Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer disk space being used up without doing anything

Started by ferns , Sep 18 2011 05:45 AM

This topic is locked

#1
ferns

Posted 18 September 2011 - 05:45 AM

Member

Member
48 posts

Please can you help, my free space is disappearing from my pc without doing anything.

I have tried uninstalling some programs but i keep on getting low disk space even after it says low disk space resolved and I have just left it on without doing anything the low disk space comes back. I am using Windows 7.

Below is the OTL log

OTL logfile created on: 18/09/2011 12:30:21 - Run 1
OTL by OldTimer - Version 3.2.29.0 Folder = C:\Users\danmarc\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 37.40% Memory free
3.98 Gb Paging File | 2.34 Gb Available in Paging File | 58.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 19.49 Gb Total Space | 0.15 Gb Free Space | 0.76% Space Free | Partition Type: NTFS
Drive D: | 26.17 Gb Total Space | 1.14 Gb Free Space | 4.37% Space Free | Partition Type: FAT32
Drive E: | 465.76 Gb Total Space | 195.80 Gb Free Space | 42.04% Space Free | Partition Type: NTFS
Drive F: | 191.95 Gb Total Space | 1.41 Gb Free Space | 0.73% Space Free | Partition Type: FAT32
Drive G: | 60.40 Gb Total Space | 19.94 Gb Free Space | 33.02% Space Free | Partition Type: FAT32
Unable to calculate disk information.
Drive K: | 392.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANMARC-PC | User Name: danmarc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/18 12:29:24 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\danmarc\Desktop\OTL.exe
PRC - [2011/09/09 19:00:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/18 17:22:56 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2010/02/10 09:25:04 | 001,825,672 | ---- | M] (JAM Software) -- C:\Program Files\JAM Software\TreeSize Free\TreeSizeFree.exe
PRC - [2009/10/20 20:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/24 09:51:12 | 000,803,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2009/03/04 15:52:58 | 000,202,016 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtsvc.exe
PRC - [2009/03/04 15:52:22 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtcmd.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/04/25 15:23:16 | 000,327,328 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\PAP7501\GUCI_AVS.exe
PRC - [2007/12/17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/09/15 14:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe
PRC - [2006/07/07 16:04:32 | 000,258,048 | ---- | M] () -- C:\Windows\tsnp2std.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/09 19:00:12 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/29 18:02:47 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/01 21:10:39 | 000,077,312 | ---- | M] () -- C:\Users\danmarc\AppData\Roaming\Mozilla\Firefox\Profiles\lnelfhw1.default\extensions\{d2f11e2d-ce79-4e76-84c6-6da2b318c2a3}\components\RadioWMPCoreGecko6.dll
MOD - [2006/07/07 16:04:32 | 000,258,048 | ---- | M] () -- C:\Windows\tsnp2std.exe

========== Win32 Services (SafeList) ==========

SRV - [2010/09/24 17:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/08/18 17:22:56 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2010/06/07 23:49:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/04 15:52:58 | 000,202,016 | R--- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)
SRV - [2007/12/17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

========== Driver Services (SafeList) ==========

DRV - [2011/08/11 19:31:24 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/02/18 05:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/01/03 09:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 09:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/01/03 09:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/04/07 12:16:16 | 000,376,160 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2010/01/17 18:09:29 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/11/03 17:33:40 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/28 03:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/06/17 13:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/09/12 14:51:18 | 011,986,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 85 63 94 03 61 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {d2f11e2d-ce79-4e76-84c6-6da2b318c2a3}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/09 19:00:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/31 21:38:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/01/17 18:09:53 | 000,000,000 | ---D | M]

[2010/09/28 21:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\danmarc\AppData\Roaming\Mozilla\Extensions
[2010/09/28 21:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\danmarc\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/03 18:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\danmarc\AppData\Roaming\Mozilla\Firefox\Profiles\lnelfhw1.default\extensions
[2011/08/03 18:29:03 | 000,000,000 | ---D | M] (satkings Community Toolbar) -- C:\Users\danmarc\AppData\Roaming\Mozilla\Firefox\Profiles\lnelfhw1.default\extensions\{d2f11e2d-ce79-4e76-84c6-6da2b318c2a3}
[2011/05/13 17:01:13 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\danmarc\AppData\Roaming\Mozilla\Firefox\Profiles\lnelfhw1.default\extensions\[email protected]
[2010/10/24 13:31:13 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\danmarc\AppData\Roaming\Mozilla\Firefox\Profiles\lnelfhw1.default\extensions\vshare@toolbar
[2011/04/22 19:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/20 10:16:53 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/09/09 19:00:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/10 22:45:21 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/10 22:45:21 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/10 22:45:21 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/10 22:45:21 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/10 22:45:21 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [O2] C:\Program Files\O2\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PAP7501_Monitor] C:\Windows\Pixart\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe ()
O4 - HKCU..\Run: [EPSON BX300F Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Users\danmarc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\danmarc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6A53AF6-49D8-4D3A-A6C6-C15E195F6566}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC603E5F-D566-492A-A4D8-02A844B8A598}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/04 23:22:46 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/02/07 15:30:18 | 000,000,146 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3909b386-0385-11df-bd93-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3909b386-0385-11df-bd93-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{3909b386-0385-11df-bd93-806e6f6e6963}\Shell\install\command - "" = H:\Setup.exe
O33 - MountPoints2\{c0b147ad-41cb-11e0-bc08-00138fac94c0}\Shell - "" = AutoRun
O33 - MountPoints2\{c0b147ad-41cb-11e0-bc08-00138fac94c0}\Shell\AutoRun\command - "" = L:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{c0b147ad-41cb-11e0-bc08-00138fac94c0}\Shell\Option1\Command - "" = L:\hbcd\wintools\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/18 12:30:05 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\danmarc\Desktop\OTL.exe
[2011/09/18 11:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2011/09/18 11:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/09/18 11:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/09/18 11:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/09/18 11:33:17 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\Google
[2011/09/18 11:26:23 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{CE533430-DD00-42FF-87DA-93FEFDE04B53}
[2011/09/18 11:26:10 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{0819E622-8213-4CF6-BD8B-9C54A71C815C}
[2011/09/17 21:07:22 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{D5235C76-65AB-40EA-BB06-607E72989447}
[2011/09/17 21:07:08 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{FE43AB33-B608-4429-AD44-2E255F6C763B}
[2011/09/17 13:22:35 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{D3EC51D4-9898-4AD9-90B9-23C44BE8B5DA}
[2011/09/17 13:22:24 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{201405E3-0384-4C2D-95F2-36539A97E723}
[2011/09/15 22:06:16 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{E8E47B43-FAEB-44A9-9891-647358939B23}
[2011/09/15 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{F42CDD60-FE1A-4F5D-8DD6-FC9AE37D9C15}
[2011/09/14 19:22:33 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{F873DF72-B3AF-4E5F-AC81-0C637E87A59C}
[2011/09/14 19:22:18 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{5C8C18BE-8C6E-4DE3-90F7-80FC8E1C3BCB}
[2011/09/11 18:51:54 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{7507C148-BD0E-471C-BEF6-82481CB62DB8}
[2011/09/11 18:51:43 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{4A84EC0E-6153-43FF-9B2F-9E1599EB2967}
[2011/09/11 08:44:32 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{55B8538C-1B7E-43EB-A326-F4EB435A3EBF}
[2011/09/11 08:44:18 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{FC484C76-A0E6-49BF-BD9B-BC4D4486D4D5}
[2011/09/10 12:07:56 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{B5F57B49-B9F4-416F-BBE8-760701F2E074}
[2011/09/10 12:07:44 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{B8D6C138-81E1-4775-B5B6-08C0708688F3}
[2011/09/09 11:10:04 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{AA991FC3-2056-423A-AD16-6283C4AD2490}
[2011/09/09 11:09:52 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{C6812FD9-7B1E-452B-B081-260539E22CC1}
[2011/09/06 22:58:57 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{959DCCDF-8214-4C44-B647-30F042DD86A4}
[2011/09/06 22:58:46 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{9082F3B4-1CB6-44A5-883B-A83BCF8718F5}
[2011/09/06 18:45:38 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{147B9947-7B1B-47FA-8F9A-37DD542EA98E}
[2011/09/06 18:45:26 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{BB13328F-EF90-4312-A468-4C05534CC7D6}
[2011/09/05 10:22:34 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{F0F83038-70C9-4911-9D4C-A70FC4DABD94}
[2011/09/05 10:22:12 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{FCB5071D-44CF-4A93-9ADC-EF1AF3DDE67C}
[2011/09/05 09:37:51 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{AF3F1C56-E0BE-493B-AB30-A8F8C94B6F4D}
[2011/09/05 09:37:37 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{ED568A4F-FF4B-4EF1-A220-8DE2770583FA}
[2011/09/04 00:36:34 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{A7D327C4-9796-4E35-BB93-3EE480F4164E}
[2011/09/04 00:36:23 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{1957A2E7-F4E3-4EB3-9333-AD8A28ED5DBD}
[2011/09/03 11:31:31 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{B5841568-F1C2-4B7E-B16B-4CDFD056F63E}
[2011/09/03 11:31:14 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{78B897E6-8383-41BB-BFAB-3CA9F63F49A8}
[2011/09/02 19:19:52 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{3F230BBA-1EAD-4AA6-A993-D86572D371EF}
[2011/09/02 19:19:41 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{D7372856-0D96-4ADF-B6F0-256AB6CF662A}
[2011/09/02 10:06:04 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{0E09EA29-ACE5-4744-9AEE-A25E2B230978}
[2011/09/02 10:05:52 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{2E0D5F83-4E62-4811-BF6A-3CE43E9C43B9}
[2011/09/01 23:29:30 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{851268DD-1ECE-4E15-815A-86CD82878193}
[2011/09/01 23:29:17 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{DD965E93-313F-4F88-BB94-9A663AEA2791}
[2011/08/31 09:34:46 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{6F46B70C-5A08-46C4-A9D9-142515EC8CE1}
[2011/08/31 09:34:36 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{419F139A-90E1-4EA2-8E09-11CD32A27BC1}
[2011/08/30 15:06:10 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{4DB045DE-BE4B-4690-AECC-474C11AB0608}
[2011/08/30 15:05:55 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{2318E993-DB6F-4C88-95C2-E65AED18FE7A}
[2011/08/29 18:02:07 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{F47976B2-D518-4F56-AEA4-CB0956154343}
[2011/08/29 18:01:50 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{5AD4195D-378B-4989-AD0C-2D2C24C5D6E8}
[2011/08/28 19:13:10 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{E267AF10-B638-4335-AA57-66BF57371FAE}
[2011/08/28 19:12:56 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{ED4A238E-887E-4EAB-8454-C8CA54743B95}
[2011/08/27 18:50:23 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{5A23522A-42D7-4A46-8FCB-C4C96B329811}
[2011/08/27 18:50:11 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{47E1C752-6E9F-457C-8AEA-B033AA939A86}
[2011/08/27 16:19:58 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{EC2D2333-D879-49A3-ACDB-4C3C718AA1A9}
[2011/08/27 16:19:48 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{457F3FC7-D7A6-48C0-9488-87EC55FEE1F6}
[2011/08/26 17:01:04 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{E9453A08-853F-4BE8-9218-93391C505C5F}
[2011/08/26 17:00:51 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{0743C469-3A80-4685-A6E1-0D67D6E2B836}
[2011/08/25 12:58:46 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{B03898C4-EC81-43D7-9593-9106DF6401DA}
[2011/08/25 12:58:31 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{05334A91-3D84-4883-A37B-FFFCB0385D79}
[2011/08/24 15:01:03 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{99EF73A8-1E27-4910-99AF-4B0E780E9926}
[2011/08/24 15:00:51 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{CC3041EC-AA35-4292-9E22-AC4A38EA57E7}
[2011/08/23 21:08:12 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{91503FD6-3D79-4813-B69D-E8C1C635F1E7}
[2011/08/23 21:07:53 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{4FFFDEAC-ABEC-45F5-9160-DA03E1A6886F}
[2011/08/22 20:26:09 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{BC2538AE-C91F-4230-AC58-B8A24F9412A0}
[2011/08/22 20:25:55 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{A2A321AF-651D-4951-9D37-062FFE618880}
[2011/08/21 13:22:42 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{BDA4B9B0-DC16-4A39-A8BA-2B1A79D38D60}
[2011/08/21 13:22:27 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{35EDB33F-DAE9-4DA1-BA7C-DE2C0223C4E6}
[2010/01/17 22:59:34 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2010/01/17 22:59:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/18 12:29:24 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\danmarc\Desktop\OTL.exe
[2011/09/18 11:46:10 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/18 11:46:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/18 10:57:36 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/18 10:57:36 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/18 10:50:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/18 10:50:10 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/17 20:25:34 | 000,664,220 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/17 20:25:34 | 000,124,956 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/14 19:38:12 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011/09/14 19:38:12 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011/09/09 19:02:17 | 000,001,998 | ---- | M] () -- C:\Users\danmarc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/02 22:19:04 | 000,032,885 | ---- | M] () -- C:\Users\danmarc\Documents\leila2.rtf
[2011/08/26 17:07:05 | 000,002,186 | ---- | M] () -- C:\Users\danmarc\Desktop\Firefox.lnk
[2011/08/25 22:19:28 | 000,001,325 | ---- | M] () -- C:\Users\danmarc\Desktop\Install JPG to PDF Converter.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/18 11:33:50 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/18 11:33:49 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/02 22:19:03 | 000,032,885 | ---- | C] () -- C:\Users\danmarc\Documents\leila2.rtf
[2011/08/26 17:07:01 | 000,002,186 | ---- | C] () -- C:\Users\danmarc\Desktop\Firefox.lnk
[2011/08/25 22:19:28 | 000,001,325 | ---- | C] () -- C:\Users\danmarc\Desktop\Install JPG to PDF Converter.lnk
[2011/08/18 18:49:24 | 000,007,604 | ---- | C] () -- C:\Users\danmarc\AppData\Local\Resmon.ResmonCfg
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/04/13 20:24:02 | 000,061,440 | ---- | C] () -- C:\Windows\System32\mjpcodec.dll
[2010/10/20 19:30:55 | 000,000,036 | ---- | C] () -- C:\Users\danmarc\AppData\Local\housecall.guid.cache
[2010/10/17 13:00:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/20 20:32:18 | 000,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2010/02/07 23:27:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/02/07 23:27:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/02/07 23:27:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/02/07 23:27:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/02/07 23:27:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/02/07 23:27:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/02/07 23:27:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/02/07 23:27:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/02/07 23:27:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/02/07 23:27:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/02/07 23:27:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/02/07 23:27:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/02/07 23:27:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/02/07 23:27:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/02/07 23:27:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/02/07 23:27:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/02/07 23:27:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/02/07 23:27:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/02/07 23:27:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/07 23:19:05 | 000,000,025 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini
[2010/01/17 22:59:57 | 000,258,048 | ---- | C] () -- C:\Windows\tsnp2std.exe
[2010/01/17 22:59:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2010/01/17 22:59:35 | 000,024,832 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2010/01/17 22:59:34 | 011,986,304 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2010/01/17 18:10:20 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/01/17 18:10:19 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/01/17 17:48:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,424,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,664,220 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,124,956 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/11/27 18:12:20 | 000,000,000 | -HSD | M] -- C:\Users\danmarc\AppData\Roaming\.#
[2010/08/23 23:13:44 | 000,000,000 | ---D | M] -- C:\Users\danmarc\AppData\Roaming\ALK Technologies
[2011/03/25 19:49:47 | 000,000,000 | ---D | M] -- C:\Users\danmarc\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/15 18:04:03 | 000,000,000 | ---D | M] -- C:\Users\danmarc\AppData\Roaming\Dropbox
[2010/04/26 22:16:15 | 000,000,000 | ---D | M] -- C:\Users\danmarc\AppData\Roaming\EPSON
[2010/10/10 21:22:17 | 000,000,000 | ---D | M] -- C:\Users\danmarc\AppData\Roaming\JAM Software
[2010/10/07 21:56:29 | 000,000,000 | ---D | M] -- C:\Users\danmarc\AppData\Roaming\JonDo
[2010/02/08 23:17:47 | 000,000,000 | ---D | M] -- C:\Users\danmarc\AppData\Roaming\OpenOffice.org
[2010/03/29 23:59:24 | 000,000,000 | ---D | M] -- C:\Users\danmarc\AppData\Roaming\Opera
[2011/08/06 10:18:34 | 000,000,000 | ---D | M] -- C:\Users\danmarc\AppData\Roaming\Samsung
[2011/07/18 17:43:07 | 000,000,000 | ---D | M] -- C:\Users\danmarc\AppData\Roaming\Spotify
[2010/04/16 23:49:50 | 000,000,000 | ---D | M] -- C:\Users\danmarc\AppData\Roaming\Stereoscopic Player
[2010/09/28 21:38:56 | 000,000,000 | ---D | M] -- C:\Users\danmarc\AppData\Roaming\Thunderbird
[2011/09/18 11:36:09 | 000,000,000 | ---D | M] -- C:\Users\danmarc\AppData\Roaming\uTorrent
[2011/08/15 12:28:33 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Edited by ferns, 18 September 2011 - 05:46 AM.

#2
maliprog

Posted 27 September 2011 - 02:57 AM

Trusted Helper

Malware Removal
6,172 posts

Hello ferns and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/09/18 11:26:23 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{CE533430-DD00-42FF-87DA-93FEFDE04B53}
[2011/09/18 11:26:10 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{0819E622-8213-4CF6-BD8B-9C54A71C815C}
[2011/09/17 21:07:22 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{D5235C76-65AB-40EA-BB06-607E72989447}
[2011/09/17 21:07:08 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{FE43AB33-B608-4429-AD44-2E255F6C763B}
[2011/09/17 13:22:35 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{D3EC51D4-9898-4AD9-90B9-23C44BE8B5DA}
[2011/09/17 13:22:24 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{201405E3-0384-4C2D-95F2-36539A97E723}
[2011/09/15 22:06:16 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{E8E47B43-FAEB-44A9-9891-647358939B23}
[2011/09/15 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{F42CDD60-FE1A-4F5D-8DD6-FC9AE37D9C15}
[2011/09/14 19:22:33 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{F873DF72-B3AF-4E5F-AC81-0C637E87A59C}
[2011/09/14 19:22:18 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{5C8C18BE-8C6E-4DE3-90F7-80FC8E1C3BCB}
[2011/09/11 18:51:54 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{7507C148-BD0E-471C-BEF6-82481CB62DB8}
[2011/09/11 18:51:43 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{4A84EC0E-6153-43FF-9B2F-9E1599EB2967}
[2011/09/11 08:44:32 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{55B8538C-1B7E-43EB-A326-F4EB435A3EBF}
[2011/09/11 08:44:18 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{FC484C76-A0E6-49BF-BD9B-BC4D4486D4D5}
[2011/09/10 12:07:56 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{B5F57B49-B9F4-416F-BBE8-760701F2E074}
[2011/09/10 12:07:44 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{B8D6C138-81E1-4775-B5B6-08C0708688F3}
[2011/09/09 11:10:04 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{AA991FC3-2056-423A-AD16-6283C4AD2490}
[2011/09/09 11:09:52 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{C6812FD9-7B1E-452B-B081-260539E22CC1}
[2011/09/06 22:58:57 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{959DCCDF-8214-4C44-B647-30F042DD86A4}
[2011/09/06 22:58:46 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{9082F3B4-1CB6-44A5-883B-A83BCF8718F5}
[2011/09/06 18:45:38 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{147B9947-7B1B-47FA-8F9A-37DD542EA98E}
[2011/09/06 18:45:26 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{BB13328F-EF90-4312-A468-4C05534CC7D6}
[2011/09/05 10:22:34 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{F0F83038-70C9-4911-9D4C-A70FC4DABD94}
[2011/09/05 10:22:12 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{FCB5071D-44CF-4A93-9ADC-EF1AF3DDE67C}
[2011/09/05 09:37:51 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{AF3F1C56-E0BE-493B-AB30-A8F8C94B6F4D}
[2011/09/05 09:37:37 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{ED568A4F-FF4B-4EF1-A220-8DE2770583FA}
[2011/09/04 00:36:34 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{A7D327C4-9796-4E35-BB93-3EE480F4164E}
[2011/09/04 00:36:23 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{1957A2E7-F4E3-4EB3-9333-AD8A28ED5DBD}
[2011/09/03 11:31:31 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{B5841568-F1C2-4B7E-B16B-4CDFD056F63E}
[2011/09/03 11:31:14 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{78B897E6-8383-41BB-BFAB-3CA9F63F49A8}
[2011/09/02 19:19:52 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{3F230BBA-1EAD-4AA6-A993-D86572D371EF}
[2011/09/02 19:19:41 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{D7372856-0D96-4ADF-B6F0-256AB6CF662A}
[2011/09/02 10:06:04 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{0E09EA29-ACE5-4744-9AEE-A25E2B230978}
[2011/09/02 10:05:52 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{2E0D5F83-4E62-4811-BF6A-3CE43E9C43B9}
[2011/09/01 23:29:30 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{851268DD-1ECE-4E15-815A-86CD82878193}
[2011/09/01 23:29:17 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{DD965E93-313F-4F88-BB94-9A663AEA2791}
[2011/08/31 09:34:46 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{6F46B70C-5A08-46C4-A9D9-142515EC8CE1}
[2011/08/31 09:34:36 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{419F139A-90E1-4EA2-8E09-11CD32A27BC1}
[2011/08/30 15:06:10 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{4DB045DE-BE4B-4690-AECC-474C11AB0608}
[2011/08/30 15:05:55 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{2318E993-DB6F-4C88-95C2-E65AED18FE7A}
[2011/08/29 18:02:07 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{F47976B2-D518-4F56-AEA4-CB0956154343}
[2011/08/29 18:01:50 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{5AD4195D-378B-4989-AD0C-2D2C24C5D6E8}
[2011/08/28 19:13:10 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{E267AF10-B638-4335-AA57-66BF57371FAE}
[2011/08/28 19:12:56 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{ED4A238E-887E-4EAB-8454-C8CA54743B95}
[2011/08/27 18:50:23 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{5A23522A-42D7-4A46-8FCB-C4C96B329811}
[2011/08/27 18:50:11 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{47E1C752-6E9F-457C-8AEA-B033AA939A86}
[2011/08/27 16:19:58 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{EC2D2333-D879-49A3-ACDB-4C3C718AA1A9}
[2011/08/27 16:19:48 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{457F3FC7-D7A6-48C0-9488-87EC55FEE1F6}
[2011/08/26 17:01:04 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{E9453A08-853F-4BE8-9218-93391C505C5F}
[2011/08/26 17:00:51 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{0743C469-3A80-4685-A6E1-0D67D6E2B836}
[2011/08/25 12:58:46 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{B03898C4-EC81-43D7-9593-9106DF6401DA}
[2011/08/25 12:58:31 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{05334A91-3D84-4883-A37B-FFFCB0385D79}
[2011/08/24 15:01:03 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{99EF73A8-1E27-4910-99AF-4B0E780E9926}
[2011/08/24 15:00:51 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{CC3041EC-AA35-4292-9E22-AC4A38EA57E7}
[2011/08/23 21:08:12 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{91503FD6-3D79-4813-B69D-E8C1C635F1E7}
[2011/08/23 21:07:53 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{4FFFDEAC-ABEC-45F5-9160-DA03E1A6886F}
[2011/08/22 20:26:09 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{BC2538AE-C91F-4230-AC58-B8A24F9412A0}
[2011/08/22 20:25:55 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{A2A321AF-651D-4951-9D37-062FFE618880}
[2011/08/21 13:22:42 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{BDA4B9B0-DC16-4A39-A8BA-2B1A79D38D60}
[2011/08/21 13:22:27 | 000,000,000 | ---D | C] -- C:\Users\danmarc\AppData\Local\{35EDB33F-DAE9-4DA1-BA7C-DE2C0223C4E6}
[2010/11/27 18:12:20 | 000,000,000 | -HSD | M] -- C:\Users\danmarc\AppData\Roaming\.#
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "No", save the log and post back the results.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

Step 3

Go Here and download JDiskReport
Install and run it to scan the C: drive.
When the Pie chart comes up, Click on "View" in the top menu and choose "Copy To Clipboard"

Open a reply here and paste (Ctrl+V) the results.

Step 4

Please don't forget to include these items in your reply:

OTL fix log
GMER log
JDiskReport log

It would be helpful if you could post each log in separate post

#3
ferns

Posted 27 September 2011 - 04:14 PM

Member

Topic Starter
Member
48 posts

maliprog thank you for your reply please find the OTL log from the moved files folder

All processes killed
========== OTL ==========
C:\Users\danmarc\AppData\Local\{CE533430-DD00-42FF-87DA-93FEFDE04B53} folder moved successfully.
C:\Users\danmarc\AppData\Local\{0819E622-8213-4CF6-BD8B-9C54A71C815C} folder moved successfully.
C:\Users\danmarc\AppData\Local\{D5235C76-65AB-40EA-BB06-607E72989447} folder moved successfully.
C:\Users\danmarc\AppData\Local\{FE43AB33-B608-4429-AD44-2E255F6C763B} folder moved successfully.
C:\Users\danmarc\AppData\Local\{D3EC51D4-9898-4AD9-90B9-23C44BE8B5DA} folder moved successfully.
C:\Users\danmarc\AppData\Local\{201405E3-0384-4C2D-95F2-36539A97E723} folder moved successfully.
C:\Users\danmarc\AppData\Local\{E8E47B43-FAEB-44A9-9891-647358939B23} folder moved successfully.
C:\Users\danmarc\AppData\Local\{F42CDD60-FE1A-4F5D-8DD6-FC9AE37D9C15} folder moved successfully.
C:\Users\danmarc\AppData\Local\{F873DF72-B3AF-4E5F-AC81-0C637E87A59C} folder moved successfully.
C:\Users\danmarc\AppData\Local\{5C8C18BE-8C6E-4DE3-90F7-80FC8E1C3BCB} folder moved successfully.
C:\Users\danmarc\AppData\Local\{7507C148-BD0E-471C-BEF6-82481CB62DB8} folder moved successfully.
C:\Users\danmarc\AppData\Local\{4A84EC0E-6153-43FF-9B2F-9E1599EB2967} folder moved successfully.
C:\Users\danmarc\AppData\Local\{55B8538C-1B7E-43EB-A326-F4EB435A3EBF} folder moved successfully.
C:\Users\danmarc\AppData\Local\{FC484C76-A0E6-49BF-BD9B-BC4D4486D4D5} folder moved successfully.
C:\Users\danmarc\AppData\Local\{B5F57B49-B9F4-416F-BBE8-760701F2E074} folder moved successfully.
C:\Users\danmarc\AppData\Local\{B8D6C138-81E1-4775-B5B6-08C0708688F3} folder moved successfully.
C:\Users\danmarc\AppData\Local\{AA991FC3-2056-423A-AD16-6283C4AD2490} folder moved successfully.
C:\Users\danmarc\AppData\Local\{C6812FD9-7B1E-452B-B081-260539E22CC1} folder moved successfully.
C:\Users\danmarc\AppData\Local\{959DCCDF-8214-4C44-B647-30F042DD86A4} folder moved successfully.
C:\Users\danmarc\AppData\Local\{9082F3B4-1CB6-44A5-883B-A83BCF8718F5} folder moved successfully.
C:\Users\danmarc\AppData\Local\{147B9947-7B1B-47FA-8F9A-37DD542EA98E} folder moved successfully.
C:\Users\danmarc\AppData\Local\{BB13328F-EF90-4312-A468-4C05534CC7D6} folder moved successfully.
C:\Users\danmarc\AppData\Local\{F0F83038-70C9-4911-9D4C-A70FC4DABD94} folder moved successfully.
C:\Users\danmarc\AppData\Local\{FCB5071D-44CF-4A93-9ADC-EF1AF3DDE67C} folder moved successfully.
C:\Users\danmarc\AppData\Local\{AF3F1C56-E0BE-493B-AB30-A8F8C94B6F4D} folder moved successfully.
C:\Users\danmarc\AppData\Local\{ED568A4F-FF4B-4EF1-A220-8DE2770583FA} folder moved successfully.
C:\Users\danmarc\AppData\Local\{A7D327C4-9796-4E35-BB93-3EE480F4164E} folder moved successfully.
C:\Users\danmarc\AppData\Local\{1957A2E7-F4E3-4EB3-9333-AD8A28ED5DBD} folder moved successfully.
C:\Users\danmarc\AppData\Local\{B5841568-F1C2-4B7E-B16B-4CDFD056F63E} folder moved successfully.
C:\Users\danmarc\AppData\Local\{78B897E6-8383-41BB-BFAB-3CA9F63F49A8} folder moved successfully.
C:\Users\danmarc\AppData\Local\{3F230BBA-1EAD-4AA6-A993-D86572D371EF} folder moved successfully.
C:\Users\danmarc\AppData\Local\{D7372856-0D96-4ADF-B6F0-256AB6CF662A} folder moved successfully.
C:\Users\danmarc\AppData\Local\{0E09EA29-ACE5-4744-9AEE-A25E2B230978} folder moved successfully.
C:\Users\danmarc\AppData\Local\{2E0D5F83-4E62-4811-BF6A-3CE43E9C43B9} folder moved successfully.
C:\Users\danmarc\AppData\Local\{851268DD-1ECE-4E15-815A-86CD82878193} folder moved successfully.
C:\Users\danmarc\AppData\Local\{DD965E93-313F-4F88-BB94-9A663AEA2791} folder moved successfully.
C:\Users\danmarc\AppData\Local\{6F46B70C-5A08-46C4-A9D9-142515EC8CE1} folder moved successfully.
C:\Users\danmarc\AppData\Local\{419F139A-90E1-4EA2-8E09-11CD32A27BC1} folder moved successfully.
C:\Users\danmarc\AppData\Local\{4DB045DE-BE4B-4690-AECC-474C11AB0608} folder moved successfully.
C:\Users\danmarc\AppData\Local\{2318E993-DB6F-4C88-95C2-E65AED18FE7A} folder moved successfully.
C:\Users\danmarc\AppData\Local\{F47976B2-D518-4F56-AEA4-CB0956154343} folder moved successfully.
C:\Users\danmarc\AppData\Local\{5AD4195D-378B-4989-AD0C-2D2C24C5D6E8} folder moved successfully.
C:\Users\danmarc\AppData\Local\{E267AF10-B638-4335-AA57-66BF57371FAE} folder moved successfully.
C:\Users\danmarc\AppData\Local\{ED4A238E-887E-4EAB-8454-C8CA54743B95} folder moved successfully.
C:\Users\danmarc\AppData\Local\{5A23522A-42D7-4A46-8FCB-C4C96B329811} folder moved successfully.
C:\Users\danmarc\AppData\Local\{47E1C752-6E9F-457C-8AEA-B033AA939A86} folder moved successfully.
C:\Users\danmarc\AppData\Local\{EC2D2333-D879-49A3-ACDB-4C3C718AA1A9} folder moved successfully.
C:\Users\danmarc\AppData\Local\{457F3FC7-D7A6-48C0-9488-87EC55FEE1F6} folder moved successfully.
C:\Users\danmarc\AppData\Local\{E9453A08-853F-4BE8-9218-93391C505C5F} folder moved successfully.
C:\Users\danmarc\AppData\Local\{0743C469-3A80-4685-A6E1-0D67D6E2B836} folder moved successfully.
C:\Users\danmarc\AppData\Local\{B03898C4-EC81-43D7-9593-9106DF6401DA} folder moved successfully.
C:\Users\danmarc\AppData\Local\{05334A91-3D84-4883-A37B-FFFCB0385D79} folder moved successfully.
C:\Users\danmarc\AppData\Local\{99EF73A8-1E27-4910-99AF-4B0E780E9926} folder moved successfully.
C:\Users\danmarc\AppData\Local\{CC3041EC-AA35-4292-9E22-AC4A38EA57E7} folder moved successfully.
C:\Users\danmarc\AppData\Local\{91503FD6-3D79-4813-B69D-E8C1C635F1E7} folder moved successfully.
C:\Users\danmarc\AppData\Local\{4FFFDEAC-ABEC-45F5-9160-DA03E1A6886F} folder moved successfully.
C:\Users\danmarc\AppData\Local\{BC2538AE-C91F-4230-AC58-B8A24F9412A0} folder moved successfully.
C:\Users\danmarc\AppData\Local\{A2A321AF-651D-4951-9D37-062FFE618880} folder moved successfully.
C:\Users\danmarc\AppData\Local\{BDA4B9B0-DC16-4A39-A8BA-2B1A79D38D60} folder moved successfully.
C:\Users\danmarc\AppData\Local\{35EDB33F-DAE9-4DA1-BA7C-DE2C0223C4E6} folder moved successfully.
C:\Users\danmarc\AppData\Roaming\.# folder moved successfully.
C:\Windows\System32\cis-2.4.dll moved successfully.
C:\Windows\System32\issacapi_bs-2.3.dll moved successfully.
C:\Windows\System32\issacapi_pe-2.3.dll moved successfully.
C:\Windows\System32\issacapi_se-2.3.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: danmarc
->Temp folder emptied: 50545419 bytes
->Temporary Internet Files folder emptied: 5476109 bytes
->Java cache emptied: 3857076 bytes
->FireFox cache emptied: 116641930 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 58061 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59920 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 169.00 mb

[EMPTYFLASH]

User: All Users

User: danmarc
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.29.0 log created on 09272011_230617

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#4
ferns

Posted 28 September 2011 - 04:07 PM

Member

Topic Starter
Member
48 posts

GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-28 23:02:44
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 MAXTOR_STM3320820AS rev.3.AAE
Running: d75vn9vi.exe; Driver: C:\Users\danmarc\AppData\Local\Temp\ufliifoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x89F31BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x89F3352C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x89F33782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x89F339FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x89F32450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x89F32B32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x89F32F3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x89F325F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x89F32E14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x89F317D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x89F32CD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x89F31992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x89F3306E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x89F34CB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x89F320EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x89F321EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x89F32D72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x89F346A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x89F35672]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x89F32752]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x89F34734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x89F34D64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x89F32FDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x89F324D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x89F32EAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x89F31DD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x89F34CDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x89F33110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x89F31CFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x89F33C3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x89F3507C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x89F349CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x89F3349A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x89F33360]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x89F34442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x89F35554]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x89F3286C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x89F3230C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x89F33CF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x89F3482E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x89F351BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x89F352A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x89F353C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x89F345CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x89F31F4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x89F31EA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x89F34F32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x89F3202E]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8306D8C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8308D4F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 1397 83094764 4 Bytes [D0, 1B, F3, 89]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BF 8309478C 8 Bytes [2C, 35, F3, 89, 82, 37, F3, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 1403 830947D0 4 Bytes [FC, 39, F3, 89]
.text ntoskrnl.exe!KeRemoveQueueEx + 142F 830947FC 4 Bytes [50, 24, F3, 89]
.text ntoskrnl.exe!KeRemoveQueueEx + 1453 83094820 4 Bytes [32, 2B, F3, 89]
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2212] @ C:\Windows\Explorer.EXE [KERNEL32.dll!GetProcAddress] [755B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2212] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2212] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2212] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2212] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2212] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [727811EB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2212] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [755B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2212] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [755B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2212] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [755B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00081b861123
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00081b861123 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\282E6267262096B4CA63C792C92636CD@0Ô;\0012\08\0002\0E\0006\0002\0006\0007\0002\0006\0002\0000\09\0006\0B\0004\0C\0A\0006\0003\0C\0007\09\0002\0C\09\0Ðæ\x2019\0\26ë)o\r C:\Windows\Microsoft.NET\Framework\v4.0.30319\SystemJ????@??????P#??MZ??????????????????????
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\584DC5BC8C16094419A1D2A0E5FF5CCD@Àî\16\0015\08\0004\0D\0C\0005\0B\0C\08\0C\0001\0006\0000\09\0004\0004\0001\09\0A\0001\0D\0002\0A\0000\0E\0005\0xäÓ\0\26ë\x9do\r C:\Windows\Microsoft.NET\FrJ????@??????P#??MZ????????

---- EOF - GMER 1.0.15 ----

#5
ferns

Posted 28 September 2011 - 04:20 PM

Member

Topic Starter
Member
48 posts

JDiskReport log

Size details for C:\

Name File Size Files % of Parent % of Total
C:\ 23,820,917 144,152 100.0% 100.0%
Windows 15,332,172 91,473 64.4% 64.4%
Program Files 2,836,400 16,794 11.9% 11.9%
Users 2,804,396 20,610 11.8% 11.8%
Files in this directory 1,567,272 9 6.6% 6.6%
ProgramData 1,279,489 15,248 5.4% 5.4%
_OTL 1,191 17 0.0% 0.0%
$Recycle.Bin 1 1 0.0% 0.0%
PerfLogs 0 0 0.0% 0.0%
RECYCLER 0 0 0.0% 0.0%
Temp 0 0 0.0% 0.0%

#6
maliprog

Posted 29 September 2011 - 12:21 AM

Trusted Helper

Malware Removal
6,172 posts

Hi ferns,

Step 1

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 2

Start JDiskReport as you did before
Click on Scan a file tree
Select and scan C:\windows.
When the Pie chart comes up, Click on "View" in the top menu and choose "Copy To Clipboard"

Open a reply here and paste (Ctrl+V) the results.

Step 3

Please don't forget to include these items in your reply:

VRT log
JDiskReport log

It would be helpful if you could post each log in separate post

#7
ferns

Posted 30 September 2011 - 12:33 PM

Member

Topic Starter
Member
48 posts

Status: Detected (events: 34)
30/09/2011 16:33:56 Detected adware not-a-virus:AdWare.Win32.Cydoor E:\6gb card\FilesToBe\Anthony Robbins Personal Power 2 Self Help Tapes Complete\MAIN MATERIALS FOR IELTS\IELTS_TEST_MATERIALS2.rar//Extra material/Vocabulary memorizer/Prosigner Memorizer/00001Vocabulary.exe/cd_clint.dll Medium
30/09/2011 17:19:26 Detected adware not-a-virus:AdWare.Win32.Cydoor E:\6gb card\FilesToBe\Anthony Robbins Personal Power 2 Self Help Tapes Complete\MAIN MATERIALS FOR IELTS\IELTS_TEST_MATERIALS2.rar//Extra material/Vocabulary memorizer/Prosigner Memorizer/00001Vocabulary.exe/CD_Gif.dll Medium
30/09/2011 17:19:37 Detected adware not-a-virus:AdWare.Win32.Cydoor E:\6gb card\FilesToBe\Anthony Robbins Personal Power 2 Self Help Tapes Complete\MAIN MATERIALS FOR IELTS\IELTS_TEST_MATERIALS2.rar//Extra material/Vocabulary memorizer/Prosigner Memorizer/00001Vocabulary.exe/cd_load.exe Medium
30/09/2011 17:44:25 Detected malware HackTool.Win32.AOLHack.h E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/AOLKicker V.1.0.0.zip/AOL Kicker v.1.0.0.exe//UPX Medium
30/09/2011 18:18:19 Detected Trojan program Trojan-PSW.Win32.BStroj.19 E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/B-S_Spy.zip/B-S_Spy/B-S EditServer.exe High
30/09/2011 18:26:16 Detected Trojan program Trojan-PSW.Win32.BStroj.19 E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/B-S_Spy.zip/B-S_Spy/Msn-server.exe High
30/09/2011 18:26:58 Detected Trojan program Trojan-PSW.Win32.BStroj.19 E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/B-S_Spy.zip/B-S_Spy/Net-server.exe High
30/09/2011 18:27:12 Detected Trojan program Trojan-PSW.Win32.BStroj.19 E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/B-S_Spy.zip/B-S_Spy/Ya-server.exe High
30/09/2011 18:27:23 Detected Trojan program Trojan.Win32.Genome.qfvk E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/Fake Login Hotmail.zip/Fake Login Hotmail/Hotmail.exe High
30/09/2011 18:27:34 Detected Trojan program Trojan-IM.Win32.Faker.e E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/Fake MSN Messenger Version 5.0.rar//Fake MSN Messenger Version 5.0/fakemsn.exe High
30/09/2011 18:27:43 Detected Trojan program Trojan-Spy.HTML.Fraud.bo E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/fake webpages.zip/¡ÕÑƒó Û¬Ý®í/1.html High
30/09/2011 18:27:54 Detected Trojan program Trojan-PSW.Win32.Yahu.C-Cure E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/fakeypager.zip/YPager.exe//UPX High
30/09/2011 18:28:33 Detected Trojan program Trojan-PSW.HTML.Agent.b E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/Fake_Hotmail_Login_Screen.zip/hotmailhack/001.txt High
30/09/2011 18:28:49 Detected Trojan program Trojan-PSW.HTML.Snix E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/Fake_Hotmail_Login_Screen.zip/hotmailhack/fakeloginscreen.html High
30/09/2011 18:29:22 Detected malware HackTool.Win32.HotmailHack.a E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/Fake_Hotmail_Login_Screen.zip/hotmailhack/Hotmail hack.exe Medium
30/09/2011 18:30:31 Detected Trojan program Trojan-Spy.HTML.Fraud.bo E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/fake_webpages_1.rar//fake_webpages/1.html High
30/09/2011 18:30:48 Detected Trojan program Trojan-IM.Win32.Faker.a E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/fmsn.zip/fakemsn.exe High
30/09/2011 18:31:03 Detected Trojan program Backdoor.Win32.Shark.hhj E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/freeze.exe//FSG High
30/09/2011 18:31:12 Detected Trojan program Trojan-PSW.Win32.VB.ed E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/Give me your pass v1.0.rar//Give me your pass v1.0/Give me your pass V1.0.exe High
30/09/2011 18:33:08 Detected malware HackTool.Win32.VB.ng E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/Hack Hotmail Evolution Pro v2.92.rar//Hack Hotmail Evolution Pro v2.92/Messenger.exe Medium
30/09/2011 18:33:47 Detected malware HackTool.Win32.MSNaccCrack.a E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/Hack MSN Password.rar//Hack MSN Password/msnc2.exe Medium
30/09/2011 18:34:15 Detected malware HackTool.Win32.VB.ni E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/hacking/FTP Brute Forcer.exe//UPX Medium
30/09/2011 18:34:33 Detected Trojan program Trojan-Dropper.Win32.VB.ci E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/hacking/HooK-TooLbOx.exe High
30/09/2011 18:36:30 Detected malware HackTool.Win32.PhpBB.b E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/hacking/PHPBB DEFACER/PHPBB DEFACER.exe//FSG Medium
30/09/2011 18:38:41 Detected malware HackTool.Win32.VB.bt E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/hacking/phpBBAttacker.exe Medium
30/09/2011 18:39:29 Detected Trojan program Trojan-Notifier.Win32.Delf.n E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/hacking/Smart-Hack Uploader/S-H Client.exe//ASPack High
30/09/2011 18:40:14 Detected Trojan program Trojan-Notifier.Win32.Delf.n E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/hacking/Smart-Hack Uploader/S-H Create Server.exe//ASPack High
30/09/2011 18:45:39 Detected malware HackTool.Win32.SQLInject.a E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/hacking/SQL Inject.exe//UPX Medium
30/09/2011 18:46:48 Detected Trojan program Trojan-PSW.Win32.VB.dw E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/Head [bleep] Hotmail Hack.rar//Head [bleep] Hotmail Hack/Edit Server.exe//FSG High
30/09/2011 18:46:58 Detected Trojan program Trojan-PSW.Win32.VB.eq E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/Head [bleep] Hotmail Hack.rar//Head [bleep] Hotmail Hack/hotmailhack.exe//FSG High
30/09/2011 18:47:09 Detected Trojan program Backdoor.Win32.Delf.ze E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/HotFreeze 1.6.exe//UPX High
30/09/2011 18:56:41 Detected malware HackTool.Win32.VB.cm E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/Hotmail Brute.rar//Hotmail Brute/HotmailCrook v1beta/HotmailCrook.exe Medium
30/09/2011 18:57:32 Detected malware HackTool.Win32.VB.cm E:\Torr\Best Hacking Tools -85in1- [MUST HAVE] (AIO) [h33t][migel]\Best Hacking Tools.rar//Best Hacking Tools/data/Hotmail Brute.rar//Hotmail Brute/HotmailCrook.exe Medium
30/09/2011 19:11:39 Detected unknown threat Packed.Multi.MultiPacked.gen F:\XDA\Utilities\CorePRO_ArtemisKitchen.exe//Core/Tools/Install/Hex Workshop 4.23/4.x.exe Medium
Status: Disinfected (events: 6)
30/09/2011 19:18:41 Disinfected Trojan program Trojan-Banker.Win32.Banker.bcsu F:\Laptop\DTop\D\Desktop\T23\Reader for ATMEL 24RF08\r24rf08_setup.zip High
30/09/2011 19:18:41 Disinfected Trojan program Trojan-Banker.Win32.Banker.bcsu F:\Laptop\DTop\D\Desktop\T23\Reader for ATMEL 24RF08\r24rf08_setup.zip/r24rf08_setup.exe High
30/09/2011 19:18:41 Disinfected Trojan program Trojan-Banker.Win32.Banker.bcsu F:\Laptop\DTop\D\Desktop\T23\Reader for ATMEL 24RF08\r24rf08_setup.zip/r24rf08_setup.exe//r24rf08.exe High
30/09/2011 19:18:41 Disinfected Trojan program Trojan-Banker.Win32.Banker.bcsu F:\Laptop\DTop\D\Desktop\T23\Reader for ATMEL 24RF08\r24rf08_setup.zip/r24rf08_setup.exe//r24rf08.exe//PE_Patch.PECompact High
30/09/2011 19:18:41 Disinfected Trojan program Trojan-Banker.Win32.Banker.bcsu F:\Laptop\DTop\D\Desktop\T23\Reader for ATMEL 24RF08\r24rf08_setup.zip/r24rf08_setup.exe//r24rf08.exe//PE_Patch.PECompact//PecBundle High
30/09/2011 19:18:41 Disinfected Trojan program Trojan-Banker.Win32.Banker.bcsu F:\Laptop\DTop\D\Desktop\T23\Reader for ATMEL 24RF08\r24rf08_setup.zip/r24rf08_setup.exe//r24rf08.exe//PE_Patch.PECompact//PecBundle//PECompact High

#8
ferns

Posted 30 September 2011 - 12:39 PM

Member

Topic Starter
Member
48 posts

Size details for C:\Windows

Name File Size Files % of Parent % of Total
C:\Windows 15,304,313 90,499 100.0% 100.0%
winsxs 6,499,160 37,432 42.5% 42.5%
Installer 3,099,425 6,829 20.3% 20.3%
System32 2,477,056 14,326 16.2% 16.2%
assembly 672,537 684 4.4% 4.4%
SoftwareDistribution 630,338 22,445 4.1% 4.1%
Microsoft.NET 557,815 1,458 3.6% 3.6%
Fonts 400,896 646 2.6% 2.6%
Speech 176,779 46 1.2% 1.2%
IME 140,183 53 0.9% 0.9%
inf 136,376 1,541 0.9% 0.9%
ehome 103,688 186 0.7% 0.7%
ERDNT 66,927 13 0.4% 0.4%
Performance 61,091 30 0.4% 0.4%
WindowsMobile 40,974 775 0.3% 0.3%
Web 39,728 36 0.3% 0.3%
servicing 39,321 2,500 0.3% 0.3%
Globalization 29,539 59 0.2% 0.2%
Help 29,228 173 0.2% 0.2%
twain_32 24,827 229 0.2% 0.2%
Boot 17,875 35 0.1% 0.1%
Media 13,015 320 0.1% 0.1%
AppPatch 9,619 11 0.1% 0.1%
Logs 8,890 6 0.1% 0.1%
Files in this directory 8,239 42 0.1% 0.1%
diagnostics 2,931 287 0.0% 0.0%
Pixart 2,841 12 0.0% 0.0%
Branding 2,361 3 0.0% 0.0%
PolicyDefinitions 2,135 24 0.0% 0.0%
Cursors 2,064 162 0.0% 0.0%
Downloaded Program Files 1,912 3 0.0% 0.0%
Panther 1,661 16 0.0% 0.0%
Resources 1,652 16 0.0% 0.0%
Registration 1,046 2 0.0% 0.0%
security 1,033 2 0.0% 0.0%
system 684 22 0.0% 0.0%
en-US 108 10 0.0% 0.0%
en 105 1 0.0% 0.0%
Temp 60 14 0.0% 0.0%
schemas 55 23 0.0% 0.0%
L2Schemas 48 7 0.0% 0.0%
ShellNew 40 3 0.0% 0.0%
Tasks 34 4 0.0% 0.0%
PLA 18 2 0.0% 0.0%
Vss 13 3 0.0% 0.0%
debug 6 4 0.0% 0.0%
addins 1 1 0.0% 0.0%
Offline Web Pages 1 1 0.0% 0.0%
Setup 1 1 0.0% 0.0%
TAPI 1 1 0.0% 0.0%
AppCompat 0 0 0.0% 0.0%
DigitalLocker 0 0 0.0% 0.0%
PCHEALTH 0 0 0.0% 0.0%
SchCache 0 0 0.0% 0.0%
ServiceProfiles 0 0 0.0% 0.0%
tracing 0 0 0.0% 0.0%

#9
maliprog

Posted 30 September 2011 - 01:35 PM

Trusted Helper

Malware Removal
6,172 posts

Hi ferns,

First of all...

Here at Geeks to Go we have a policy of not offering assistance to those with cracks/keygens/hacking software and tools. It is quite evident from the Kaspersky log that you have this type of material residing on your computer. It would appear that downloading this type of material is the most likely cause of the infections and problems you are experiencing with your system. Using this software is not only inviting a host of different types of virus and malware but is also illegal.

I would recommend you to remove all cracks/keygens/hacking software and tools from your system because next time you require assistance you may not get any help.

Your Windows installation folder is taking much of your disk space on C: drive. Also, your C: drive is too small as system drive. I can't help you with removing stuff from system folder. You could open new topic in Windows Vista™ and Windows 7™ and ask tech help about this problem.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

Click Start, click Run, type sysdm.cpl, and then press ENTER.
Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
Click OK button

2. Delete Temp files

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.

4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.

#10
ferns

Posted 01 October 2011 - 12:34 AM

Member

Topic Starter
Member
48 posts

Thank you mailprog.

I am afraid I did not download the hacking software you mentioned. I think it was done by the last time I had a visitor who used the pc. I will remove these straight away.

Please accept my apologies if you think I have wasted your time. I agree this items should not be on my pc.

Thanks again mailprog

#11
maliprog

Posted 01 October 2011 - 02:52 AM

Trusted Helper

Malware Removal
6,172 posts

No, not at all. I'm glad we sorted things out. Glad I could help you.

Goodbye and stay safe

#12
ferns

Posted 01 October 2011 - 03:09 AM

Member

Topic Starter
Member
48 posts

Mailprog,

Please can you tell me if I need to run the kaspersky removal tool because it did not give me the option to remove some of the things it found, it only said skip. Did I need to choose disinfect or something like that. I have deleted the files I could find.

Thanks again

#13
maliprog

Posted 01 October 2011 - 07:51 AM

Trusted Helper

Malware Removal
6,172 posts

Some reported files are in archive such as RAR or ZIP and he can't remove one file inside that archive. VRT just posted you warning for that files. Except hacking tools I already mentioned, there are no security problems in VRT log to worry about.

#14
maliprog

Posted 02 October 2011 - 09:24 AM

Trusted Helper

Malware Removal
6,172 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.