Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Java Popup

Started by instigata , Oct 16 2011 04:02 AM

  • This topic is locked This topic is locked

#1
instigata
Posted 16 October 2011 - 04:02 AM

instigata

    Member

  • Member
  • PipPip
  • 11 posts
Hi guys.

I have been having trouble with the laptop for almost a year now, however, I see some Russian-names files added last night. Generally I get a Java popup type thing, saying something has been initialized and the computer restarts some time. However, it constantly seems to be processing something in the background and gets warm. The following are the OTL and Extras files, let me know if they make sense:

OTL
OTL logfile created on: 16/10/2011 10:30:32 - Run 2
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Documents and Settings\Laptop\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.77% Memory free
3.33 Gb Paging File | 3.06 Gb Available in Paging File | 91.76% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 114.57 Gb Free Space | 76.86% Space Free | Partition Type: NTFS

Computer Name: Workstation | User Name: Laptop | NOT logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Laptop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {B4184744-9F8F-43D0-B62C-795BB1859915}:1.9.1
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: {65e41d20-f092-41b7-bb83-c6e8a9ab0f57}:1.0
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {a6fd85ed-e919-4a43-a5af-8da18bda539f}:1.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/05 14:37:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/06 20:41:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/06 20:41:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/06 20:38:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B4184744-9F8F-43D0-B62C-795BB1859915}: C:\Documents and Settings\Laptop\Local Settings\Application Data\{B4184744-9F8F-43D0-B62C-795BB1859915} [2010/06/14 12:51:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F1F2E80E-0C1D-49B4-BF4B-927F9B8C6A26}: C:\Documents and Settings\Laptop\Local Settings\Application Data\{F1F2E80E-0C1D-49B4-BF4B-927F9B8C6A26}\ [2010/08/17 14:24:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02246DED-1065-4861-B753-F642349402A6}: C:\Documents and Settings\Laptop\Local Settings\Application Data\{02246DED-1065-4861-B753-F642349402A6}\ [2010/08/28 14:41:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{75D50587-C484-4567-8A88-C624E5867BC1}: C:\Documents and Settings\Laptop\Local Settings\Application Data\{75D50587-C484-4567-8A88-C624E5867BC1} [2010/10/17 13:30:25 | 000,000,000 | ---D | M]

[2010/06/06 10:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Extensions
[2010/05/29 11:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/26 22:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/06/06 10:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Extensions\[email protected]
[2011/10/15 22:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions
[2010/12/25 13:32:40 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/07/15 19:15:56 | 000,000,000 | ---D | M] ("Boomerang for GMail") -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2011/02/26 23:40:01 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/02/21 17:08:12 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/02/23 00:11:41 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/05/26 23:29:22 | 000,000,000 | ---D | M] (Selenium IDE: C# Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/02/12 14:14:01 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE: Groovy Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE: Java Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE: Perl Formatter) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE: PHP Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:22 | 000,000,000 | ---D | M] (Selenium IDE: Python Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:26 | 000,000,000 | ---D | M] (Selenium IDE: Ruby Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2010/01/26 22:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/06 20:41:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/14 12:51:44 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\LAPTOP\LOCAL SETTINGS\APPLICATION DATA\{B4184744-9F8F-43D0-B62C-795BB1859915}
[2011/10/06 20:41:09 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/10/06 20:41:09 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/10/06 20:41:12 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2011/05/26 06:50:32 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/26 06:50:32 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2011/05/26 06:50:32 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/26 06:50:32 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2011/05/26 06:50:32 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/26 06:50:32 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/05/26 06:50:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/05/26 06:50:32 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2003/03/31 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (txthlpBHO Class) - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nOKkrCYLpHXqVc.exe] C:\Documents and Settings\All Users\Application Data\nOKkrCYLpHXqVc.exe ( )
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [ConnectionCenter] C:\Documents and Settings\Laptop\Local Settings\Application Data\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [gvq3owtbavfroev3jaqqqbvkryupslo] "C:\Documents and Settings\Laptop\Application Data\11kkv1rngfbscaflbpdpxuuzxkncdhn2\csrss.exe" File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Rapportexe] C:\Documents and Settings\Laptop\Application Data\Trusteer\Rapport\app\bin\RapportService.exe (Trusteer Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = *Legal Notice: Authorised Users Only*
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = [String data over 1000 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DISABLETASKMGR = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: ([mle] http in Trusted sites)
O15 - HKLM\..Trusted Domains: ([vle] http in Trusted sites)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231253869456 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1231846328429 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.co...?BundleId=26688 (Java Plug-in 1.6.0_11)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wtc.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B65A56E9-29A3-4173-8B38-6E8FDA115E84}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/22 15:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1169f6eb-5109-11de-927f-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1169f6eb-5109-11de-927f-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
O33 - MountPoints2\{193e7eb2-2d97-11de-9254-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{193e7eb2-2d97-11de-9254-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_installer.exe
O33 - MountPoints2\{28148f96-1abf-11de-924f-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28148f96-1abf-11de-924f-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto_run.exe
O33 - MountPoints2\{2b156c1c-453a-11de-926b-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b156c1c-453a-11de-926b-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_installer.exe
O33 - MountPoints2\{4b4eae4d-df88-11de-92b1-002100879676}\Shell\AutoRun\command - "" = E:\WDSetup.exe
O33 - MountPoints2\{59cd7741-51bd-11de-9281-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{59cd7741-51bd-11de-9281-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_auto.exe
O33 - MountPoints2\{67c73b23-1ea7-11de-9252-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{67c73b23-1ea7-11de-9252-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67c73b23-1ea7-11de-9252-002100879676}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{67c73b26-1ea7-11de-9252-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{67c73b26-1ea7-11de-9252-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67c73b26-1ea7-11de-9252-002100879676}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{67c73b27-1ea7-11de-9252-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67c73b27-1ea7-11de-9252-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_installer.exe
O33 - MountPoints2\{67c73b28-1ea7-11de-9252-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{67c73b28-1ea7-11de-9252-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cb6b92c-50f7-11de-927e-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{7cb6b92c-50f7-11de-927e-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cb6b92d-50f7-11de-927e-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cb6b92d-50f7-11de-927e-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_smss.exe
O33 - MountPoints2\{8356282c-5119-11de-9280-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8356282c-5119-11de-9280-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_auto.exe
O33 - MountPoints2\{96fe2aba-24a2-11e0-93eb-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{96fe2aba-24a2-11e0-93eb-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a4ac4ac-4e84-11de-9279-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a4ac4ac-4e84-11de-9279-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
O33 - MountPoints2\{ba0e6e88-3ed6-11de-9262-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{ba0e6e88-3ed6-11de-9262-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{beeba536-4077-11de-9264-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{beeba536-4077-11de-9264-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c36676e7-24f9-11e0-93ec-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{c36676e7-24f9-11e0-93ec-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c36676e7-24f9-11e0-93ec-002100879676}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{e1921dca-154a-11de-924a-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{e1921dca-154a-11de-924a-002100879676}\Shell\Auto\command - "" = sss.exe
O33 - MountPoints2\{e1921dca-154a-11de-924a-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e1921dca-154a-11de-924a-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sss.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/16 08:44:37 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Laptop\Desktop\OTL.exe
[2011/10/16 08:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop\Local Settings\Application Data\Deployment
[2011/10/15 23:33:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Laptop\Recent
[2011/10/15 23:32:48 | 000,428,544 | ---- | C] (Производитель) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
[2011/10/15 23:30:13 | 000,496,640 | ---- | C] ( ) -- C:\Documents and Settings\All Users\Application Data\nOKkrCYLpHXqVc.exe
[2011/10/15 22:32:12 | 000,000,000 | ---D | C] -- C:\Documents
[2011/10/15 22:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop\and
[2011/10/15 21:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\Git
[2011/10/08 18:00:23 | 000,000,000 | ---D | C] -- C:\lcc
[2011/09/29 20:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop\My Documents\working
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/16 09:04:03 | 000,409,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/16 09:04:03 | 000,064,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/16 08:59:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/16 08:57:04 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/10/16 08:57:01 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2011/10/16 08:44:54 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laptop\Desktop\OTL.exe
[2011/10/16 08:40:32 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\Google Chrome.lnk
[2011/10/16 08:40:32 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/16 08:37:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-152049171-839522115-1003UA.job
[2011/10/16 08:37:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-152049171-839522115-1003Core.job
[2011/10/15 23:32:48 | 000,428,544 | ---- | M] (Производитель) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
[2011/10/15 23:32:09 | 000,002,402 | ---- | M] () -- C:\Documents and Settings\Laptop\.bash_history
[2011/10/15 23:30:12 | 000,496,640 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\nOKkrCYLpHXqVc.exe
[2011/10/15 23:09:43 | 000,000,223 | ---- | M] () -- C:\Documents and Settings\Laptop\.gitconfig
[2011/10/15 21:54:36 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\Git Bash.lnk
[2011/10/14 20:40:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/08 18:03:22 | 000,010,932 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\BSearch.aspx.cs
[2011/10/08 17:32:16 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\Dis#.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/16 08:40:32 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Laptop\Desktop\Google Chrome.lnk
[2011/10/16 08:40:32 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/16 08:32:48 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-152049171-839522115-1003UA.job
[2011/10/16 08:32:48 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-152049171-839522115-1003Core.job
[2011/10/15 23:09:43 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\Laptop\.gitconfig
[2011/10/15 21:58:46 | 000,002,402 | ---- | C] () -- C:\Documents and Settings\Laptop\.bash_history
[2011/10/15 21:54:36 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\Laptop\Desktop\Git Bash.lnk
[2011/10/08 18:03:21 | 000,010,932 | ---- | C] () -- C:\Documents and Settings\Laptop\Desktop\BSearch.aspx.cs
[2011/03/27 16:30:09 | 000,016,824 | -HS- | C] () -- C:\Documents and Settings\Laptop\Local Settings\Application Data\5y452135w351iscbxg40ls6lmend7o74r8845d
[2011/03/27 16:30:09 | 000,016,824 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5y452135w351iscbxg40ls6lmend7o74r8845d
[2011/02/28 12:41:27 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Laptop\Local Settings\Application Data\PUTTY.RND
[2010/09/27 15:43:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/04 15:04:14 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Laptop\Application Data\bawuho.dat
[2010/06/14 12:51:47 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Laptop\Local Settings\Application Data\Qgejuwude.dat
[2010/06/14 12:51:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Laptop\Local Settings\Application Data\Obuqada.bin
[2010/06/14 12:49:58 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Laptop\Application Data\qcopjv.dat
[2010/06/14 12:49:51 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Laptop\Application Data\avdrn.dat
[2010/02/26 23:03:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2010/01/26 22:58:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/25 12:58:07 | 000,002,537 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/05 14:31:41 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
[2009/06/17 12:50:24 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Laptop\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/20 12:18:55 | 000,000,268 | ---- | C] () -- C:\WINDOWS\{AA9DC20A-BB40-4C0D-BAFD-68421180DE19}_WiseFW.ini
[2009/01/13 11:13:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/01/13 11:13:50 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/01/13 11:13:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/01/13 11:13:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/01/13 11:13:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/01/13 11:13:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/01/06 14:18:00 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/01/05 09:59:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/23 16:16:35 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/12/23 16:01:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PPOPUP.INI
[2008/12/23 15:53:52 | 002,215,364 | ---- | C] () -- C:\WINDOWS\System32\igklg400.bin
[2008/12/23 15:53:52 | 001,971,732 | ---- | C] () -- C:\WINDOWS\System32\igklg450.bin
[2008/12/23 15:53:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2008/12/23 15:53:52 | 000,029,932 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.bin
[2008/12/22 15:17:19 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2008/12/22 15:16:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/22 15:10:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/22 13:07:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/22 13:06:17 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/22 13:06:13 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 13:00:00 | 000,409,232 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 13:00:00 | 000,064,372 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/09/20 16:33:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\3c12c6
[2009/08/24 11:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/08/23 18:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EMP
[2010/09/20 16:32:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\MSCXGXPWS
[2011/03/23 14:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/05/07 21:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\11kkv1rngfbscaflbpdpxuuzxkncdhn2
[2010/11/05 00:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Diquuk
[2010/09/23 10:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\download2
[2010/11/05 14:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Erosro
[2011/03/23 15:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Fuymid
[2011/07/06 19:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\GetRightToGo
[2010/11/05 01:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Giyg
[2011/07/10 12:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\gtk-2.0
[2010/05/04 20:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\ICAClient
[2010/11/09 11:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Kingston
[2011/02/24 21:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\LiveSoftware
[2010/01/18 23:40:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Laptop\Application Data\lowsec
[2009/03/20 16:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\pdfaloud 3.0
[2011/03/23 14:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Rysuir
[2010/08/23 15:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\SendBlaster2
[2010/09/22 09:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Spydaman Design Studios Ltd
[2010/05/29 11:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Thunderbird
[2011/03/23 14:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Trusteer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Laptop\My Documents\PAVARK.exe:License

< End of report >


Extras:
OTL Extras logfile created on: 16/10/2011 10:30:32 - Run 2
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Documents and Settings\Laptop\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.77% Memory free
3.33 Gb Paging File | 3.06 Gb Available in Paging File | 91.76% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 114.57 Gb Free Space | 76.86% Space Free | Partition Type: NTFS

Computer Name: SNB03595Y9 | User Name: Laptop | NOT logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\ACEmessage\Client\ACEnwork.exe" = C:\Program Files\ACEmessage\Client\ACEnwork.exe:*:Enabled:ACEClient -- (Spydaman Design Studios Ltd)
"C:\Program Files\NetSupport\NetSupport Notify\NotificationAgent.exe" = C:\Program Files\NetSupport\NetSupport Notify\NotificationAgent.exe:*:Enabled:NetSupport Notify Agent -- (NetSupport Ltd)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\DOCUME~1\helde01\MYDOCU~1\smss.exe" = C:\DOCUME~1\helde01\MYDOCU~1\smss.exe:*:Enabled:SMS Services
"C:\WINDOWS\SYSTEM~1\smss.exe" = C:\WINDOWS\SYSTEM~1\smss.exe:*:Enabled:SMS Services
"C:\DOCUME~1\ADMINI~1\MYDOCU~1\smss.exe" = C:\DOCUME~1\ADMINI~1\MYDOCU~1\smss.exe:*:Enabled:SMS Services
"c:\smss.exe" = c:\smss.exe:*:Enabled:SMS Services
"C:\Documents and Settings\Laptop\Local Settings\Application Data\Skype\Phone\Skype.exe" = C:\Documents and Settings\Laptop\Local Settings\Application Data\Skype\Phone\Skype.exe:*:Disabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Disabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Disabled:Run a DLL as an App -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3D59D1C3-729F-4863-A200-872142CAF957}" = Email Marketing Professional 2010
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = MetaTrader 4.00
"{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"{58344DA3-BE43-4B4F-8BF7-7DE69A9CBB77}" = DisSharp
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA9DC20A-BB40-4C0D-BAFD-68421180DE19}" = ACE Client
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{DB038BD0-0DA0-46C9-AC72-D504ED292CD4}" = NetSupport Notify
"{EFE9ACA6-6056-40CD-8325-0E0BE2CB622B}" = Read And Write 8.1 Gold
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie7" = Windows Internet Explorer 7
"InstallShield_{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"Mozilla Thunderbird (3.1.15)" = Mozilla Thunderbird (3.1.15)
"PROSet" = Intel® Network Connections Drivers
"seopowersuite" = SEO PowerSuite
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Git_is1" = Git version 1.7.6-preview20110708
"Google Chrome" = Google Chrome
"lcc-win32 (base system)_is1" = lcc-win32 version 3.2 (base system)
"mIRC" = mIRC
"Rapport_msi" = Rapport
"Send-Safe List Manager_is1" = Send-Safe List Manager 1.5
"WebCEO70_is1" = Web CEO 8.1

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 16 October 2011 - 05:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I can see no evidence of a running antivirus - do you have one ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [nOKkrCYLpHXqVc.exe] C:\Documents and Settings\All Users\Application Data\nOKkrCYLpHXqVc.exe ( )
    O4 - HKCU..\Run: [gvq3owtbavfroev3jaqqqbvkryupslo] "C:\Documents and Settings\Laptop\Application Data\11kkv1rngfbscaflbpdpxuuzxkncdhn2\csrss.exe" File not found
    [2011/10/15 23:32:48 | 000,428,544 | ---- | C] (Производитель) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
    [2011/10/15 23:30:13 | 000,496,640 | ---- | C] ( ) -- C:\Documents and Settings\All Users\Application Data\nOKkrCYLpHXqVc.exe
    [2010/08/04 15:04:14 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Laptop\Application Data\bawuho.dat
    [2010/06/14 12:51:47 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Laptop\Local Settings\Application Data\Qgejuwude.dat
    [2010/06/14 12:51:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Laptop\Local Settings\Application Data\Obuqada.bin
    [2010/06/14 12:49:58 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Laptop\Application Data\qcopjv.dat
    [2010/06/14 12:49:51 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Laptop\Application Data\avdrn.dat
    [2011/03/27 16:30:09 | 000,016,824 | -HS- | C] () -- C:\Documents and Settings\Laptop\Local Settings\Application Data\5y452135w351iscbxg40ls6lmend7o74r8845d
    [2011/03/27 16:30:09 | 000,016,824 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5y452135w351iscbxg40ls6lmend7o74r8845d
    [2010/09/20 16:33:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\3c12c6
    [2011/05/07 21:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\11kkv1rngfbscaflbpdpxuuzxkncdhn2

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\DOCUME~1\helde01\MYDOCU~1\smss.exe"=-
    "C:\WINDOWS\SYSTEM~1\smss.exe"=-
    "C:\DOCUME~1\ADMINI~1\MYDOCU~1\smss.exe"=-
    "c:\smss.exe"=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

#3
instigata
Posted 16 October 2011 - 06:51 AM

instigata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi again.

Thanks a lot for the quick response. I have McAfee installed, however, stopped it as the OTL instructions said so. I did do a scan later and it found DNSChanger and deleted it. (And removed the russion sounding files and the related registry entries).

Afterwards, I did use the fix you wrote, however, I got a popup saying Hosts can not be reset (or something to the effect) and now the status at the bottom of OTL is "Resetting HOSTS file. DO NOT INTERRUPT.." for almost an hour now. Should it take this long?

Thanks.
  • 0

#4
Essexboy
Posted 16 October 2011 - 06:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Stop OTL and reboot then run AVP please
  • 0

#5
instigata
Posted 16 October 2011 - 11:27 AM

instigata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi again. It seems to stall on the Manual Disinfection part after 43%-ish. And doesn't work at all in Normal mode. The following the is the result from the automatic scan:


Status: Deleted (events: 28)
16/10/2011 15:24:15 Deleted Trojan program Exploit.JS.Pdfka.dyo C:\Documents and Settings\Laptop\Local Settings\Temp\Acr3A09.tmp High
16/10/2011 15:24:15 Deleted Trojan program Exploit.JS.Pdfka.dyo C:\Documents and Settings\Laptop\Local Settings\Temp\Acr3A09.tmp//data0000 High
16/10/2011 15:59:02 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 15:59:02 Deleted virus HEUR:Trojan.Script.Generic C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 15:59:05 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 15:59:05 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 15:59:07 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 15:59:20 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 15:59:20 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 15:59:29 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 15:59:30 Deleted virus HEUR:Trojan.Script.Generic C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 15:59:49 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 15:59:49 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 15:59:52 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 15:59:58 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 15:59:58 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 16:00:14 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 16:00:15 Deleted virus HEUR:Trojan.Script.Generic C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 16:00:30 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 16:00:33 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 16:00:34 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 16:00:35 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 16:00:36 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 16:01:19 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 16:01:20 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 16:01:20 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 16:01:21 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
16/10/2011 16:01:21 Deleted Trojan program Trojan-Downloader.JS.Iframe.cjj C:\Documents and Settings\Laptop\My Documents\ High
  • 0

#6
instigata
Posted 16 October 2011 - 12:00 PM

instigata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry.. wrong call..attached is the file.

Attached Files


  • 0

#7
Essexboy
Posted 16 October 2011 - 01:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ta I will need to run yet another programme I am afraid... Once this is complete can you let me know the current problems are

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#8
instigata
Posted 16 October 2011 - 01:50 PM

instigata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi again.

I have tried combo fix. I dont have administrator privileges - so it doesn't work. What did you find problematic in the logs I sent?

Thanks.
  • 0

#9
Essexboy
Posted 16 October 2011 - 02:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you achieve safe mode and run Combofix from there ?

If not I will need to approach from a different dirrection

It is not so much what I saw as what I didn't see, a lot of services are not running
  • 0

#10
instigata
Posted 16 October 2011 - 02:25 PM

instigata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OK - Will try (but usually programs still dont work in safe mode either - if they need admin privileges).

On the other hand a lot of services might not be running as I was doing it in safe mode. AVP wasn't working in normal mode. Hope that helps.

Btw- thanks again for the help.
  • 0

Advertisements

#11
Essexboy
Posted 16 October 2011 - 02:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you not have access to the admin account ?
  • 0

#12
instigata
Posted 16 October 2011 - 02:40 PM

instigata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
No. I don't. Is there a work around?
  • 0

#13
Essexboy
Posted 16 October 2011 - 03:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run a fresh OTL scan for me please and let me know what the current problems are
  • 0

#14
instigata
Posted 18 October 2011 - 01:11 PM

instigata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi again.

Sorry for the delay in responding. The following is the latest OTL log:


OTL logfile created on: 18/10/2011 19:50:18 - Run 4
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Documents and Settings\Laptop\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.12% Memory free
3.33 Gb Paging File | 2.85 Gb Available in Paging File | 85.51% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 115.07 Gb Free Space | 77.21% Space Free | Partition Type: NTFS
Drive E: | 938.25 Mb Total Space | 610.69 Mb Free Space | 65.09% Space Free | Partition Type: FAT

Computer Name: Workstation | User Name: Laptop | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Laptop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Laptop\Application Data\Trusteer\Rapport\app\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Documents and Settings\Laptop\Local Settings\Application Data\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Documents and Settings\Laptop\Local Settings\Application Data\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Laptop\Application Data\Trusteer\Rapport\app\bin\js32.dll ()
MOD - C:\Documents and Settings\Laptop\Application Data\Trusteer\Rapport\user\store\exts\RapportMS\28896\RapportMS.dll ()
MOD - C:\Program Files\McAfee\Common Framework\naXML71.dll ()
MOD - C:\Program Files\McAfee\Common Framework\naisign.dll ()
MOD - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {B4184744-9F8F-43D0-B62C-795BB1859915}:1.9.1
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: {65e41d20-f092-41b7-bb83-c6e8a9ab0f57}:1.0
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {a6fd85ed-e919-4a43-a5af-8da18bda539f}:1.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/06 20:41:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/06 20:41:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/06 20:38:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B4184744-9F8F-43D0-B62C-795BB1859915}: C:\Documents and Settings\Laptop\Local Settings\Application Data\{B4184744-9F8F-43D0-B62C-795BB1859915} [2010/06/14 12:51:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F1F2E80E-0C1D-49B4-BF4B-927F9B8C6A26}: C:\Documents and Settings\Laptop\Local Settings\Application Data\{F1F2E80E-0C1D-49B4-BF4B-927F9B8C6A26}\ [2010/08/17 14:24:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02246DED-1065-4861-B753-F642349402A6}: C:\Documents and Settings\Laptop\Local Settings\Application Data\{02246DED-1065-4861-B753-F642349402A6}\ [2010/08/28 14:41:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{75D50587-C484-4567-8A88-C624E5867BC1}: C:\Documents and Settings\Laptop\Local Settings\Application Data\{75D50587-C484-4567-8A88-C624E5867BC1} [2010/10/17 13:30:25 | 000,000,000 | ---D | M]

[2010/06/06 10:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Extensions
[2010/05/29 11:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/06/06 10:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Extensions\[email protected]
[2011/10/15 22:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions
[2010/12/25 13:32:40 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/07/15 19:15:56 | 000,000,000 | ---D | M] ("Boomerang for GMail") -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2011/02/26 23:40:01 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/02/21 17:08:12 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/02/23 00:11:41 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/05/26 23:29:22 | 000,000,000 | ---D | M] (Selenium IDE: C# Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/02/12 14:14:01 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE: Groovy Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE: Java Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE: Perl Formatter) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE: PHP Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:22 | 000,000,000 | ---D | M] (Selenium IDE: Python Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:26 | 000,000,000 | ---D | M] (Selenium IDE: Ruby Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2010/01/26 22:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/14 12:51:44 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\LAPTOP\LOCAL SETTINGS\APPLICATION DATA\{B4184744-9F8F-43D0-B62C-795BB1859915}
[2011/05/26 06:50:32 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/26 06:50:32 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/26 06:50:32 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/26 06:50:32 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2003/03/31 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (txthlpBHO Class) - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [ConnectionCenter] C:\Documents and Settings\Laptop\Local Settings\Application Data\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKCU..\Run: [Rapportexe] C:\Documents and Settings\Laptop\Application Data\Trusteer\Rapport\app\bin\RapportService.exe (Trusteer Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231253869456 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1231846328429 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.co...?BundleId=26688 (Java Plug-in 1.6.0_11)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B65A56E9-29A3-4173-8B38-6E8FDA115E84}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/22 15:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1169f6eb-5109-11de-927f-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1169f6eb-5109-11de-927f-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
O33 - MountPoints2\{193e7eb2-2d97-11de-9254-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{193e7eb2-2d97-11de-9254-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_installer.exe
O33 - MountPoints2\{28148f96-1abf-11de-924f-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28148f96-1abf-11de-924f-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto_run.exe
O33 - MountPoints2\{2b156c1c-453a-11de-926b-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b156c1c-453a-11de-926b-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_installer.exe
O33 - MountPoints2\{4b4eae4d-df88-11de-92b1-002100879676}\Shell\AutoRun\command - "" = E:\WDSetup.exe
O33 - MountPoints2\{59cd7741-51bd-11de-9281-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{59cd7741-51bd-11de-9281-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_auto.exe
O33 - MountPoints2\{67c73b23-1ea7-11de-9252-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{67c73b23-1ea7-11de-9252-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67c73b23-1ea7-11de-9252-002100879676}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{67c73b26-1ea7-11de-9252-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{67c73b26-1ea7-11de-9252-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67c73b26-1ea7-11de-9252-002100879676}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{67c73b27-1ea7-11de-9252-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67c73b27-1ea7-11de-9252-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_installer.exe
O33 - MountPoints2\{67c73b28-1ea7-11de-9252-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{67c73b28-1ea7-11de-9252-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cb6b92c-50f7-11de-927e-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{7cb6b92c-50f7-11de-927e-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cb6b92d-50f7-11de-927e-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cb6b92d-50f7-11de-927e-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_smss.exe
O33 - MountPoints2\{8356282c-5119-11de-9280-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8356282c-5119-11de-9280-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_auto.exe
O33 - MountPoints2\{96fe2aba-24a2-11e0-93eb-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{96fe2aba-24a2-11e0-93eb-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a4ac4ac-4e84-11de-9279-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a4ac4ac-4e84-11de-9279-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
O33 - MountPoints2\{ba0e6e88-3ed6-11de-9262-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{ba0e6e88-3ed6-11de-9262-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{beeba536-4077-11de-9264-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{beeba536-4077-11de-9264-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c36676e7-24f9-11e0-93ec-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{c36676e7-24f9-11e0-93ec-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c36676e7-24f9-11e0-93ec-002100879676}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{e1921dca-154a-11de-924a-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{e1921dca-154a-11de-924a-002100879676}\Shell\Auto\command - "" = sss.exe
O33 - MountPoints2\{e1921dca-154a-11de-924a-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e1921dca-154a-11de-924a-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sss.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/16 18:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop\My Documents\tools
[2011/10/16 12:37:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/16 08:44:37 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Laptop\Desktop\OTL.exe
[2011/10/16 08:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop\Local Settings\Application Data\Deployment
[2011/10/15 23:33:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Laptop\Recent
[2011/10/15 22:32:12 | 000,000,000 | ---D | C] -- C:\Documents
[2011/10/15 22:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop\and
[2011/10/15 21:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\Git
[2011/10/08 18:00:23 | 000,000,000 | ---D | C] -- C:\lcc
[2011/09/29 20:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop\My Documents\working
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/18 19:46:42 | 000,409,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/18 19:46:42 | 000,064,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/18 19:44:06 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/10/18 06:37:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-152049171-839522115-1003UA.job
[2011/10/18 06:22:56 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2011/10/18 06:22:55 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2011/10/18 06:22:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/17 19:28:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/16 18:54:56 | 000,010,000 | ---- | M] () -- C:\Documents and Settings\Laptop\My Documents\tools.zip
[2011/10/16 12:05:07 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\Mozilla Firefox.lnk
[2011/10/16 12:04:42 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\Mozilla Thunderbird.lnk
[2011/10/16 08:44:54 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laptop\Desktop\OTL.exe
[2011/10/16 08:40:32 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\Google Chrome.lnk
[2011/10/16 08:40:32 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/16 08:37:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-152049171-839522115-1003Core.job
[2011/10/15 23:32:09 | 000,002,402 | ---- | M] () -- C:\Documents and Settings\Laptop\.bash_history
[2011/10/15 23:09:43 | 000,000,223 | ---- | M] () -- C:\Documents and Settings\Laptop\.gitconfig
[2011/10/15 21:54:36 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\Git Bash.lnk
[2011/10/08 18:03:22 | 000,010,932 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\BSearch.aspx.cs
[2011/10/08 17:32:16 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\Dis#.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/16 18:54:56 | 000,010,000 | ---- | C] () -- C:\Documents and Settings\Laptop\My Documents\tools.zip
[2011/10/16 12:05:07 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Laptop\Desktop\Mozilla Firefox.lnk
[2011/10/16 12:04:42 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Laptop\Desktop\Mozilla Thunderbird.lnk
[2011/10/16 08:40:32 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Laptop\Desktop\Google Chrome.lnk
[2011/10/16 08:40:32 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/16 08:32:48 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-152049171-839522115-1003UA.job
[2011/10/16 08:32:48 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-152049171-839522115-1003Core.job
[2011/10/15 23:09:43 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\Laptop\.gitconfig
[2011/10/15 21:58:46 | 000,002,402 | ---- | C] () -- C:\Documents and Settings\Laptop\.bash_history
[2011/10/15 21:54:36 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\Laptop\Desktop\Git Bash.lnk
[2011/10/08 18:03:21 | 000,010,932 | ---- | C] () -- C:\Documents and Settings\Laptop\Desktop\BSearch.aspx.cs
[2011/02/28 12:41:27 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Laptop\Local Settings\Application Data\PUTTY.RND
[2010/09/27 15:43:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/26 23:03:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2010/01/26 22:58:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/25 12:58:07 | 000,002,537 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/17 12:50:24 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Laptop\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/20 12:18:55 | 000,000,268 | ---- | C] () -- C:\WINDOWS\{AA9DC20A-BB40-4C0D-BAFD-68421180DE19}_WiseFW.ini
[2009/01/13 11:13:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/01/13 11:13:50 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/01/13 11:13:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/01/13 11:13:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/01/13 11:13:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/01/13 11:13:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/01/06 14:18:00 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/01/05 09:59:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/23 16:16:35 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/12/23 16:01:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PPOPUP.INI
[2008/12/23 15:53:52 | 002,215,364 | ---- | C] () -- C:\WINDOWS\System32\igklg400.bin
[2008/12/23 15:53:52 | 001,971,732 | ---- | C] () -- C:\WINDOWS\System32\igklg450.bin
[2008/12/23 15:53:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2008/12/23 15:53:52 | 000,029,932 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.bin
[2008/12/22 15:17:19 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2008/12/22 15:16:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/22 15:10:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/22 13:07:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/22 13:06:17 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/22 13:06:13 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 00:56:48 | 000,588,800 | ---- | C] () -- C:\WINDOWS\System32\autochk.exe
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 13:00:00 | 000,409,800 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 13:00:00 | 000,064,774 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/08/24 11:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/08/23 18:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EMP
[2010/09/20 16:32:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\MSCXGXPWS
[2011/03/23 14:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/09/23 10:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\download2
[2011/07/06 19:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\GetRightToGo
[2011/07/10 12:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\gtk-2.0
[2010/05/04 20:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\ICAClient
[2010/11/09 11:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Kingston
[2011/02/24 21:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\LiveSoftware
[2010/01/18 23:40:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Laptop\Application Data\lowsec
[2009/03/20 16:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\pdfaloud 3.0
[2010/08/23 15:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\SendBlaster2
[2010/09/22 09:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Spydaman Design Studios Ltd
[2010/05/29 11:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Thunderbird
[2011/03/23 14:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Trusteer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Laptop\My Documents\PAVARK.exe:License

< End of report >
  • 0

#15
Essexboy
Posted 18 October 2011 - 01:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The problem is that as you are not the administrator it will be very hard to fix some problems - why can you not log in as admin ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP