I do not know if this is the norm but I was looking at my HijackThis Log and found two "O17" which according to the key seems to be a domain hijack. I thought I would post here for clarification. I am also having difficulty lauching the Malwarebytes so I posted the HJT Log and OTL Log below. Thank you for your help.
OTL logfile created on: 4/1/2013 2:00:36 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\My
Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
127.07 Mb Total Physical Memory | 38.32 Mb Available Physical Memory | 30.16% Memory free
305.88 Mb Paging File | 153.39 Mb Available in Paging File | 50.15% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 22.98 Gb Free Space | 61.70% Space Free | Partition Type: NTFS
Computer Name: R1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File
Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/02/23 13:46:36 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\Admin\My
Documents\Downloads\adwcleaner0.exe
PRC - [2012/12/30 14:23:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and
Settings\Admin\My Documents\Downloads\OTL.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common
Files\AOL\1364077436\ee\aolsoftware.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) --
C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common
Files\AOL\acs\AOLacsd.exe
PRC - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) --
C:\WINDOWS\system32\pctspk.exe
========== Modules (No Company Name) ==========
MOD - [2013/02/23 13:46:36 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\Admin\My
Documents\Downloads\adwcleaner0.exe
MOD - [2000/12/22 07:51:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\NavLogon.dll
========== Services (SafeList) ==========
SRV - [2012/11/19 15:30:45 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] --
C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] --
C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] --
C:\WINDOWS\system32\pctspk.exe -- (Pctspk)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\NVxbar.sys -- (NVXBAR)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\nvtunep.sys -- (nvTUNEP)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\nvcap.sys -- (nvcap)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/01 13:48:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel |
On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/01 13:46:41 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] --
C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] --
C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand
| Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/10/31 08:25:42 | 000,151,104 | ---- | M] (Nogatech Ltd.) [Kernel | On_Demand |
Stopped] -- C:\WINDOWS\system32\drivers\NUVision.sys -- (NUVision)
DRV - [2003/06/23 12:15:14 | 000,554,304 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand |
Running] -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm)
DRV - [2003/06/23 12:15:10 | 000,149,632 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand |
Running] -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand |
Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] --
C:\WINDOWS\system32\drivers\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] --
C:\WINDOWS\system32\drivers\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] --
C:\WINDOWS\system32\drivers\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped]
-- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand |
Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [1997/12/22 22:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] --
C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 70
8E 9C CB 2C CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2:
C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program
Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program
Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint
Experience Technology\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components:
C:\Program Files\Mozilla Firefox\components [2012/11/19 15:30:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program
Files\Mozilla Firefox\plugins
FF -
HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:
C:\Program Files\DAP\DAPFireFox [2013/01/09 17:05:32 | 000,000,000 | ---D | M]
[2012/04/21 15:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2012/07/01 13:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla
Firefox\extensions
[2012/11/19 15:30:52 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla
firefox\components\browsercomps.dll
[2012/11/19 15:29:55 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla
firefox\searchplugins\bing.xml
[2012/11/19 15:29:55 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla
firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/02/23 17:42:52 | 000,000,027 | ---- | M]) -
C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [1] C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe
()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy
Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB
(PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://www.update.mi...te.cab?13531602
10045 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 -
HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A5C8D1A-CB5B-4532-97F0-35F0BDA3C853}:
NameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program
Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -
C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) -
C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/23 18:13:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [
NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/01 13:55:09 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Admin\Desktop\RK_Quarantine
[2013/04/01 13:45:02 | 000,040,776 | ---- | C] (Malwarebytes Corporation) --
C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/01 12:32:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2013/03/31 15:02:55 | 000,033,588 | R--- | C] (America Online, Inc.) --
C:\WINDOWS\System32\drivers\wanatw4.sys
[2013/03/29 14:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\CP
Sys 3-29-2013
[2013/03/29 14:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My
Documents\tech assistance 3-29-2013
[2013/03/27 10:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application
Data\VSRevoGroup
[2013/03/23 18:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application
Data\AOL
[2013/03/23 18:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application
Data\Viewpoint
[2013/03/23 18:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2013/03/23 18:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application
Data\AOL OCP
[2013/03/23 18:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\AOL
[2013/03/23 18:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2013/03/23 18:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.7
[2013/03/23 18:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2013/03/23 18:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application
========== Files - Modified Within 30 Days ==========
[2013/04/01 13:48:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) --
C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/01 13:46:41 | 000,035,144 | ---- | M] () --
C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/04/01 12:25:46 | 000,018,059 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/04/01 12:25:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/01 12:25:10 | 133,316,608 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/24 13:02:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/03/23 18:27:26 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/03/23 08:22:34 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/19 18:42:21 | 000,101,134 | ---- | M] () -- C:\Documents and Settings\Admin\My
Documents\NB.htm
[2013/03/13 15:11:22 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Documents and
Settings\Admin\Desktop\OTC.exe
[2013/03/12 12:36:36 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Admin\Local
Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/11 16:04:17 | 000,000,611 | ---- | M] () -- C:\Documents and
Settings\Admin\Desktop\NTREGOPT.lnk
[2013/03/11 16:04:17 | 000,000,592 | ---- | M] () -- C:\Documents and
Settings\Admin\Desktop\ERUNT.lnk
[2013/03/10 15:41:10 | 000,453,288 | ---- | M] () -- C:\Documents and Settings\Admin\My
Documents\2013JobConnection0311.pdf
[2013/03/10 13:36:27 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/10 13:36:27 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/08 15:03:00 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Revo
Uninstaller.lnk
[2013/03/06 17:09:47 | 000,000,627 | ---- | M] () -- C:\Documents and Settings\Admin\My
Documents\HOSTS FOLDER.lnk
[2013/03/05 15:09:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
========== Files Created - No Company Name ==========
[2013/04/01 13:46:41 | 000,035,144 | ---- | C] () --
C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/03/11 16:04:17 | 000,000,611 | ---- | C] () -- C:\Documents and
Settings\Admin\Desktop\NTREGOPT.lnk
[2013/03/11 16:04:17 | 000,000,592 | ---- | C] () -- C:\Documents and
[2013/03/06 17:05:34 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\Admin\My
Documents\HOSTS FOLDER.lnk
[2013/01/16 17:28:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/07 10:31:00 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2012/05/18 17:02:37 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Admin\Local
Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/06 15:04:33 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/04/24 12:06:09 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2012/04/24 12:06:09 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2012/04/15 16:07:59 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2012/04/15 16:07:35 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
========== ZeroAccess Check ==========
[2006/10/27 18:40:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M]
(Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M]
(Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M]
(Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application
Data\TEMP:553CA6CA
< End of report >
=====================================================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:13:14 PM, on 4/1/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1364077436\ee\aolsoftware.exe
C:\Documents and Settings\Admin\My Documents\Downloads\adwcleaner0.exe
C:\Documents and Settings\Admin\My Documents\Downloads\OTL.exe
C:\Documents and Settings\Admin\My Documents\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [1] C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...t/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1353160210045
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A5C8D1A-CB5B-4532-97F0-35F0BDA3C853}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
--
End of file - 3865 bytes
Edited by nirsmar, 02 April 2013 - 04:23 PM.