Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

W32/SDBOT WORM infection - slserv.exe eating CPU [Solved]

Started by jems , Apr 24 2009 08:39 AM

  • This topic is locked This topic is locked

#1
jems
Posted 24 April 2009 - 08:39 AM

jems

    Member

  • Member
  • PipPip
  • 58 posts
I have recently noticed that a program slserv.exe has been eating my CPU everytime I start up my computer.

I was running Trend Micro Internet Security 2007 and I remember it said the computer was under attack but it seems to have failed to destroy the worm. Instead the anti-virus stopped updated. I uninstalled and got hold of 2008 which I installed - it found 2 trogan horses and removed them successfully.

However - the slserv.exe is still there and still running at start up. It is in my c/windows/system32 folder but when I delete the file it just reappears a minute later. Even if I close the slserv.exe in my task manager it is still running slowly with lag.

Does anyone have any idea how I can rid of it?
  • 0

Advertisements

#2
Essexboy
Posted 24 April 2009 - 01:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Please follow all of the steps in this section of the Malware Forum. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post the rooter and OTLI Logs in this thread
  • 0

#3
jems
Posted 25 April 2009 - 04:27 PM

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Ok I followed all the stuff in the Malware Threads and the slserv.exe is still running at start up and can't be deleted. I wondered - should I try it in safe mode?

Anyway - here are my logs - I hope this is everything you need. Let me know if there is anything else I can try.

Oh, btw - I had closed the slserv.exe in the task manager before doing all this so it';s not listed in the log. I hope that doesn't call problems - the thing is I can't run my laptop with it running as it easts CPU.

ROOTER LOG

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:57223 Mo/Free:1432 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

25/04/2009|23:06

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
---------- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
---------- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
---------- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
---------- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
---------- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\NETGEAR\WG111T\wlan111t.exe
---------- C:\PROGRA~1\TRENDM~2\INTERN~1\TmPfw.exe
---------- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\Jemma\Application Data\Azureus\torrents\+{mininova.org}+ NVIDIA PureVideo Decoder v1 02 233 Incl Keygen-SSG rar.torrent
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\Tracked_by_Demonoid_com.txt
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\WinRaR.v3.40.Crack
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\WinRaR.v3.40.exe
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\WinRaR.v3.40.Crack\WinRaR v3.40 Crack By TEAM [email protected]


1 - "C:\Rooter$\Rooter_1.txt" - 25/04/2009|23:08

----------------------\\ Scan completed at 23:08



OTLI log

OTListIt logfile created on: 25/04/2009 23:11:45 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Jemma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.36 Mb Total Physical Memory | 551.98 Mb Available Physical Memory | 53.94% Memory free
2.40 Gb Paging File | 2.09 Gb Available in Paging File | 87.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.40 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEMMASLAPTOP
Current User Name: Jemma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Jemma\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Stopped]) -- File not found
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HotspotShieldService [Auto | Running]) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssSrv [Auto | Running]) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SfCtlCom [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (SLService [Auto | Stopped]) -- C:\WINDOWS\system32\slserv.exe (Smart Link)
SRV - (TMBMServer [Auto | Running]) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmPfw [On_Demand | Running]) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (tmproxy [On_Demand | Running]) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AR5523 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wg11tnd5.sys (NETGEAR, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (cdrbsvsd [System | Running]) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (DNINDIS5 [On_Demand | Running]) -- C:\WINDOWS\System32\DNINDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DP83815 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\DP83815.SYS (National Semiconductor Corp.)
DRV - (FA312 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\FA312nd5.sys (NETGEAR Corp.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HssDrv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HssDrv.sys (AnchorFree Inc.)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Mtlmnt5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys ( )
DRV - (Mtlstrm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys ( )
DRV - (NtMtlFax [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys ( )
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RecAgent [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RecAgent.sys (Smart Link)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sea1bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sea1bus.sys (MCCI)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Slntamr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\slntamr.sys ( )
DRV - (SlNtHal [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Slnthal.sys ( )
DRV - (SlWdmSup [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys (Vireo Software)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (tapvpn [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tapvpn.sys (The OpenVPN Project)
DRV - (tmactmon [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmcfw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmevtmgr [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmpreflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV - (tmtdi [System | Running]) -- C:\WINDOWS\system32\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV - (tmxpflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV - (VIAudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (vsapint [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\vsapint.sys (Trend Micro Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "IMDb"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.4.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/23 21:13:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/23 21:13:45 | 00,000,000 | ---D | M]

[2008/09/08 18:00:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jemma\Application Data\mozilla\Extensions
[2008/09/08 18:00:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jemma\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/25 12:09:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jemma\Application Data\mozilla\Firefox\Profiles\ozntwpuz.default\extensions
[2009/04/03 13:22:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jemma\Application Data\mozilla\Firefox\Profiles\ozntwpuz.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2008/09/08 18:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jemma\Application Data\mozilla\Firefox\Profiles\ozntwpuz.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2007/10/20 22:09:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jemma\Application Data\mozilla\Firefox\Profiles\ozntwpuz.default\extensions\[email protected]
[2008/06/22 21:15:50 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Jemma\Application Data\Mozilla\FireFox\Profiles\ozntwpuz.default\searchplugins\IMDb.xml
[2008/06/22 21:15:50 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Jemma\Application Data\Mozilla\FireFox\Profiles\ozntwpuz.default\searchplugins\wikipedia.xml
[2009/04/25 12:09:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/23 21:13:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/18 23:43:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/28 15:15:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/11/18 21:19:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/07/29 18:36:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/04/23 21:13:32 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 21:13:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 20:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (848 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Auto EPSON Stylus Photo R320 Series on P180] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P43 "Auto EPSON Stylus Photo R320 Series on P180" /O15 "\\P180\Printer3" /M "Stylus Photo R320" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 44 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1137856395541 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{C62C0F5C-E356-4BF7-A87E-BAA20762F887}\\NameServer = 213.208.106.213,213.208.106.212
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{e8d4fee2-0177-11dc-ad4a-000fb59bae59}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2019/01/23 00:55:21 | 00,000,012 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2019/01/23 00:51:45 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/04/25 23:09:09 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jemma\Desktop\OTListIt2.exe
[2009/04/25 23:06:03 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/25 23:05:44 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Jemma\Desktop\Rooter.exe
[2009/04/25 22:19:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/25 22:19:44 | 00,000,780 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/25 22:19:41 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/25 22:19:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jemma\Application Data\SUPERAntiSpyware.com
[2009/04/25 22:19:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/25 22:18:21 | 06,289,952 | ---- | C] () -- C:\Documents and Settings\Jemma\Desktop\SUPERAntiSpyware.exe
[2009/04/25 12:42:56 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/04/25 12:41:48 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/04/25 12:41:38 | 00,175,504 | ---- | C] () -- C:\Documents and Settings\Jemma\Desktop\activescan2_en.exe
[2009/04/25 12:27:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jemma\Application Data\Malwarebytes
[2009/04/25 12:27:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/25 12:27:41 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/25 12:27:38 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/25 12:27:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/25 12:27:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/25 12:06:41 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jemma\Desktop\mbam-setup.exe
[2009/04/23 22:16:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2009/04/23 21:59:25 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/04/23 21:59:25 | 00,052,496 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/04/23 21:59:25 | 00,052,240 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2009/04/23 21:58:54 | 00,000,799 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Trend Micro Internet Security.lnk
[2009/04/23 21:57:11 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/23 21:49:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro Anti Virus
[2009/04/23 21:24:44 | 81,779,752 | ---- | C] (Trend Micro Inc. ) -- C:\Documents and Settings\Jemma\Desktop\TrendMicro_TIS_16.1_1063_x32.exe
[2009/04/23 21:19:42 | 00,418,816 | ---- | C] () -- C:\Documents and Settings\Jemma\Desktop\TIS_2008_installation_guideline_for_SHELL.DOC
[2009/04/15 22:24:38 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 22:24:38 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 22:24:37 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 22:24:37 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 22:24:36 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 22:24:36 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 22:24:34 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 22:24:34 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 22:24:34 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 22:21:54 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 22:21:53 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 22:21:53 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 19:52:51 | 00,082,174 | ---- | C] () -- C:\DOCUME~1\Jemma\My Documents\Tesco.com - Your Grocery or..0002.tif
[2009/03/30 13:04:27 | 00,026,112 | ---- | C] () -- C:\DOCUME~1\Jemma\My Documents\tax letter.doc
[2009/03/29 16:18:18 | 30,426,779 | ---- | C] () -- C:\Documents and Settings\Jemma\Desktop\Aqualung - Still Life.piz
[2007/11/25 21:42:52 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/11/25 21:33:32 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDER320.ini
[2006/09/22 18:58:44 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/03/12 22:03:02 | 00,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/30 22:58:08 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/30 22:01:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/22 23:29:11 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/01/21 16:01:25 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/01/21 16:01:25 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/01/21 15:37:26 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2006/01/21 15:37:26 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2006/01/21 15:37:26 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2006/01/21 15:28:18 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2005/10/14 11:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 10:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 10:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 10:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 10:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 10:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 10:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 10:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 10:56:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2003/04/24 18:20:00 | 00,521,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2003/04/24 18:20:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2003/04/24 18:20:00 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2003/04/24 18:20:00 | 00,085,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2003/04/24 18:19:00 | 01,295,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2003/04/24 18:19:00 | 00,210,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2003/04/24 18:19:00 | 00,162,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2003/04/24 18:19:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2002/08/29 13:00:00 | 00,000,523 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/04/25 23:10:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/25 23:09:14 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jemma\Desktop\OTListIt2.exe
[2009/04/25 23:05:56 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Jemma\Desktop\Rooter.exe
[2009/04/25 22:51:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/25 22:51:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/25 22:19:44 | 00,000,780 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/25 22:18:21 | 06,289,952 | ---- | M] () -- C:\Documents and Settings\Jemma\Desktop\SUPERAntiSpyware.exe
[2009/04/25 12:41:39 | 00,175,504 | ---- | M] () -- C:\Documents and Settings\Jemma\Desktop\activescan2_en.exe
[2009/04/25 12:27:41 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/25 12:07:17 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jemma\Desktop\mbam-setup.exe
[2009/04/23 21:58:54 | 00,000,799 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Trend Micro Internet Security.lnk
[2009/04/23 21:39:27 | 81,779,752 | ---- | M] (Trend Micro Inc. ) -- C:\Documents and Settings\Jemma\Desktop\TrendMicro_TIS_16.1_1063_x32.exe
[2009/04/23 21:23:22 | 00,000,523 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/23 21:23:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/23 21:23:22 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/04/23 21:19:44 | 00,418,816 | ---- | M] () -- C:\Documents and Settings\Jemma\Desktop\TIS_2008_installation_guideline_for_SHELL.DOC
[2009/04/21 15:12:24 | 00,000,574 | ---- | M] () -- C:\DOCUME~1\Jemma\My Documents\My Sharing Folders.lnk
[2009/04/21 12:25:48 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/21 12:25:44 | 00,139,264 | ---- | M] () -- C:\Documents and Settings\Jemma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 15:00:35 | 00,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/17 15:00:35 | 00,381,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 15:00:35 | 00,053,616 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/14 19:52:53 | 00,082,174 | ---- | M] () -- C:\DOCUME~1\Jemma\My Documents\Tesco.com - Your Grocery or..0002.tif
[2009/04/06 15:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/30 13:04:27 | 00,026,112 | ---- | M] () -- C:\DOCUME~1\Jemma\My Documents\tax letter.doc
[2009/03/29 16:24:27 | 30,426,779 | ---- | M] () -- C:\Documents and Settings\Jemma\Desktop\Aqualung - Still Life.piz
[2009/03/27 07:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
< End of report >


EXTRAS

OTListIt Extras logfile created on: 25/04/2009 23:11:45 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Jemma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.36 Mb Total Physical Memory | 551.98 Mb Available Physical Memory | 53.94% Memory free
2.40 Gb Paging File | 2.09 Gb Available in Paging File | 87.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.40 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEMMASLAPTOP
Current User Name: Jemma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 File not found
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus File not found
C:\Program Files\Bit Lord 1.1\BitLord.exe:*:Enabled:BitLord (www.BitLord.com)
C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 File not found
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\Gizmo Project for LJ Talk\Gizmo-LJ.exe:*:Enabled:Gizmo Project for LJ Talk File not found
C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe:*:Disabled:Bonjour File not found
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35AC8A61-6D0C-4B36-9DFA-86B5276AE38D}" = DP8381x 10/100 PCI Network Adapter Driver
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{668B2B3A-4241-409F-A4AE-79B5016A487E}" = Sony Ericsson PC Suite
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"ATI Display Driver" = ATI Display Driver
"BitLord" = BitLord 1.1
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR320 Reference Guide" = ESPR320 Reference Guide
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"HotspotShield" = Hotspot Shield 1.12
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{35AC8A61-6D0C-4B36-9DFA-86B5276AE38D}" = DP8381x 10/100 PCI Network Adapter Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Paradise Poker" = Paradise Poker
"RealPlayer 6.0" = RealPlayer
"SLAMRNTV" = Smart Link 56K Modem
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/08/2008 08:53:28 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.7.1.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/08/2008 08:57:46 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.7.1.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/08/2008 11:33:44 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/11/2008 16:48:15 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application PhotoshopElements.exe, version 2.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/03/2009 08:51:44 | Computer Name = JEMMASLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.8.1, faulting module libvout_directx_plugin.dll,
version 0.0.0.0, fault address 0x000058f3.

Error - 17/03/2009 13:14:55 | Computer Name = JEMMASLAPTOP | Source = MsiInstaller | ID = 11316
Description = Product: Windows Live Sign-in Assistant -- Error 1316. A network error
occurred while attempting to read from the file: C:\DOCUME~1\Jemma\LOCALS~1\Temp\IXP000.TMP\Install_{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}.msi

Error - 30/03/2009 15:12:17 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application pccguide.exe, version 15.30.0.1231, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/03/2009 15:12:17 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application pccguide.exe, version 15.30.0.1231, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/03/2009 15:13:24 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 396083397.

Error - 30/03/2009 15:13:57 | Computer Name = JEMMASLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 24/04/2009 10:00:22 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 25/04/2009 06:51:57 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%2

Error - 25/04/2009 06:56:15 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7034
Description = The SmartLinkService service terminated unexpectedly. It has done
this 1 time(s).

Error - 25/04/2009 07:37:02 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%2

Error - 25/04/2009 07:37:02 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 25/04/2009 07:38:44 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7034
Description = The SmartLinkService service terminated unexpectedly. It has done
this 1 time(s).

Error - 25/04/2009 17:42:42 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%2

Error - 25/04/2009 17:43:39 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7034
Description = The SmartLinkService service terminated unexpectedly. It has done
this 1 time(s).

Error - 25/04/2009 17:51:17 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%2

Error - 25/04/2009 17:51:35 | Computer Name = JEMMASLAPTOP | Source = Service Control Manager | ID = 7034
Description = The SmartLinkService service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
  • 0

#4
Essexboy
Posted 26 April 2009 - 04:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again, a few things to note firstly cracks are not good for your system health. Remember there is no such thing as a free lunch and look at the original definition of Trojan horse . Gentle warning complete :)

slserv.exe is installed alongside Smartlink communication products and offers additional support to the modem service. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems.

But as you are using netgear and it does not appear to affect your internet you can leave it permanently disabled. If you wish I can show you how to do that

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found

:Files
C:\DOCUME~1\Jemma\Application Data\Azureus\torrents\+{mininova.org}+ NVIDIA PureVideo Decoder v1 02 233 Incl Keygen-SSG rar.torrent
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\Tracked_by_Demonoid_com.txt
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\WinRaR.v3.40.Crack
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\WinRaR.v3.40.exe
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\WinRaR.v3.40.Crack\WinRaR v3.40 Crack By TEAM [email protected]

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

Could you let me know how your system is running on completion
  • 0

#5
jems
Posted 26 April 2009 - 06:08 AM

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I hear you on the cracks. I'm not the only person using this laptop so I can plead innoncence (and shout at others). Are there things I should uninstall.....azuerus.....others? Maybe you can let me know. Thanks.

And thanks so much for offering to help.

Before I post the log can I ask - are you suggesting the slserv.exe is harmless when running in the background and only poses a threat when using 90% of my CPU? Because I did delete and remove a few worm / TH when I ran the malware software suggested in the clean up threads.??

Ok, I posted your fix and the new log is:

========== OTLISTIT ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
========== FILES ==========
C:\DOCUME~1\Jemma\Application Data\Azureus\torrents\+{mininova.org}+ NVIDIA PureVideo Decoder v1 02 233 Incl Keygen-SSG rar.torrent moved successfully.
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\WinRaR.v3.40.Crack moved successfully.
C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack moved successfully.
File/Folder C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\Tracked_by_Demonoid_com.txt not found.
File/Folder C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\WinRaR.v3.40.Crack not found.
File/Folder C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\WinRaR.v3.40.exe not found.
File/Folder C:\DOCUME~1\Jemma\My Documents\Computer Stuff\WinRaR.v3.40+Crack\WinRaR.v3.40.Crack\WinRaR v3.40 Crack By TEAM [email protected] not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Jemma\Local Settings\Temp\etilqs_h5iktHnJy5O2acAb1RkF scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Jemma\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Jemma\Local Settings\Application Data\Mozilla\Firefox\Profiles\ozntwpuz.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jemma\Local Settings\Application Data\Mozilla\Firefox\Profiles\ozntwpuz.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jemma\Local Settings\Application Data\Mozilla\Firefox\Profiles\ozntwpuz.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jemma\Local Settings\Application Data\Mozilla\Firefox\Profiles\ozntwpuz.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jemma\Local Settings\Application Data\Mozilla\Firefox\Profiles\ozntwpuz.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jemma\Local Settings\Application Data\Mozilla\Firefox\Profiles\ozntwpuz.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04262009_125823

Files moved on Reboot...
File C:\Documents and Settings\Jemma\Local Settings\Temp\etilqs_h5iktHnJy5O2acAb1RkF not found!
File move failed. C:\Documents and Settings\Jemma\Local Settings\Application Data\Mozilla\Firefox\Profiles\ozntwpuz.default\Cache\_CACHE_001_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Jemma\Local Settings\Application Data\Mozilla\Firefox\Profiles\ozntwpuz.default\Cache\_CACHE_002_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Jemma\Local Settings\Application Data\Mozilla\Firefox\Profiles\ozntwpuz.default\Cache\_CACHE_003_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Jemma\Local Settings\Application Data\Mozilla\Firefox\Profiles\ozntwpuz.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Jemma\Local Settings\Application Data\Mozilla\Firefox\Profiles\ozntwpuz.default\urlclassifier3.sqlite scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Jemma\Local Settings\Application Data\Mozilla\Firefox\Profiles\ozntwpuz.default\XUL.mfl scheduled to be moved on reboot.

Registry entries deleted on Reboot...




I am posting this now so I don't loose it and will spend some time on my laptop to see how it's running over the next hour or so and will repost. :)

thanks.


ETA: Looking at that it looks like I forgot to reboot? I did restart my laptopt (and when it restrated it asked me what file I wanted to use to open something but I have no idea what......)

I'll restart and spend some time seeing if its running ok. Let me know if I need to post another log (and apologies if I did it wrong).

thanks again.

Edited by jems, 26 April 2009 - 06:11 AM.

  • 0

#6
Essexboy
Posted 26 April 2009 - 06:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Before I post the log can I ask - are you suggesting the slserv.exe is harmless when running in the background and only poses a threat when using 90% of my CPU?

It is a legitimate file. However, it does seem to be using a lot of the cpu and as you do not require it to be running then disabling should suffice

Let me know if you get any further problems or if it is running OK
  • 0

#7
jems
Posted 26 April 2009 - 09:13 AM

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
HI there.

I have been uninstalling and updating a few files and such this afternoon and I left the slserv.exe running in the background to see if it would start taking up the CPU, but IT DIDN'T!! :)

So perhaps the Malawarebytes program did get rid of whatever was infecting it after all. Or the log thing you did for me!? I dunno but it seems ok.

Thanks so much for your help. Hopefully this is the end of this problem.
  • 0

#8
Essexboy
Posted 26 April 2009 - 09:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Probably a combination of both :) Let your system run now for 24 hours and if there is a problem come back, otherwise. P2P programmes themselves are not dangerous it is what they can bring down, so use with caution

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..Run OTListit and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#9
jems
Posted 26 April 2009 - 05:25 PM

jems

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Ok, i have been on my laptop all day and it's working as well as ever.

I have uninstalled the P2P stuff today (never use them anyway), along with some other programs I was no longer using and which were just taking up memory and the old versions of Java.

I ran the OTListit Clean Up.

I have updated Java.

I am keeping the malware software - I used to use search and destroy but it isn't compatible with trend micro so I wasn't currently running any malware regularly (probably why i got the worm in the first place). SO I have downloaded Spyware Baslter too.

Thanks again for all the help and for poking me to uninstall programs I never use. :)
  • 0

#10
Essexboy
Posted 27 April 2009 - 12:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP