProxyOverride = *.local
TCP: {0D9B0A87-FB16-4852-9BC4-D807245A8191} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?&.src=ym&.intl=uk
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\users\John\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 11:43
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-06 11:48:21
ComboFix-quarantined-files.txt 2010-06-06 10:48

Pre-Run: 11,022,360,576 bytes free
Post-Run: 15,039,381,504 bytes free

- - End Of File - - 5B5B8BC058C23C9E7171D06F18B6EE3C


--------------------------------------------------------------------------------------------



OTL logfile created on: 06/06/2010 12:18:53 - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\John\Desktop\GeekToGo
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.70 Gb Total Space | 13.96 Gb Free Space | 14.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.62 Gb Free Space | 56.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-PC
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Modules (SafeList) ==========

MOD - [2010/06/03 23:04:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\GeekToGo\OTL.exe
MOD - [2010/05/14 06:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 09:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 09:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {a5682e73-386d-43eb-a4d3-271157a8a617} - C:\Program Files\Love_Systems\tbLove.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.....mail.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {a5682e73-386d-43eb-a4d3-271157a8a617} - C:\Program Files\Love_Systems\tbLove.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://login.yahoo....rc=ym&.intl=uk"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/27 12:48:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/03/17 00:57:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/12 15:23:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/02 17:22:18 | 000,000,000 | ---D | M]

[2010/01/03 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2010/01/03 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/06/03 14:58:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions
[2009/08/04 18:18:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/30 21:39:21 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/10/20 14:48:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/10/02 05:19:12 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions\[email protected]
[2009/11/25 04:56:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions\[email protected]
[2010/06/02 17:37:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jlg4j2q1.default\extensions\[email protected]
[2010/06/02 17:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/19 11:35:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/02 17:09:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/01/08 01:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/06/02 17:08:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/02 17:18:30 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/05/12 15:23:38 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/05/12 15:23:38 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/05/12 15:23:38 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/05/12 15:23:38 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/06 11:43:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Diigo Toolbar Helper) - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O2 - BHO: (Love Systems Toolbar) - {a5682e73-386d-43eb-a4d3-271157a8a617} - C:\Program Files\Love_Systems\tbLove.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Diigo Toolbar) - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Love Systems Toolbar) - {a5682e73-386d-43eb-a4d3-271157a8a617} - C:\Program Files\Love_Systems\tbLove.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Love Systems Toolbar) - {A5682E73-386D-43EB-A4D3-271157A8A617} - C:\Program Files\Love_Systems\tbLove.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Diigo - {B952F2E0-5F9F-4898-89A8-4FB770625E09} - C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll (Diigo inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== LOP Check ==========

[2008/07/03 16:35:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Auslogics
[2007/05/26 22:18:05 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Autodesk
[2010/01/25 01:24:35 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/04/02 15:39:54 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BitTorrent
[2007/06/12 20:47:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ConvertTemp
[2010/02/17 00:20:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DNA
[2008/11/29 18:20:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Free Audio Editor
[2009/07/29 15:41:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\NCH Swift Sound
[2010/06/03 20:37:38 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenDNS Updater
[2008/12/18 22:10:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenOffice.org
[2008/12/03 12:58:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Recordpad
[2008/12/03 20:33:47 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Samsung
[2010/01/30 12:50:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Skinux
[2010/06/06 02:27:06 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Spotify
[2007/06/12 20:47:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Temporary
[2010/01/03 12:54:32 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TomTom
[2007/10/28 15:14:47 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TransRender
[2010/06/06 11:58:59 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/06 12:15:15 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F94D9F01-74D1-44D2-84AF-39B03312628F}.job

========== Purity Check ==========


< End of report >
  • 0

#4
andrewuk
Posted 06 June 2010 - 02:27 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
broadly, that looks clear. just a few items to clear, but we will do that in the next post once we have the results of the scans below.

in this post we will do some general scans to clear out the remnants and ensure nothing else sneaked onto your machine.

the scans will likely take 4 hours, quite possibly much longer. so just let them run.

i also want to scan several files that i do not recognise.

also, is this your ISP?
Cable Online Ltd, NTL Internet, Crawley Court, Winchester, Hampshire, SO21 2QA



====STEP 1====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



====STEP 2====
we will update and re-run your malwarebytes:

double click the malwarebytes icon on your desktop to open the program
  • on the tabs at the top, select Update and then press the Check for Updates button on that page. If an update is found, it will download and install the latest version.
  • once complete (a new version of malwarebytes may download) select the tab Scanner
  • select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



====STEP 3====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


====STEP 4====
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page (you may have to use the browse button):

    • C:\Windows\WindowsMobile\wcescomm.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. . . . . if the copy function does not work then copy the url link in your reply.
  • Paste the contents of the Clipboard in your next reply (you will need to paste the link onto a notepad before you do the other scans below, else the contents of your clipboard will be written over with the new links).
Could you do the same for the following files:
  • C:\Windows\WindowsMobile\rapimgr.dll
  • C:\Program Files\Diigo\DiigoToolbar.4.0.2.dll
  • c:\windows\system32\DRIVERS\S2usbser.sys
  • C:\Program Files\Love_Systems\tbLove.dll


====STEP 5====
Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post)

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java if required:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 20 .
  • Click the JDK 6 Update 20 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u20-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u20-windows-i586.exe and select "Run as an Administrator.")
In your next reply could i see:
1. the answer to the ISP question
2. the malwarebytes log
3. the superantispyware log
4. the 5 virscan logs or links
5. the kaspersky log


The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#5
surjohn
Posted 07 June 2010 - 07:26 AM

surjohn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Kaspersky can download and update but shows a null status. I have administrator status, Java v20 and disable nortonAV but it won't run the scan even after an hour.
  • 0

#6
andrewuk
Posted 07 June 2010 - 08:08 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
try this one:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#7
surjohn
Posted 08 June 2010 - 06:38 AM

surjohn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
1. My ISP is Virgin Media Ltd, PO Box 50, Wythenshawe, Manchester, M22 0BA.

2.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4173

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

06/06/2010 23:57:59
mbam-log-2010-06-06 (23-57-59).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 232133
Time elapsed: 1 hour(s), 44 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


3.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/07/2010 at 02:55 AM

Application Version : 4.38.1004

Core Rules Database Version : 5038
Trace Rules Database Version: 2850

Scan type : Complete Scan
Total Scan Time : 02:45:43

Memory items scanned : 619
Memory threats detected : 0
Registry items scanned : 5853
Registry threats detected : 8
File items scanned : 115369
File threats detected : 45

Trojan.Agent/Gen-Burn4Free
HKLM\Software\Classes\CLSID\{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}
HKCR\CLSID\{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}
HKCR\CLSID\{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}
HKCR\CLSID\{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}\InprocServer32
HKCR\CLSID\{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}\InprocServer32#ThreadingModel
HKCR\CLSID\{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}\ProgID
HKCR\b4fm.SxContextMenu1
HKCR\b4fm.SxContextMenu1\Clsid
C:\WINDOWS\SYSTEM32\B4FM.DLL

Adware.Flash Tracking Cookie
C:\Users\John\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2U5ULQM6\IA.MEDIA-IMDB.COM
C:\Users\John\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2U5ULQM6\S0.2MDN.NET

Adware.Tracking Cookie
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@adbrite[2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@adtech[1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@advertising[2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@adviva[2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@apmebf[1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@atdmt[1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@chitika[1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@collective-media[1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@doubleclick[1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@elitemotorcompany[1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@hitbox[1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@invitemedia[2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@media6degrees[1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@mediaplex[2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@questionmarket[1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@revsci[1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@serving-sys[2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@smartadserver[2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@specificclick[2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@tacoda[2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@tradedoubler[1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@tribalfusion[2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@xiti[1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@yieldmanager[1].txt


4.

VirSCAN.org Scanned Report :
Scanned time : 2010/06/07 10:57:04 (BST)
Scanner results: Scanners did not find malware!
File Name : DiigoToolbar.4.0.2.dll
File Size : 2114048 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : d8ab31973fd6927ed72f8172327395ce
SHA1 : 7b48048c3b3c86f3a115a076e380ae361e8032a6
Online report : http://virscan.org/r...fcabf02f07.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.11 20100607050114 2010-06-07 0.08 -
AhnLab V3 2010.06.07.06 2010.06.07 2010-06-07 0.08 -
AntiVir 8.2.2.6 7.10.7.253 2010-06-07 0.28 -
Antiy 2.0.18 20100602.4613711 2010-06-02 0.02 -
Arcavir 2009 201006060939 2010-06-06 0.24 -
Authentium 5.1.1 201006061311 2010-06-06 4.09 -
AVAST! 4.7.4 100607-0 2010-06-07 0.12 -
AVG 8.5.793 271.1.1/2922 2010-06-07 0.29 -
BitDefender 7.90123.6157742 7.32080 2010-06-07 3.95 -
ClamAV 0.96.1 11148 2010-06-07 0.38 -
Comodo 3.13.579 5016 2010-06-07 0.09 -
CP Secure 1.3.0.5 2010.06.05 2010-06-05 0.54 -
Dr.Web 5.0.2.3300 2010.06.07 2010-06-07 8.29 -
F-Prot 4.4.4.56 20100606 2010-06-06 4.25 -
F-Secure 7.02.73807 2010.06.07.02 2010-06-07 10.86 -
Fortinet 4.1.133 12.27 2010-06-07 0.08 -
GData 21.310/21.102 20100607 2010-06-07 0.10 -
ViRobot 20100607 2010.06.07 2010-06-07 0.10 -
Ikarus T3.1.01.84 2010.06.07.76015 2010-06-07 8.75 -
JiangMin 13.0.900 2010.06.07 2010-06-07 0.08 -
Kaspersky 5.5.10 2010.06.07 2010-06-07 0.10 -
KingSoft 2009.2.5.15 2010.6.7.15 2010-06-07 0.08 -
McAfee 5400.1158 6005 2010-06-06 22.43 -
Microsoft 1.5802 2010.06.07 2010-06-07 0.17 -
Norman 6.04.12 6.04.00 2010-06-06 8.02 -
Panda 9.05.01 2010.06.06 2010-06-06 0.11 -
Trend Micro 9.120-1004 7.224.08 2010-06-07 0.11 -
Quick Heal 10.00 2010.06.07 2010-06-07 0.87 -
Rising 20.0 22.51.00.04 2010-06-07 0.18 -
Sophos 3.07.1 4.54 2010-06-07 4.00 -
Sunbelt 3.9.2424.2 6415 2010-06-07 0.20 -
Symantec 1.3.0.24 20100606.003 2010-06-06 0.07 -
nProtect 20100607.01 8594755 2010-06-07 0.28 -
The Hacker 6.5.2.0 v00292 2010-06-03 0.19 -
VBA32 3.12.12.5 20100605.2017 2010-06-05 5.89 -
VirusBuster 4.5.11.10 10.126.68/2028142 2010-06-06 4.33 -


VirSCAN.org Scanned Report :
Scanned time : 2010/06/07 10:50:04 (BST)
Scanner results: Scanners did not find malware!
File Name : rapimgr.dll
File Size : 167936 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 70dbdab246c18b78e2200d6401d038be
SHA1 : f823c8102bf22750ccc2bd7f3e2fd1d3d26a93e1
Online report : http://virscan.org/r...deb0dd12d1.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.11 20100607050114 2010-06-07 0.08 -
AhnLab V3 2010.06.07.06 2010.06.07 2010-06-07 0.08 -
AntiVir 8.2.2.6 7.10.7.253 2010-06-07 0.27 -
Antiy 2.0.18 20100602.4613711 2010-06-02 0.02 -
Arcavir 2009 201006060939 2010-06-06 0.06 -
Authentium 5.1.1 201006061311 2010-06-06 1.72 -
AVAST! 4.7.4 100607-0 2010-06-07 0.01 -
AVG 8.5.793 271.1.1/2922 2010-06-07 0.29 -
BitDefender 7.90123.6157742 7.32080 2010-06-07 3.93 -
ClamAV 0.96.1 11148 2010-06-07 0.04 -
Comodo 3.13.579 5016 2010-06-07 0.08 -
CP Secure 1.3.0.5 2010.06.05 2010-06-05 0.06 -
Dr.Web 5.0.2.3300 2010.06.07 2010-06-07 8.55 -
F-Prot 4.4.4.56 20100606 2010-06-06 1.76 -
F-Secure 7.02.73807 2010.06.07.02 2010-06-07 0.13 -
Fortinet 4.1.133 12.27 2010-06-07 0.08 -
GData 21.310/21.102 20100607 2010-06-07 0.09 -
ViRobot 20100607 2010.06.07 2010-06-07 0.08 -
Ikarus T3.1.01.84 2010.06.07.76015 2010-06-07 7.50 -
JiangMin 13.0.900 2010.06.07 2010-06-07 0.09 -
Kaspersky 5.5.10 2010.06.07 2010-06-07 0.12 -
KingSoft 2009.2.5.15 2010.6.7.15 2010-06-07 0.08 -
McAfee 5400.1158 6005 2010-06-06 16.49 -
Microsoft 1.5802 2010.06.07 2010-06-07 0.08 -
Norman 6.04.12 6.04.00 2010-06-06 6.01 -
Panda 9.05.01 2010.06.06 2010-06-06 0.08 -
Trend Micro 9.120-1004 7.224.08 2010-06-07 0.03 -
Quick Heal 10.00 2010.06.07 2010-06-07 0.08 -
Rising 20.0 22.51.00.04 2010-06-07 0.08 -
Sophos 3.07.1 4.54 2010-06-07 3.49 -
Sunbelt 3.9.2424.2 6414 2010-06-06 0.09 -
Symantec 1.3.0.24 20100606.003 2010-06-06 0.05 -
nProtect 20100607.01 8594755 2010-06-07 0.09 -
The Hacker 6.5.2.0 v00292 2010-06-03 0.08 -
VBA32 3.12.12.5 20100605.2017 2010-06-05 2.75 -
VirusBuster 4.5.11.10 10.126.68/2028142 2010-06-06 2.49 -


VirSCAN.org Scanned Report :
Scanned time : 2010/06/07 11:02:37 (BST)
Scanner results: Scanners did not find malware!
File Name : S2usbser.sys
File Size : 103680 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 2f0caec1079a0c1a153129a696e449f8
SHA1 : 150bfe89b75e34da2b715aebfa2cf881a22b107e
Online report : http://virscan.org/r...3b7eda95b3.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.11 20100607050114 2010-06-07 0.20 -
AhnLab V3 2010.06.07.06 2010.06.07 2010-06-07 0.15 -
AntiVir 8.2.2.6 7.10.7.253 2010-06-07 0.38 -
Antiy 2.0.18 20100602.4613711 2010-06-02 0.02 -
Arcavir 2009 201006060939 2010-06-06 0.09 -
Authentium 5.1.1 201006061311 2010-06-06 1.95 -
AVAST! 4.7.4 100607-0 2010-06-07 0.01 -
AVG 8.5.793 271.1.1/2922 2010-06-07 1.87 -
BitDefender 7.90123.6157742 7.32080 2010-06-07 10.30 -
ClamAV 0.96.1 11148 2010-06-07 0.03 -
Comodo 3.13.579 5016 2010-06-07 0.21 -
CP Secure 1.3.0.5 2010.06.05 2010-06-05 0.17 -
Dr.Web 5.0.2.3300 2010.06.07 2010-06-07 10.45 -
F-Prot 4.4.4.56 20100606 2010-06-06 2.09 -
F-Secure 7.02.73807 2010.06.07.02 2010-06-07 0.55 -
Fortinet 4.1.133 12.27 2010-06-07 0.19 -
GData 21.310/21.102 20100607 2010-06-07 0.20 -
ViRobot 20100607 2010.06.07 2010-06-07 0.17 -
Ikarus T3.1.01.84 2010.06.07.76015 2010-06-07 10.47 -
JiangMin 13.0.900 2010.06.07 2010-06-07 0.18 -
Kaspersky 5.5.10 2010.06.07 2010-06-07 0.14 -
KingSoft 2009.2.5.15 2010.6.7.15 2010-06-07 0.20 -
McAfee 5400.1158 6005 2010-06-06 18.33 -
Microsoft 1.5802 2010.06.07 2010-06-07 0.10 -
Norman 6.04.12 6.04.00 2010-06-06 6.03 -
Panda 9.05.01 2010.06.06 2010-06-06 0.08 -
Trend Micro 9.120-1004 7.224.08 2010-06-07 0.03 -
Quick Heal 10.00 2010.06.07 2010-06-07 0.08 -
Rising 20.0 22.51.00.04 2010-06-07 0.08 -
Sophos 3.07.1 4.54 2010-06-07 3.51 -
Sunbelt 3.9.2424.2 6415 2010-06-07 0.08 -
Symantec 1.3.0.24 20100606.003 2010-06-06 0.22 -
nProtect 20100607.01 8594755 2010-06-07 0.09 -
The Hacker 6.5.2.0 v00292 2010-06-03 0.09 -
VBA32 3.12.12.5 20100605.2017 2010-06-05 2.88 -
VirusBuster 4.5.11.10 10.126.68/2028142 2010-06-06 2.46 -


VirSCAN.org Scanned Report :
Scanned time : 2010/06/07 10:45:15 (BST)
Scanner results: Scanners did not find malware!
File Name : wcescomm.dll
File Size : 365568 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 779f9c90d3fe9c70b6ffd8ef035f3e83
SHA1 : fa505b0c849b236811c9b09c1bffaec8b80097ff
Online report : http://virscan.org/r...f4295ba945.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.11 20100607050114 2010-06-07 0.08 -
AhnLab V3 2010.06.07.06 2010.06.07 2010-06-07 0.09 -
AntiVir 8.2.2.6 7.10.7.253 2010-06-07 0.26 -
Antiy 2.0.18 20100602.4613711 2010-06-02 0.02 -
Arcavir 2009 201006060939 2010-06-06 0.07 -
Authentium 5.1.1 201006061311 2010-06-06 2.19 -
AVAST! 4.7.4 100607-0 2010-06-07 0.02 -
AVG 8.5.793 271.1.1/2922 2010-06-07 0.26 -
BitDefender 7.90123.6157742 7.32080 2010-06-07 3.94 -
ClamAV 0.96.1 11148 2010-06-07 0.07 -
Comodo 3.13.579 5016 2010-06-07 0.08 -
CP Secure 1.3.0.5 2010.06.05 2010-06-05 0.08 -
Dr.Web 5.0.2.3300 2010.06.07 2010-06-07 7.92 -
F-Prot 4.4.4.56 20100606 2010-06-06 2.14 -
F-Secure 7.02.73807 2010.06.07.02 2010-06-07 1.75 -
Fortinet 4.1.133 12.26 2010-06-06 0.08 -
GData 21.310/21.102 20100607 2010-06-07 0.09 -
ViRobot 20100607 2010.06.07 2010-06-07 0.09 -
Ikarus T3.1.01.84 2010.06.07.76015 2010-06-07 6.85 -
JiangMin 13.0.900 2010.06.07 2010-06-07 0.08 -
Kaspersky 5.5.10 2010.06.07 2010-06-07 0.08 -
KingSoft 2009.2.5.15 2010.6.7.15 2010-06-07 0.08 -
McAfee 5400.1158 6005 2010-06-06 16.18 -
Microsoft 1.5802 2010.06.07 2010-06-07 0.08 -
Norman 6.04.12 6.04.00 2010-06-06 4.01 -
Panda 9.05.01 2010.06.06 2010-06-06 0.08 -
Trend Micro 9.120-1004 7.224.08 2010-06-07 0.03 -
Quick Heal 10.00 2010.06.07 2010-06-07 0.08 -
Rising 20.0 22.51.00.04 2010-06-07 0.08 -
Sophos 3.07.1 4.54 2010-06-07 3.35 -
Sunbelt 3.9.2424.2 6414 2010-06-06 0.08 -
Symantec 1.3.0.24 20100606.003 2010-06-06 0.06 -
nProtect 20100607.01 8594755 2010-06-07 0.08 -
The Hacker 6.5.2.0 v00292 2010-06-03 0.08 -
VBA32 3.12.12.5 20100605.2017 2010-06-05 2.74 -
VirusBuster 4.5.11.10 10.126.68/2028142 2010-06-06 2.53 -


I have uninstalled toolbar related to tbLove.dll, so not able to can't scan file.

5. ESET generated the following log -

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

It doesn't look right cos the scan found one threat. It was adware relating to Burn4free i think.
  • 0

#8
andrewuk
Posted 08 June 2010 - 01:04 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

1. My ISP is Virgin Media Ltd, PO Box 50, Wythenshawe, Manchester, M22 0BA.

thats ok, NTL is part of Virgin now.


5. ESET generated the following log -

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

It doesn't look right cos the scan found one threat. It was adware relating to Burn4free i think.

Burn4free is considered adware, see here. also, the superantispyware scan removed most of it.



====STEP 1====
Run OTL.exe by double clicking the icon on your desktop
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the log that it produces


In your next reply could i see:
1. the OTL log
2. some idea of how your machine is running now

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

Edited by andrewuk, 08 June 2010 - 01:18 PM.

  • 0

#9
surjohn
Posted 08 June 2010 - 03:49 PM

surjohn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
My machine seems to be back to normal now.


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Prefs.js: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 removed from extensions.enabledItems
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John
->Temp folder emptied: 111425626 bytes
->Temporary Internet Files folder emptied: 132463661 bytes
->Java cache emptied: 132250 bytes
->FireFox cache emptied: 27902596 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 5924 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11854076 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 580758358 bytes

Total Files Cleaned = 824.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: John
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06082010_212930

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#10
andrewuk
Posted 08 June 2010 - 04:14 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hello surjohn

congratulations, your logs are clean and another fix is in the can :)

the malwarebytes scan was clean, superantispyware removed some adware, the virscan logs were clean and the ESET online scan was clean.

in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.

====STEP 1====
Follow these steps to uninstall Combofix, some of the tools used in the removal of malware and to flush your system restore points
  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between ComboFix and the /Uninstall, it needs to be there.
    Posted Image
  • You will be notified if combofix has been successfully removed


====STEP 2====
Double-click OTL to run it. (Vista users, please right click on OTListIt.exe and select "Run as an Administrator")
  • Click the Clean up button and let the program run
  • when prompted, click Yes to the reboot.
you can also clear away any other tools we used.


====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help you further.


====AND FINALLY====
The following is a list of free tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • MBAM - Malware Bytes Anti Malware is an excellent tool for anyone's antimalware arsenal. This program should be updated and run often.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Digsby or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • FireFox - Alternate web browser. Open source and quick, Firefox is usually the first thing I install on a new system.
  • NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

best wishes

andrewuk
  • 0

#11
surjohn
Posted 09 June 2010 - 09:07 AM

surjohn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for your help and all the best.

surjohn
  • 0

#12
andrewuk
Posted 13 June 2010 - 08:25 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP