Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Hijacked ? [Solved]

Started by Emma_uk , Dec 11 2008 05:19 AM

  • This topic is locked This topic is locked

#1
Emma_uk
Posted 11 December 2008 - 05:19 AM

Emma_uk

    Member

  • Member
  • PipPipPip
  • 135 posts
Hi

When i do a simple search on google say for 'BBC News' which should be the first result I get :-

:wave:

BritanniaSearch.co.uk
blinkx.com
current.com
news.blinkx.com
heavy.com
kontraband.com
gallent.co.uk

To name but a few before i get to the BBC front page. I have tested the same search on a differenrt machine & I get to 'BBC' straight away
so it seems only my PC is infected. :)

I have run Malwarebytes & Mcafee and also reinstalled ie7 but this has not helped.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:40, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O4 - HKLM\..\Run: [] "C:\WINDOWS\Options\OEMReset.exe" /Audit
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212000842109
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

--
End of file - 6141 bytes

Thanks in advance :)
  • 0

Advertisements

#2
RatHat
Posted 11 December 2008 - 05:26 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo.


Now lets have a deeper look at your machine. Download Old Timer's OTViewIt and save it to your Desktop.
  • Double click OTViewIt.exe to run the program
  • Under File Age: choose 60 Days
  • Now click Run Scan to start the scan
  • The scan will take a minute or so, Do Not run any other programs during the scan
  • When complete, notepad will open two files:
    • OTViewIt.Txt
    • Extras.Txt
  • Please post the contents of both files in your next reply
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Disable resident protections (Antivirus...); you can re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
Note: %SystemDrive% is usually, C:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Also lets have a look at the MBAM log. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note that you will need to make a separate post for each log.

Regards,
RatHat
  • 0

#3
Emma_uk
Posted 11 December 2008 - 05:48 AM

Emma_uk

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Here you are RatHat

Thanks :)

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 3.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : admin ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Not Activated)
Firewall : McAfee Personal Firewall (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:213 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 11/12/2008|11:37 )

--------------------\\ Listing folders in APPLIC~1

[29/05/2008|14:44] C:\DOCUME~1\admin\APPLIC~1\Adobe
[29/05/2008|17:22] C:\DOCUME~1\admin\APPLIC~1\Ahead
[27/11/2008|09:41] C:\DOCUME~1\admin\APPLIC~1\Apple Computer
[23/10/2008|19:49] C:\DOCUME~1\admin\APPLIC~1\ATI
[28/08/2008|18:26] C:\DOCUME~1\admin\APPLIC~1\AVS4YOU
[04/12/2008|16:03] C:\DOCUME~1\admin\APPLIC~1\Canon
[29/10/2008|16:47] C:\DOCUME~1\admin\APPLIC~1\CyberLink
[17/09/2008|09:14] C:\DOCUME~1\admin\APPLIC~1\CyberScrub
[11/12/2008|08:16] C:\DOCUME~1\admin\APPLIC~1\DMCache
[01/12/2008|14:54] C:\DOCUME~1\admin\APPLIC~1\dvdcss
[06/12/2008|14:40] C:\DOCUME~1\admin\APPLIC~1\GrabPro
[24/11/2008|16:32] C:\DOCUME~1\admin\APPLIC~1\Help
[22/01/2003|03:12] C:\DOCUME~1\admin\APPLIC~1\Identities
[29/05/2008|18:30] C:\DOCUME~1\admin\APPLIC~1\InstallShield
[17/11/2008|20:40] C:\DOCUME~1\admin\APPLIC~1\LimeWire
[28/05/2008|17:53] C:\DOCUME~1\admin\APPLIC~1\Macromedia
[10/12/2008|19:24] C:\DOCUME~1\admin\APPLIC~1\Malwarebytes
[21/08/2008|18:20] C:\DOCUME~1\admin\APPLIC~1\M-Audio
[23/10/2008|20:22] C:\DOCUME~1\admin\APPLIC~1\Microsoft
[06/06/2008|22:39] C:\DOCUME~1\admin\APPLIC~1\MSN6
[21/08/2008|17:55] C:\DOCUME~1\admin\APPLIC~1\NetMedia Providers
[06/12/2008|17:52] C:\DOCUME~1\admin\APPLIC~1\Orbit
[21/08/2008|17:55] C:\DOCUME~1\admin\APPLIC~1\Publish Providers
[01/12/2008|19:12] C:\DOCUME~1\admin\APPLIC~1\River Past G5
[28/05/2008|18:00] C:\DOCUME~1\admin\APPLIC~1\ScanSoft
[19/08/2008|17:52] C:\DOCUME~1\admin\APPLIC~1\Sun
[12/04/2007|15:04] C:\DOCUME~1\admin\APPLIC~1\Symantec
[01/06/2008|11:30] C:\DOCUME~1\admin\APPLIC~1\Template
[05/06/2008|19:45] C:\DOCUME~1\admin\APPLIC~1\Ulead Systems
[11/12/2008|08:11] C:\DOCUME~1\admin\APPLIC~1\Uniblue
[19/08/2008|13:29] C:\DOCUME~1\admin\APPLIC~1\URSoft
[24/11/2008|11:10] C:\DOCUME~1\admin\APPLIC~1\vlc
[09/12/2008|11:08] C:\DOCUME~1\admin\APPLIC~1\VSO
[17/11/2008|19:55] C:\DOCUME~1\admin\APPLIC~1\WinRAR

[08/06/2008|12:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[08/06/2008|12:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[23/10/2008|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[12/11/2008|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\13242
[29/05/2008|14:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/06/2008|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[26/11/2008|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[26/11/2008|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[23/10/2008|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[28/08/2008|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[28/05/2008|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[28/08/2008|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[11/12/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DriverScanner
[28/05/2008|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[10/12/2008|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[04/10/2008|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[11/08/2008|17:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[05/06/2008|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[03/12/2008|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
[28/05/2008|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[04/10/2008|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[10/12/2008|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[12/04/2007|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[11/12/2008|10:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/12/2008|08:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[11/06/2008|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WholeSecurity
[28/05/2008|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/08/2008|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[08/06/2008|12:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[08/06/2008|12:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[08/06/2008|12:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[04/12/2008|19:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore

[08/06/2008|12:44] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[15/10/2008 02:20][--a------] C:\WINDOWS\tasks\McDefragTask.job
[12/04/2007 20:51][--a------] C:\WINDOWS\tasks\McQcTask.job
[11/12/2008 10:46][--ah-----] C:\WINDOWS\tasks\SA.DAT
[29/08/2002 19:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[04/11/2008|18:00] C:\Program Files\Adobe
[08/06/2008|12:44] C:\Program Files\Ahead
[26/11/2008|17:32] C:\Program Files\Apple Software Update
[23/10/2008|18:51] C:\Program Files\ATI Technologies
[08/06/2008|12:44] C:\Program Files\Canon
[28/05/2008|17:52] C:\Program Files\CanonBJ
[11/12/2008|08:14] C:\Program Files\Common Files
[28/08/2008|14:48] C:\Program Files\CyberLink
[17/09/2008|09:13] C:\Program Files\CyberScrub Privacy Suite
[11/12/2008|08:14] C:\Program Files\InstallShield Installation Information
[10/12/2008|13:40] C:\Program Files\Internet Explorer
[10/12/2008|17:57] C:\Program Files\Java
[10/12/2008|19:27] C:\Program Files\Malwarebytes' Anti-Malware
[16/11/2008|17:44] C:\Program Files\McAfee
[12/04/2007|20:51] C:\Program Files\McAfee.com
[28/05/2008|18:55] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[22/01/2003|03:12] C:\Program Files\microsoft frontpage
[23/10/2008|18:56] C:\Program Files\Microsoft IntelliPoint
[06/09/2006|14:24] C:\Program Files\Microsoft Office
[21/08/2008|17:51] C:\Program Files\Microsoft SQL Server
[08/06/2008|12:44] C:\Program Files\Microsoft Works
[28/05/2008|17:41] C:\Program Files\Movie Maker
[23/10/2008|20:45] C:\Program Files\MSBuild
[22/01/2003|03:09] C:\Program Files\MSN
[22/01/2003|03:08] C:\Program Files\MSN Gaming Zone
[28/05/2008|17:39] C:\Program Files\NetMeeting
[12/04/2007|19:56] C:\Program Files\Online Services
[28/05/2008|17:39] C:\Program Files\Outlook Express
[06/09/2006|14:04] C:\Program Files\PowerQuest
[26/11/2008|17:33] C:\Program Files\QuickTime
[12/04/2007|20:12] C:\Program Files\Realtek
[23/10/2008|20:44] C:\Program Files\Reference Assemblies
[28/05/2008|18:00] C:\Program Files\ScanSoft
[17/09/2008|09:52] C:\Program Files\Symantec
[11/12/2008|11:02] C:\Program Files\Trend Micro
[21/08/2008|17:51] C:\Program Files\Uninstall Information
[11/08/2008|19:16] C:\Program Files\VideoLAN
[28/09/2008|19:23] C:\Program Files\VSO
[11/08/2008|17:57] C:\Program Files\Windows Live
[02/06/2008|13:36] C:\Program Files\Windows Media Bonus Pack for Windows XP
[17/06/2008|23:52] C:\Program Files\Windows Media Connect 2
[13/08/2008|23:06] C:\Program Files\Windows Media Player
[28/05/2008|17:39] C:\Program Files\Windows NT
[27/10/2008|14:06] C:\Program Files\WinRAR
[22/01/2003|03:12] C:\Program Files\xerox
[11/12/2008|10:27] C:\Program Files\XoftSpySE
[09/12/2008|15:36] C:\Program Files\Your Uninstaller 2008

--------------------\\ Listing Folders in C:\Program Files\Common Files

[29/05/2008|14:42] C:\Program Files\Common Files\Adobe
[12/04/2007|20:18] C:\Program Files\Common Files\Ahead
[26/11/2008|17:32] C:\Program Files\Common Files\Apple
[28/08/2008|18:28] C:\Program Files\Common Files\AVSMedia
[25/09/2008|12:35] C:\Program Files\Common Files\DirectX
[28/05/2008|18:00] C:\Program Files\Common Files\InstallShield
[19/08/2008|17:51] C:\Program Files\Common Files\Java
[28/05/2008|16:44] C:\Program Files\Common Files\McAfee
[28/08/2008|15:05] C:\Program Files\Common Files\Microsoft Shared
[22/01/2003|03:10] C:\Program Files\Common Files\MSSoap
[12/04/2007|20:21] C:\Program Files\Common Files\Nero
[08/06/2008|12:44] C:\Program Files\Common Files\ODBC
[28/05/2008|18:00] C:\Program Files\Common Files\ScanSoft Shared
[06/09/2006|20:40] C:\Program Files\Common Files\Services
[21/01/2003|19:04] C:\Program Files\Common Files\SpeechEngines
[17/09/2008|09:52] C:\Program Files\Common Files\Symantec Shared
[28/05/2008|17:39] C:\Program Files\Common Files\System
[11/08/2008|17:57] C:\Program Files\Common Files\WindowsLiveInstaller
[05/11/2008|08:30] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 34 Processes )

iexplore.exe ~ [PID:1528]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 11:38:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Searching for other infections


No other infections found !

[F:3][D:2]-> C:\DOCUME~1\admin\LOCALS~1\Temp
[F:69][D:0]-> C:\DOCUME~1\admin\Cookies
[F:1414][D:4]-> C:\DOCUME~1\admin\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 11/12/2008|11:39 - Option : [1]

--------------------\\ Scan completed at 11:39:06


OTViewIt Extras logfile created on: 11/12/2008 11:33:04 - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 77.59% Memory free
3.78 Gb Paging File | 3.46 Gb Available in Paging File | 91.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 213.60 Gb Free Space | 91.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-25KGJLS1N
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2001/06/20 16:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/09/30 13:05:24 | 00,145,424 | ---- | M] () c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} (HKLM) [McAfee SACore Protocol Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460"=Canon MP460
"{14298AFE-9001-9CFB-595E-38BB3DCB25D3}"=ccc-utility
"{1BA6EE26-3358-B634-FD05-D07C964EE944}"=Skins
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}"=ScanSoft OmniPage SE 4.0
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}"=MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1"=VSO Image Resizer 2.0.1.9
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{4F55E486-4EDE-A879-B6CC-0B07DD475540}"=Catalyst Control Center Graphics Light
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}"=Microsoft IntelliPoint 6.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}"=PartitionMagic
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{746E4937-CC0E-C8A2-CEF3-41774D227847}"=Catalyst Control Center Graphics Full Existing
"{80A1F948-2D8E-7C25-87AA-6D8294334A5D}"=Catalyst Control Center Core Implementation
"{8A50284B-6426-2FDF-48BD-0895482344E8}"=CCC Help English
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"=Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}"=Microsoft .NET Framework (English)
"{B93F0E87-FBDB-097E-5DCA-FF99110F26E0}"=Catalyst Control Center Graphics Previews Common
"{C04ED833-89A3-BC13-BAE3-96FDD56933F9}"=Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2
"{CDC31D08-9789-2554-2670-C33BC49F0DD3}"=ccc-core-static
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1
"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}"=Catalyst Control Center - Branding
"{FE2881D8-236B-6B25-2C5A-74CFB00F2756}"=ccc-core-preinstall
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"audcle"=Plus! MP3 Audio Converter LE
"CyberScrub® Privacy Suite™ 5.1_is1"=CyberScrub® Privacy Suite™ 5.1
"drmtool.inf"=Personal License Update Wizard for Windows Media Player
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}"=PowerQuest PartitionMagic 8.0
"LiveReg"=LiveReg (Symantec Corporation)
"LiveUpdate"=LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)"=Microsoft .NET Framework (English) v1.0.3705
"MP Navigator 3.0"=Canon MP Navigator 3.0
"mplibwiz.inf"=Media Library Management Wizard
"mpxlswiz.inf"=Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf"=Windows Media Player Tray Control
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"VLC media player"=VLC media player 0.9.6
"wa2wmp"=Windows Media Player Skin Importer
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMBK2"=Windows Media Bonus Pack for Windows XP
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Your Uninstaller! 2008_is1"=Your Uninstaller! 2008 Version 6.0

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 11/12/2008 04:32:44 | Computer Name = OWNER-25KGJLS1N | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/12/2008 04:44:35 | Computer Name = OWNER-25KGJLS1N | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/12/2008 05:00:03 | Computer Name = OWNER-25KGJLS1N | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/12/2008 05:04:41 | Computer Name = OWNER-25KGJLS1N | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 11/12/2008 05:04:41 | Computer Name = OWNER-25KGJLS1N | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2

Error - 11/12/2008 05:16:33 | Computer Name = OWNER-25KGJLS1N | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JAMES-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5B83674E-5E6A-4369-. The master browser is stopping or an election
is being forced.

Error - 11/12/2008 06:24:50 | Computer Name = OWNER-25KGJLS1N | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JAMES-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5B83674E-5E6A-4369-. The master browser is stopping or an election
is being forced.

Error - 11/12/2008 06:46:21 | Computer Name = OWNER-25KGJLS1N | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 11/12/2008 06:46:21 | Computer Name = OWNER-25KGJLS1N | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2

Error - 11/12/2008 06:50:50 | Computer Name = OWNER-25KGJLS1N | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JAMES-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5B83674E-5E6A-4369-. The master browser is stopping or an election
is being forced.


< End of report >

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 3.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : admin ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Not Activated)
Firewall : McAfee Personal Firewall (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:213 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 11/12/2008|11:37 )

--------------------\\ Listing folders in APPLIC~1

[29/05/2008|14:44] C:\DOCUME~1\admin\APPLIC~1\Adobe
[29/05/2008|17:22] C:\DOCUME~1\admin\APPLIC~1\Ahead
[27/11/2008|09:41] C:\DOCUME~1\admin\APPLIC~1\Apple Computer
[23/10/2008|19:49] C:\DOCUME~1\admin\APPLIC~1\ATI
[28/08/2008|18:26] C:\DOCUME~1\admin\APPLIC~1\AVS4YOU
[04/12/2008|16:03] C:\DOCUME~1\admin\APPLIC~1\Canon
[29/10/2008|16:47] C:\DOCUME~1\admin\APPLIC~1\CyberLink
[17/09/2008|09:14] C:\DOCUME~1\admin\APPLIC~1\CyberScrub
[11/12/2008|08:16] C:\DOCUME~1\admin\APPLIC~1\DMCache
[01/12/2008|14:54] C:\DOCUME~1\admin\APPLIC~1\dvdcss
[06/12/2008|14:40] C:\DOCUME~1\admin\APPLIC~1\GrabPro
[24/11/2008|16:32] C:\DOCUME~1\admin\APPLIC~1\Help
[22/01/2003|03:12] C:\DOCUME~1\admin\APPLIC~1\Identities
[29/05/2008|18:30] C:\DOCUME~1\admin\APPLIC~1\InstallShield
[17/11/2008|20:40] C:\DOCUME~1\admin\APPLIC~1\LimeWire
[28/05/2008|17:53] C:\DOCUME~1\admin\APPLIC~1\Macromedia
[10/12/2008|19:24] C:\DOCUME~1\admin\APPLIC~1\Malwarebytes
[21/08/2008|18:20] C:\DOCUME~1\admin\APPLIC~1\M-Audio
[23/10/2008|20:22] C:\DOCUME~1\admin\APPLIC~1\Microsoft
[06/06/2008|22:39] C:\DOCUME~1\admin\APPLIC~1\MSN6
[21/08/2008|17:55] C:\DOCUME~1\admin\APPLIC~1\NetMedia Providers
[06/12/2008|17:52] C:\DOCUME~1\admin\APPLIC~1\Orbit
[21/08/2008|17:55] C:\DOCUME~1\admin\APPLIC~1\Publish Providers
[01/12/2008|19:12] C:\DOCUME~1\admin\APPLIC~1\River Past G5
[28/05/2008|18:00] C:\DOCUME~1\admin\APPLIC~1\ScanSoft
[19/08/2008|17:52] C:\DOCUME~1\admin\APPLIC~1\Sun
[12/04/2007|15:04] C:\DOCUME~1\admin\APPLIC~1\Symantec
[01/06/2008|11:30] C:\DOCUME~1\admin\APPLIC~1\Template
[05/06/2008|19:45] C:\DOCUME~1\admin\APPLIC~1\Ulead Systems
[11/12/2008|08:11] C:\DOCUME~1\admin\APPLIC~1\Uniblue
[19/08/2008|13:29] C:\DOCUME~1\admin\APPLIC~1\URSoft
[24/11/2008|11:10] C:\DOCUME~1\admin\APPLIC~1\vlc
[09/12/2008|11:08] C:\DOCUME~1\admin\APPLIC~1\VSO
[17/11/2008|19:55] C:\DOCUME~1\admin\APPLIC~1\WinRAR

[08/06/2008|12:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[08/06/2008|12:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[23/10/2008|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[12/11/2008|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\13242
[29/05/2008|14:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/06/2008|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[26/11/2008|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[26/11/2008|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[23/10/2008|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[28/08/2008|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[28/05/2008|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[28/08/2008|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[11/12/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DriverScanner
[28/05/2008|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[10/12/2008|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[04/10/2008|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[11/08/2008|17:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[05/06/2008|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[03/12/2008|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
[28/05/2008|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[04/10/2008|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[10/12/2008|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[12/04/2007|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[11/12/2008|10:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/12/2008|08:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[11/06/2008|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WholeSecurity
[28/05/2008|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/08/2008|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[08/06/2008|12:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[08/06/2008|12:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[08/06/2008|12:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[04/12/2008|19:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore

[08/06/2008|12:44] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[15/10/2008 02:20][--a------] C:\WINDOWS\tasks\McDefragTask.job
[12/04/2007 20:51][--a------] C:\WINDOWS\tasks\McQcTask.job
[11/12/2008 10:46][--ah-----] C:\WINDOWS\tasks\SA.DAT
[29/08/2002 19:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[04/11/2008|18:00] C:\Program Files\Adobe
[08/06/2008|12:44] C:\Program Files\Ahead
[26/11/2008|17:32] C:\Program Files\Apple Software Update
[23/10/2008|18:51] C:\Program Files\ATI Technologies
[08/06/2008|12:44] C:\Program Files\Canon
[28/05/2008|17:52] C:\Program Files\CanonBJ
[11/12/2008|08:14] C:\Program Files\Common Files
[28/08/2008|14:48] C:\Program Files\CyberLink
[17/09/2008|09:13] C:\Program Files\CyberScrub Privacy Suite
[11/12/2008|08:14] C:\Program Files\InstallShield Installation Information
[10/12/2008|13:40] C:\Program Files\Internet Explorer
[10/12/2008|17:57] C:\Program Files\Java
[10/12/2008|19:27] C:\Program Files\Malwarebytes' Anti-Malware
[16/11/2008|17:44] C:\Program Files\McAfee
[12/04/2007|20:51] C:\Program Files\McAfee.com
[28/05/2008|18:55] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[22/01/2003|03:12] C:\Program Files\microsoft frontpage
[23/10/2008|18:56] C:\Program Files\Microsoft IntelliPoint
[06/09/2006|14:24] C:\Program Files\Microsoft Office
[21/08/2008|17:51] C:\Program Files\Microsoft SQL Server
[08/06/2008|12:44] C:\Program Files\Microsoft Works
[28/05/2008|17:41] C:\Program Files\Movie Maker
[23/10/2008|20:45] C:\Program Files\MSBuild
[22/01/2003|03:09] C:\Program Files\MSN
[22/01/2003|03:08] C:\Program Files\MSN Gaming Zone
[28/05/2008|17:39] C:\Program Files\NetMeeting
[12/04/2007|19:56] C:\Program Files\Online Services
[28/05/2008|17:39] C:\Program Files\Outlook Express
[06/09/2006|14:04] C:\Program Files\PowerQuest
[26/11/2008|17:33] C:\Program Files\QuickTime
[12/04/2007|20:12] C:\Program Files\Realtek
[23/10/2008|20:44] C:\Program Files\Reference Assemblies
[28/05/2008|18:00] C:\Program Files\ScanSoft
[17/09/2008|09:52] C:\Program Files\Symantec
[11/12/2008|11:02] C:\Program Files\Trend Micro
[21/08/2008|17:51] C:\Program Files\Uninstall Information
[11/08/2008|19:16] C:\Program Files\VideoLAN
[28/09/2008|19:23] C:\Program Files\VSO
[11/08/2008|17:57] C:\Program Files\Windows Live
[02/06/2008|13:36] C:\Program Files\Windows Media Bonus Pack for Windows XP
[17/06/2008|23:52] C:\Program Files\Windows Media Connect 2
[13/08/2008|23:06] C:\Program Files\Windows Media Player
[28/05/2008|17:39] C:\Program Files\Windows NT
[27/10/2008|14:06] C:\Program Files\WinRAR
[22/01/2003|03:12] C:\Program Files\xerox
[11/12/2008|10:27] C:\Program Files\XoftSpySE
[09/12/2008|15:36] C:\Program Files\Your Uninstaller 2008

--------------------\\ Listing Folders in C:\Program Files\Common Files

[29/05/2008|14:42] C:\Program Files\Common Files\Adobe
[12/04/2007|20:18] C:\Program Files\Common Files\Ahead
[26/11/2008|17:32] C:\Program Files\Common Files\Apple
[28/08/2008|18:28] C:\Program Files\Common Files\AVSMedia
[25/09/2008|12:35] C:\Program Files\Common Files\DirectX
[28/05/2008|18:00] C:\Program Files\Common Files\InstallShield
[19/08/2008|17:51] C:\Program Files\Common Files\Java
[28/05/2008|16:44] C:\Program Files\Common Files\McAfee
[28/08/2008|15:05] C:\Program Files\Common Files\Microsoft Shared
[22/01/2003|03:10] C:\Program Files\Common Files\MSSoap
[12/04/2007|20:21] C:\Program Files\Common Files\Nero
[08/06/2008|12:44] C:\Program Files\Common Files\ODBC
[28/05/2008|18:00] C:\Program Files\Common Files\ScanSoft Shared
[06/09/2006|20:40] C:\Program Files\Common Files\Services
[21/01/2003|19:04] C:\Program Files\Common Files\SpeechEngines
[17/09/2008|09:52] C:\Program Files\Common Files\Symantec Shared
[28/05/2008|17:39] C:\Program Files\Common Files\System
[11/08/2008|17:57] C:\Program Files\Common Files\WindowsLiveInstaller
[05/11/2008|08:30] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 34 Processes )

iexplore.exe ~ [PID:1528]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 11:38:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Searching for other infections


No other infections found !

[F:3][D:2]-> C:\DOCUME~1\admin\LOCALS~1\Temp
[F:69][D:0]-> C:\DOCUME~1\admin\Cookies
[F:1414][D:4]-> C:\DOCUME~1\admin\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 11/12/2008|11:39 - Option : [1]

--------------------\\ Scan completed at 11:39:06


Thankyou :)
  • 0

#4
RatHat
Posted 11 December 2008 - 05:59 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
We are missing the contents of OTViewIt.Txt and also of the MBAM log, could you post them for me please.

Thanks,
RatHat
  • 0

#5
Emma_uk
Posted 11 December 2008 - 06:04 AM

Emma_uk

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
OTViewIt logfile created on: 11/12/2008 11:33:04 - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 77.59% Memory free
3.78 Gb Paging File | 3.46 Gb Available in Paging File | 91.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 213.60 Gb Free Space | 91.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-25KGJLS1N
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2008/08/01 04:21:05 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/08/01 04:21:05 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2003/12/08 16:35:14 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/10/08 12:04:44 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
[2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2008/07/09 13:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2008/06/20 04:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
[2008/07/11 17:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2008/07/09 16:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/11 11:30:46 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/01 04:21:05 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/07/31 20:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
File not found -- -- (JavaQuickStarterService [Auto | Stopped])
[2008/10/08 12:04:44 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
[2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2008/06/20 12:10:22 | 00,361,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2008/07/09 13:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2008/06/20 04:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2008/07/09 16:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [On_Demand | Running])
[2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe -- (MSK80Service [Auto | Running])
File not found -- -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
[2002/12/17 16:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2006/02/28 12:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2008/04/13 18:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Boot | Running])
[2008/04/13 18:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Stopped])
[2006/02/28 12:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Running])
[2006/02/28 12:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2002/08/14 14:03:36 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
[2008/08/01 06:38:20 | 03,266,560 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2006/02/28 12:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2006/02/28 12:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2008/12/10 18:37:28 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2008/04/13 16:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/12/22 00:26:48 | 04,405,248 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/06/27 05:08:40 | 00,079,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2008/06/27 05:08:40 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2008/06/27 05:08:40 | 00,207,656 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2008/06/20 04:41:38 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2008/06/27 05:08:40 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2008/06/02 13:55:42 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2006/02/28 12:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
[2004/08/13 02:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Stopped])
[2008/06/10 12:04:28 | 00,031,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])
[2002/09/16 16:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
[2006/02/28 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/02/28 12:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2006/02/28 12:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2006/02/28 12:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2007/10/23 09:51:04 | 00,103,296 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2006/02/28 12:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2008/06/02 08:46:21 | 00,030,464 | ---- | M] (THOMSON Telecom Belgium) -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330 [On_Demand | Stopped])
[2008/06/02 08:46:21 | 00,012,672 | ---- | M] (THOMSON Telecom Belgium) -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS [On_Demand | Stopped])
[2008/06/02 08:46:21 | 00,032,000 | ---- | M] (THOMSON Telecom Belgium) -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp [On_Demand | Stopped])
[2006/02/28 12:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2006/02/28 12:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2006/02/28 12:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2006/02/28 12:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2008/04/13 18:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35 [Boot | Running])
[2006/02/28 12:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Running])
[2008/04/13 18:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2006/02/28 12:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.msn.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.msn.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.msn.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""="C:\WINDOWS\Options\OEMReset.exe" /Audit ()
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" (Ahead Software Gmbh)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Scansoft, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Control Panel]
"GeneralTab"=0
"HomePage"=0
"Cache"=0
"History"=0
"Colors"=0
"links"=0
"Fonts"=0
"Languages"=0
"Accessibility"=0
"SecurityTab"=0
"ContentTab"=0
"Ratings"=0
"Certificates"=0
"FormSuggest"=0
"FormSuggest Passwords"=0
"Profiles"=0
"ConnectionsTab"=0
"Connection Settings"=0
"Connwiz Admin Lock"=0
"Proxy"=0
"ProgramsTab"=0
"Messaging"=0
"ResetWebSettings"=0
"Check_If_Default"=0
"AdvancedTab"=0
"Advanced"=0

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoSplash"=0
"NoJITSetup"=0

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserSaveAs"=0
"NoFileNew"=0
"NoBrowserClose"=0
"NoFileOpen"=0
"NoTheaterMode"=0
"NoViewSource"=0
"NoFavorites"=0
"NoAddingChannels"=0
"NoBrowserOptions"=0
"NoBrowserContextMenu"=0
"NoOpeninNewWnd"=0

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"GeneralTab"=0
"HomePage"=0
"Cache"=0
"History"=0
"Colors"=0
"links"=0
"Fonts"=0
"Languages"=0
"Accessibility"=0
"SecurityTab"=0
"ContentTab"=0
"Ratings"=0
"Certificates"=0
"FormSuggest"=0
"FormSuggest Passwords"=0
"Profiles"=0
"ConnectionsTab"=0
"Connection Settings"=0
"Connwiz Admin Lock"=0
"Proxy"=0
"ProgramsTab"=0
"Messaging"=0
"ResetWebSettings"=0
"Check_If_Default"=0
"AdvancedTab"=0
"Advanced"=0

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoSplash"=0
"NoJITSetup"=0

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserSaveAs"=0
"NoFileNew"=0
"NoBrowserClose"=0
"NoFileOpen"=0
"NoTheaterMode"=0
"NoViewSource"=0
"NoFavorites"=0
"NoAddingChannels"=0
"NoBrowserOptions"=0
"NoBrowserContextMenu"=0
"NoOpeninNewWnd"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoBandCustomize"=0
"NoToolbarCustomize"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoBandCustomize"=0
"NoToolbarCustomize"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.micro...d...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://appldnld.appl...ex/qtplugin.cab -- QuickTime Object
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace....ploader1006.cab -- MySpace Uploader Control
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.mi...b?1212000842109 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.ma...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_11
DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{3B652397-D1A2-4820-A14F-74BD2C9CD374} (Servers: | Description: )
{5B83674E-5E6A-4369-8F38-ED49CE2588ED} (Servers: | Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC)
{DB017392-5A1F-413E-9AB9-56A78180DC7A} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb2a7764-e932-11db-a0f9-00508d9d5209}\Shell\AutoRun\command]
""=F:\autorun.exe -- File not found

========== Files/Folders - Created Within 60 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2008/12/11 11:30:44 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTViewIt.exe
[2008/12/11 11:02:39 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\HijackThis.lnk
[2008/12/11 11:02:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/11 11:02:25 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\admin\Desktop\HJTInstall.exe
[2008/12/10 21:50:25 | 00,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
[2008/12/10 21:50:25 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2008/12/10 19:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Malwarebytes
[2008/12/10 19:22:58 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/10 19:22:58 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/10 19:22:55 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/10 19:22:54 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/10 19:22:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/10 18:37:28 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/10 18:37:28 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/10 18:37:28 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/10 18:37:28 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/10 18:37:28 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/10 18:36:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\gmer
[2008/12/10 18:36:51 | 00,359,608 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\dds.com
[2008/12/10 14:03:53 | 00,000,000 | ---D | C] -- C:\Program Files\XoftSpySE
[2008/12/10 13:47:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\8104297.jun
[2008/12/09 19:30:18 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys
[2008/12/09 19:30:18 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys
[2008/12/09 18:40:03 | 00,000,000 | ---D | C] -- C:\Binaries
[2008/12/09 18:25:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/08 18:54:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ICE_JNIRegistry.dll
[2008/12/06 14:25:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\GrabPro
[2008/12/06 14:24:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Orbit
[2008/12/06 14:11:21 | 00,156,672 | ---- | C] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2008/12/06 14:11:20 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/12/06 14:11:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\My Recordings
[2008/12/06 14:09:52 | 00,323,584 | ---- | C] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL
[2008/12/06 14:08:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Replay Media Catcher
[2008/12/04 16:19:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/12/03 19:27:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\VirtualDJ
[2008/12/03 16:41:55 | 01,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2008/12/03 16:41:54 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2008/12/03 16:41:54 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/12/03 16:41:54 | 00,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.dll
[2008/12/03 16:41:49 | 01,204,224 | ---- | C] (Havas Interactive) -- C:\WINDOWS\System32\SierraNW.DLL
[2008/12/03 16:41:49 | 00,233,472 | ---- | C] (Havas Interactive) -- C:\WINDOWS\System32\SNWValid.dll
[2008/12/03 16:41:49 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2008/12/03 16:41:42 | 00,000,041 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/12/01 19:12:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2008/12/01 19:12:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\River Past G5
[2008/12/01 14:54:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\dvdcss
[2008/11/30 20:16:12 | 00,020,358 | ---- | C] () -- C:\WINDOWS\vgirl.prf
[2008/11/27 09:41:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Apple Computer
[2008/11/26 17:32:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/11/26 17:32:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/11/26 17:32:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Apple
[2008/11/26 17:32:13 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/11/26 17:32:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/11/26 17:31:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Apple Computer
[2008/11/26 17:28:49 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/11/24 16:30:22 | 00,092,160 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\BarCod32.OCX
[2008/11/24 11:10:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\vlc
[2008/11/24 11:09:45 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2008/11/22 17:39:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\wklnhst.dat
[2008/11/17 19:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\WinRAR
[2008/11/13 23:11:59 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/13 23:11:49 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/12 11:37:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\13242
[2008/11/12 11:34:10 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx
[2008/11/11 08:55:05 | 00,000,563 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Shortcut to Temp.lnk
[2008/11/05 08:30:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/11/04 12:39:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\LimeWire
[2008/10/27 18:17:41 | 00,000,043 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/10/23 22:49:17 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/23 20:45:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2008/10/23 20:45:03 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2008/10/23 20:44:53 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2008/10/23 20:44:20 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2008/10/23 20:44:20 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2008/10/23 20:44:20 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2008/10/23 20:44:20 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2008/10/23 20:44:20 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2008/10/23 20:44:20 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2008/10/23 20:44:20 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2008/10/23 20:44:20 | 00,000,000 | ---D | C] -- C:\3bf01d2678e36ccca24415de
[2008/10/23 20:33:08 | 00,000,000 | RH-D | C] -- C:\AHCache
[2008/10/23 20:22:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Turbo_Tube
[2008/10/23 19:49:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/10/23 19:49:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\ATI
[2008/10/23 19:49:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\ATI
[2008/10/23 19:48:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/10/23 18:56:41 | 00,031,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\point32.sys
[2008/10/23 18:56:38 | 00,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Mouse.lnk
[2008/10/23 18:56:35 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2008/10/23 18:50:51 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/10/23 18:50:19 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2008/10/23 18:49:47 | 00,000,000 | ---D | C] -- C:\ATI
[2008/10/23 18:34:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2008/10/23 18:34:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Uniblue
[2008/10/23 18:30:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2008/10/23 12:36:14 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2008/10/15 00:45:02 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 00:43:46 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 00:43:34 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 00:43:30 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 00:43:23 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 00:43:19 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe

========== Files - Modified Within 60 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2008/12/11 11:30:46 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTViewIt.exe
[2008/12/11 11:16:35 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\HijackThis.lnk
[2008/12/11 11:02:26 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\admin\Desktop\HJTInstall.exe
[2008/12/11 10:48:23 | 00,024,349 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/12/11 10:46:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/11 10:45:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/11 10:45:57 | 00,003,568 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2008/12/11 10:44:21 | 03,774,450 | -H-- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2008/12/11 10:11:09 | 00,012,676 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/11 09:31:37 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\My Sharing Folders.lnk
[2008/12/11 08:22:41 | 00,231,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/10 21:50:25 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/12/10 21:50:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/12/10 19:22:58 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/10 18:37:28 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/10 18:37:28 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/10 18:37:28 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/10 18:37:28 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/10 18:29:33 | 00,359,608 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\dds.com
[2008/12/10 14:18:43 | 00,538,058 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/10 14:18:43 | 00,452,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/10 14:18:43 | 00,076,098 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/10 14:16:51 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/10 13:47:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8104297.jun
[2008/12/10 13:38:07 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/10 11:37:54 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/09 23:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/09 19:41:35 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/12/06 14:16:58 | 00,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2008/12/06 14:16:57 | 00,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/12/06 14:16:50 | 00,323,584 | ---- | M] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL
[2008/12/05 15:28:56 | 00,081,944 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 16:42:27 | 00,000,041 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2008/11/30 20:19:50 | 00,020,358 | ---- | M] () -- C:\WINDOWS\vgirl.prf
[2008/11/24 11:09:45 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2008/11/22 17:39:56 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\wklnhst.dat
[2008/11/11 08:55:05 | 00,000,563 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Shortcut to Temp.lnk
[2008/10/29 14:47:27 | 00,000,043 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/10/24 11:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/24 11:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/10/23 19:48:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2008/10/23 18:56:38 | 00,001,868 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Mouse.lnk
[2008/10/23 12:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdi32.dll
[2008/10/23 12:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2008/10/23 10:06:59 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2008/10/17 02:08:40 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/10/17 02:08:40 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/10/16 20:38:40 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2008/10/16 20:38:40 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2008/10/16 20:38:39 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2008/10/16 20:38:39 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2008/10/16 20:38:39 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2008/10/16 20:38:39 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2008/10/16 20:38:39 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll
[2008/10/16 20:38:39 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2008/10/16 20:38:39 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2008/10/16 20:38:39 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2008/10/16 20:38:39 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll
[2008/10/16 20:38:39 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2008/10/16 20:38:39 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2008/10/16 20:38:39 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2008/10/16 20:38:38 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2008/10/16 20:38:38 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2008/10/16 20:38:38 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2008/10/16 20:38:38 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2008/10/16 20:38:37 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/16 20:38:37 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/16 20:38:37 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2008/10/16 20:38:37 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2008/10/16 20:38:37 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2008/10/16 20:38:37 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/10/16 20:38:37 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2008/10/16 20:38:37 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/10/16 20:38:37 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2008/10/16 20:38:37 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/10/16 20:38:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2008/10/16 20:38:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2008/10/16 20:38:37 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2008/10/16 20:38:37 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2008/10/16 20:38:35 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2008/10/16 20:38:35 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2008/10/16 20:38:35 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2008/10/16 20:38:35 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/10/16 20:38:35 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2008/10/16 20:38:35 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2008/10/16 20:38:35 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2008/10/16 20:38:35 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2008/10/16 20:38:35 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\extmgr.dll
[2008/10/16 20:38:35 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2008/10/16 20:38:35 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2008/10/16 20:38:35 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/10/16 20:38:34 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2008/10/16 20:38:34 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2008/10/16 20:38:34 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2008/10/16 20:38:34 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2008/10/16 20:38:34 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2008/10/16 20:38:34 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2008/10/16 14:09:44 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2008/10/16 14:09:40 | 00,031,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2008/10/16 14:07:46 | 00,023,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2008/10/16 14:07:44 | 00,023,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/10/16 14:07:14 | 00,018,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2008/10/16 14:06:48 | 00,268,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/10/16 14:06:48 | 00,208,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2008/10/16 14:06:48 | 00,027,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/10/16 13:11:09 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2008/10/16 13:11:09 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2008/10/16 13:11:09 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2008/10/16 13:11:09 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/10/15 16:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 16:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2008/10/15 07:04:53 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2008/10/15 07:04:53 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2008/10/15 02:20:00 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/10/12 13:11:42 | 00,511,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
< End of report >

How do i get the MBAM log ?
  • 0

#6
Emma_uk
Posted 11 December 2008 - 06:10 AM

Emma_uk

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
sorry im being stupid. just doing another mbam scan now for you. will post when finished :)
  • 0

#7
Emma_uk
Posted 11 December 2008 - 06:24 AM

Emma_uk

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Heres the MBAM log :)


Malwarebytes' Anti-Malware 1.31
Database version: 1483
Windows 5.1.2600 Service Pack 3

11/12/2008 12:22:28
mbam-log-2008-12-11 (12-22-28).txt

Scan type: Full Scan (C:\|)
Objects scanned: 86276
Time elapsed: 14 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
RatHat
Posted 11 December 2008 - 06:25 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Emma,

To get the MBAM log, open MBAM and click on the Logs tab. Choose the most recent log (they are dated) and click Open. Copy and paste the contents into your next reply.
  • 0

#9
Emma_uk
Posted 11 December 2008 - 06:26 AM

Emma_uk

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
posted it already above :)
  • 0

#10
RatHat
Posted 11 December 2008 - 07:02 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
We must have posted at the same time.
  • 0

Advertisements

#11
RatHat
Posted 11 December 2008 - 07:23 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [] "C:\WINDOWS\Options\OEMReset.exe" /Audit
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis, reboot and post me a fresh HijackThis log in your next reply.


Lets run an F-Secure online scan:
  • Go to http://support.f-sec.../home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take a while, so please be patient

Regards,
RatHat
  • 0

#12
Emma_uk
Posted 11 December 2008 - 07:37 AM

Emma_uk

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:21, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212000842109
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

--
End of file - 5724 bytes
:)
  • 0

#13
RatHat
Posted 11 December 2008 - 07:42 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, that is the restrictions removed. Lets see what F-Secure turns up.
  • 0

#14
Emma_uk
Posted 11 December 2008 - 07:44 AM

Emma_uk

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Just wanna say thanks for your help. your being brilliant :)
  • 0

#15
Emma_uk
Posted 11 December 2008 - 08:17 AM

Emma_uk

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
your right it does take a while to finish..lol

found 8 instances of spyware so far :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP