Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware on netbook [Solved]


  • This topic is locked This topic is locked

#1
muckypup

muckypup

    Member

  • Member
  • PipPip
  • 97 posts
Hi i have malware on my netbook. It boots normally but then after a few seconds the icons, start button and taskbar disappear and the screen fills with a page asking for money, then I can do nothing else.
I have tried to reboot in all safe modes but none will work.

Please help.
  • 0

Advertisements


#2
muckypup

muckypup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Update

I managed to get the netbook to start in Safe mode and ran Avira antivirus which got rid of 4 detections.
I ran MBAM and it showed no detections.

Could someone please look just in case there is something left?

Thanks

OTL logfile created on: 16/03/2012 00:17:08 - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Documents and Settings\Martin Langston\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 524.14 Mb Available Physical Memory | 51.67% Memory free
2.39 Gb Paging File | 1.96 Gb Available in Paging File | 82.26% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.98 Gb Total Space | 13.00 Gb Free Space | 18.32% Space Free | Partition Type: NTFS
Drive D: | 78.07 Gb Total Space | 77.97 Gb Free Space | 99.88% Space Free | Partition Type: NTFS

Computer Name: SAMSUNG-703C8DD | User Name: Martin Langston | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/16 00:15:52 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Martin Langston\Desktop\OTL.exe
PRC - [2012/02/19 01:14:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/07/01 21:55:47 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 15:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 15:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/30 14:29:28 | 000,036,864 | ---- | M] () -- C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/19 01:14:43 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/19 01:14:23 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2010/06/17 14:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2006/10/30 14:29:28 | 000,036,864 | ---- | M] () -- C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/07/01 21:55:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 15:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/05/13 08:44:00 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2006/10/30 14:29:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/07/01 21:55:48 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 21:55:48 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/22 17:01:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/06/09 23:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/03/19 20:19:54 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/02/18 16:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/10/31 04:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/10/07 14:35:10 | 001,334,432 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/09/23 04:23:58 | 000,238,464 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC326.sys -- (VMC326)
DRV - [2008/08/26 07:35:00 | 004,753,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/06/27 08:02:00 | 000,289,024 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/02/04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/02/04 16:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2008/01/14 19:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2006/12/22 09:35:56 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)
DRV - [2006/10/30 14:29:28 | 000,019,840 | ---- | M] (Samsung) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SUE_PD.sys -- (SUEPD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Martin Langston\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 01:14:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 09:28:10 | 000,000,000 | ---D | M]

[2011/05/27 18:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin Langston\Application Data\Mozilla\Extensions
[2012/03/10 16:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin Langston\Application Data\Mozilla\Firefox\Profiles\oumt8lmh.default\extensions
[2012/03/10 16:07:21 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\Martin Langston\Application Data\Mozilla\Firefox\Profiles\oumt8lmh.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/01/01 21:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTIN LANGSTON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OUMT8LMH.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/05/30 13:18:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/23 23:44:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/02/19 01:14:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 21:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/11 16:54:56 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/11 16:54:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/11 16:54:56 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/11 16:54:56 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/11 16:54:55 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Martin Langston\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Martin Langston\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EA9E8C3-95EC-42A0-B43D-031C17C8B117}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/17 01:07:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/16 00:15:46 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Martin Langston\Desktop\OTL.exe
[2012/03/15 23:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin Langston\Application Data\Malwarebytes
[2012/03/15 23:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/15 23:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/15 23:16:34 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/15 23:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/15 23:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/03/15 22:53:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/16 00:19:46 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{36A32EA7-2A69-424E-BA1E-E5B5B0C7A589}.job
[2012/03/16 00:15:52 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Martin Langston\Desktop\OTL.exe
[2012/03/15 23:16:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/15 22:57:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/03/15 22:51:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/15 19:06:06 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4213259863-3007650931-816985191-1005UA.job
[2012/03/15 18:00:22 | 000,160,768 | ---- | M] () -- C:\WINDOWS\System32\0.760543926019823h7i.exe
[2012/03/14 22:06:01 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4213259863-3007650931-816985191-1005Core.job
[2012/03/14 19:18:59 | 003,428,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 18:50:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/11 18:00:23 | 000,008,521 | ---- | M] () -- C:\Documents and Settings\Martin Langston\My Documents\Debenhams Jof order.odt
[2012/03/11 01:07:57 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Martin Langston\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/06 22:34:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/24 01:45:43 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\Martin Langston\wxDownloadFast.ini
[2012/02/24 01:42:47 | 000,256,052 | ---- | M] () -- C:\Documents and Settings\Martin Langston\My Documents\greater freedom for women
[2012/02/15 01:13:35 | 000,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/15 01:13:35 | 000,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/15 23:16:49 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/15 18:00:26 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\0.760543926019823h7i.exe
[2012/03/11 18:00:21 | 000,008,521 | ---- | C] () -- C:\Documents and Settings\Martin Langston\My Documents\Debenhams Jof order.odt
[2012/02/24 01:42:47 | 000,256,052 | ---- | C] () -- C:\Documents and Settings\Martin Langston\My Documents\greater freedom for women
[2012/02/24 01:17:13 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Martin Langston\wxDownloadFast.ini
[2012/02/14 23:32:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/29 20:29:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/09/29 20:23:21 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\fstextv66.dll
[2011/09/29 20:23:19 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2011/09/29 20:23:19 | 000,145,920 | ---- | C] () -- C:\WINDOWS\System32\wav2.dll
[2011/09/29 20:23:19 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011/09/29 20:18:55 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2011/07/02 14:43:28 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2011/05/27 18:55:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/27 15:48:24 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Martin Langston_KBD.ini
[2011/05/27 15:47:47 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\Martin Langston\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/17 03:27:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011/02/17 01:56:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\test.dll
[2011/02/17 01:30:52 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2011/02/17 01:30:52 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2011/02/17 01:30:50 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2011/02/17 01:30:50 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2011/02/17 01:30:50 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2011/02/17 01:30:50 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2011/02/17 01:30:50 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2011/02/17 01:30:50 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2011/02/17 01:30:50 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2011/02/17 01:30:50 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2011/02/17 01:30:50 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2011/02/17 01:30:50 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2011/02/17 01:30:50 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2011/02/17 01:30:50 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2011/02/17 01:30:50 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2011/02/17 01:30:50 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2011/02/17 01:30:50 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2011/02/17 01:30:50 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2011/02/17 01:30:50 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2011/02/17 01:27:41 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2011/02/17 01:27:41 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2011/02/17 01:22:02 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011/02/17 01:17:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Marker.exe
[2011/02/17 01:17:11 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2011/02/17 01:10:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/02/17 01:04:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/17 00:56:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/02/17 00:55:12 | 003,428,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/06/25 01:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/02/17 01:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2012/03/14 22:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Langston\Application Data\BitLord
[2011/09/29 20:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Langston\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/29 19:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Langston\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/09/29 19:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Langston\Application Data\Design-Lib.Com
[2011/09/29 19:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Langston\Application Data\Easy2Convert
[2012/01/21 17:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Langston\Application Data\HTC
[2011/08/20 18:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Langston\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/06/10 20:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Langston\Application Data\OpenOffice.org
[2011/06/25 00:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Langston\Application Data\Python-Eggs
[2011/11/19 00:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Langston\Application Data\Spotify
[2011/07/02 13:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Langston\Application Data\Xi
[2011/07/07 23:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin Langston\Application Data\YCanPDF
[2012/03/14 22:06:01 | 000,001,016 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4213259863-3007650931-816985191-1005Core.job
[2012/03/15 19:06:06 | 000,001,038 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4213259863-3007650931-816985191-1005UA.job
[2012/03/16 00:19:46 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{36A32EA7-2A69-424E-BA1E-E5B5B0C7A589}.job

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 16/03/2012 00:17:08 - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Documents and Settings\Martin Langston\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 524.14 Mb Available Physical Memory | 51.67% Memory free
2.39 Gb Paging File | 1.96 Gb Available in Paging File | 82.26% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.98 Gb Total Space | 13.00 Gb Free Space | 18.32% Space Free | Partition Type: NTFS
Drive D: | 78.07 Gb Total Space | 77.97 Gb Free Space | 99.88% Space Free | Partition Type: NTFS

Computer Name: SAMSUNG-703C8DD | User Name: Martin Langston | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\BitLord 1.2\Bitlord files\bitlord.exe" = C:\Program Files\BitLord 1.2\Bitlord files\bitlord.exe:*:Enabled:BitLord -- ()
"C:\Program Files\Xi\NetXfer\NetTransport.exe" = C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Documents and Settings\Martin Langston\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Martin Langston\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Documents and Settings\Martin Langston\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Martin Langston\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 29
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC0C5A78-6DBF-3444-0120-0FE8F0134FCD}" = Adobe Download Assistant
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitLord" = BitLord 1.2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PDF To JPG Converter_is1" = PDF To JPG Converter 2.0
"SopCast" = SopCast 3.4.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/03/2012 15:06:06 | Computer Name = SAMSUNG-703C8DD | Source = Google Update | ID = 20
Description =

Error - 15/03/2012 16:34:56 | Computer Name = SAMSUNG-703C8DD | Source = MSSOAP | ID = 16
Description = Soap error: Connection time out..

Error - 15/03/2012 16:34:56 | Computer Name = SAMSUNG-703C8DD | Source = MSSOAP | ID = 16
Description = Soap error: Unspecified HTTP error..

[ Application Events ]
Error - 15/03/2012 15:06:06 | Computer Name = SAMSUNG-703C8DD | Source = Google Update | ID = 20
Description =

Error - 15/03/2012 16:34:56 | Computer Name = SAMSUNG-703C8DD | Source = MSSOAP | ID = 16
Description = Soap error: Connection time out..

Error - 15/03/2012 16:34:56 | Computer Name = SAMSUNG-703C8DD | Source = MSSOAP | ID = 16
Description = Soap error: Unspecified HTTP error..

[ System Events ]
Error - 16/01/2012 16:21:32 | Computer Name = SAMSUNG-703C8DD | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 16/01/2012 16:21:32 | Computer Name = SAMSUNG-703C8DD | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 28/01/2012 13:26:40 | Computer Name = SAMSUNG-703C8DD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 00265E37597F has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 05/02/2012 09:50:02 | Computer Name = SAMSUNG-703C8DD | Source = DCOM | ID = 10010
Description = The server {BA126AE5-2166-11D1-B1D0-00805FC1270E} did not register
with DCOM within the required timeout.

Error - 13/03/2012 18:50:35 | Computer Name = SAMSUNG-703C8DD | Source = DCOM | ID = 10010
Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register
with DCOM within the required timeout.

Error - 15/03/2012 16:27:11 | Computer Name = SAMSUNG-703C8DD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.4 for the Network Card with network
address 00265E37597F has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 15/03/2012 18:52:11 | Computer Name = SAMSUNG-703C8DD | Source = WMPNetworkSvc | ID = 866290
Description = Service 'WMPNetworkSvc' did not start correctly because MFStartup
encountered error '0xc00d36ef'. If possible, reinstall Windows Media Player.


< End of report >
  • 0

#3
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello muckypup and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/03/15 18:00:26 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\0.760543926019823h7i.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#4
muckypup

muckypup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi Maliprog, thanks for your help.

========== OTL ==========
File C:\WINDOWS\System32\0.760543926019823h7i.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Martin Langston\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Martin Langston\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.37.1 log created on 03222012_184002

Before you posted Avira spotted and deleted the 0.760543926019823h7i.exe file.
just doing the GMER now
  • 0

#5
muckypup

muckypup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-22 19:48:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM160HI rev.HH100-06
Running: hiqn50dw.exe; Driver: C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\kxxdrfow.sys


---- System - GMER 1.0.15 ----

SSDT F7F56F6E ZwCreateKey
SSDT F7F56F64 ZwCreateThread
SSDT F7F56F73 ZwDeleteKey
SSDT F7F56F7D ZwDeleteValueKey
SSDT F7F56F82 ZwLoadKey
SSDT F7F56F50 ZwOpenProcess
SSDT F7F56F55 ZwOpenThread
SSDT F7F56F8C ZwReplaceKey
SSDT F7F56F87 ZwRestoreKey
SSDT F7F56F78 ZwSetValueKey

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi muckypup,

Looking good! How is your system now? Any problems? We need to do some more steps to make sure infection is gone.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#7
muckypup

muckypup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
hello again,

no problems, system seems to be running the same, but there was no signs of malware after i disabled the 0.760543926019823h7i.exe from running on start up.

I have attached the log as requested.

Attached Files


  • 0

#8
muckypup

muckypup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Virus Removal Tool wanted me to restart, restarted and has given slightly different log.

Attached Files


  • 0

#9
muckypup

muckypup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
just opened up in normal mode without any alterations to start up menu and the nasty pop up that was covering my desk top has gone :)
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi muckypup,

Good job! I'll remove leftovers and then we'll clean your PC from programs that we used here.

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#11
muckypup

muckypup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Great stuff, all seems good, thanks for your help :)
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP