Thanks, and I hope all of this is a false alert!
Assistance required | Trojan lurking? [Solved]
Started by
Versacci
, Aug 26 2009 11:20 AM
#16
Posted 20 September 2009 - 12:40 PM
Thanks, and I hope all of this is a false alert!
#17
Posted 21 September 2009 - 04:22 AM
hi, again hammerman.
OK, did the full scan overnight, and nothing detetced this time:
Scan
----
Scanned: 876695
Detected: 0
Untreated: 0
Start time: 20/09/2009 23:27:07
Duration: 06:34:10
Finish time: 21/09/2009 06:01:17
Also, changed m ebay account password, althouhg I still find that strange that somehoe it had altered without me doing it?
Comp appears to be running fine at the moment, so anything else you sugest I should do, would be great.
Thanks for your help...
OK, did the full scan overnight, and nothing detetced this time:
Scan
----
Scanned: 876695
Detected: 0
Untreated: 0
Start time: 20/09/2009 23:27:07
Duration: 06:34:10
Finish time: 21/09/2009 06:01:17
Also, changed m ebay account password, althouhg I still find that strange that somehoe it had altered without me doing it?
Comp appears to be running fine at the moment, so anything else you sugest I should do, would be great.
Thanks for your help...
#18
Posted 21 September 2009 - 06:40 AM
Hi,
I'll have one more look at an OTL log before we finish up.
Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.
I'll have one more look at an OTL log before we finish up.
Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.
#19
Posted 22 September 2009 - 04:26 AM
hi, hammer. Scan results:
OTL logfile created on: 22/09/2009 11:14:20 - Run 2
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.30 Mb Total Physical Memory | 728.70 Mb Available Physical Memory | 71.21% Memory free
2.41 Gb Paging File | 2.13 Gb Available in Paging File | 88.60% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.01 Gb Total Space | 55.19 Gb Free Space | 78.84% Space Free | Partition Type: NTFS
Drive D: | 4.50 Gb Total Space | 0.55 Gb Free Space | 12.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-G2ASVV4L2M
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe (McAfee Security)
PRC - C:\Program Files\Common Files\AOL\1209815663\ee\AOLSoftware.exe (America Online, Inc.)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Avant Browser\avant.exe (Avant Force)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (StumbleUponUpdateService [On_Demand | Stopped]) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe (stumbleupon.com)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: the changes will be overwritten when the application exits. * * To make a manual change to preferences
FF - prefs.js..extensions.enabledItems: you can visit the URL about:config * For more information
FF - prefs.js..extensions.enabledItems: see http://www.mozilla.o...zing.html#prefs */user_pref("app.update.lastUpdateTime.addon-background-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143593);user_pref("app.update.lastUpdateTime.background-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143591);user_pref("app.update.lastUpdateTime.blocklist-background-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143591);user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143594);user_pref("app.update.lastUpdateTime.search-engine-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143597);user_pref("browser.migration.version"
FF - prefs.js..extensions.enabledItems: 1);user_pref("browser.places.importBookmarksHTML"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.places.importDefaults"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.places.leftPaneFolderId"
FF - prefs.js..extensions.enabledItems: -1);user_pref("browser.places.migratePostDataAnnotations"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.places.smartBookmarksVersion"
FF - prefs.js..extensions.enabledItems: 1);user_pref("browser.places.updateRecentTagsUri"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.startup.homepage"
FF - prefs.js..extensions.enabledItems: "http://www.google.co.uk/");user_pref("browser.startup.homepage_override.mstone"
FF - prefs.js..extensions.enabledItems: "rv:1.9.0.1");user_pref("extensions.enabledItems"
FF - prefs.js..extensions.enabledItems: "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1");user_pref("extensions.lastAppVersion"
FF - prefs.js..extensions.enabledItems: "3.0.1");user_pref("intl.charsetmenu.browser.cache"
FF - prefs.js..extensions.enabledItems: "ISO-8859-1
FF - prefs.js..extensions.enabledItems: UTF-8");user_pref("network.cookie.prefsMigrated"
FF - prefs.js..extensions.enabledItems: true);user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey
FF - prefs.js..browser.search.selectedEngine: "Orbit Search (Powered By Google)"
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/20 14:24:21 | 00,000,000 | ---D | M]
[2008/08/07 22:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/08/07 22:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/08/07 22:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\rlis8chp.default\extensions
O1 HOSTS File: (324359 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11100 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1209815663\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Acme.PCHButton] C:\Program Files\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 61 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/01 09:36:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 21:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 14 Days ==========
[2009/09/21 23:19:55 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/21 11:05:34 | 10,730,74176 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/20 19:58:22 | 03,860,512 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/09/20 19:58:22 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/09/20 14:24:15 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/09/20 14:03:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/09/20 13:51:05 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/19 22:53:14 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/09/19 17:26:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/09/19 17:26:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/09/19 17:24:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/09/19 15:15:13 | 00,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/19 15:15:01 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/09/19 15:15:01 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/09/19 15:15:01 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/09/19 15:15:00 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/09/19 15:14:57 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/09/19 15:14:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/09/19 14:51:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Security
[2009/09/19 14:41:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/09/19 14:27:07 | 00,000,384 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/09/19 14:27:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit
[2009/09/19 14:27:00 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/09/19 14:18:27 | 00,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2009/09/19 14:15:58 | 00,000,000 | ---D | C] -- C:\Program Files\WinASO
[2009/09/19 14:07:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/09/18 14:21:19 | 00,049,995 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1253276190196.jpg
[2009/09/17 00:07:56 | 00,185,565 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\kj11-dimitri-kjeragbolten.jpg
[2009/09/17 00:07:51 | 00,498,925 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2725713935_2e67cf74e8_b.jpg
[2009/09/17 00:06:57 | 01,618,675 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\moher.jpg
[2009/09/17 00:06:23 | 00,074,132 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\swimpc.jpg
[2009/09/17 00:04:22 | 00,062,355 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\_prekestol_jpg_465461a.jpg
[2009/09/15 14:51:14 | 00,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avant Browser.lnk
[2009/09/15 13:28:05 | 00,000,043 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lightn.gif
[2009/09/13 00:29:07 | 00,227,358 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cross eyed.bmp
[2009/09/13 00:12:26 | 00,041,130 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\twaddle.jpg
[2009/09/08 13:35:18 | 00,048,752 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\humor,scrabble,you,lost,the,game,board,game,game,lost-c1ada83f8a8c5d3742b5ffa7e41730d3_h.jpg
========== Files - Modified Within 14 Days ==========
[2009/09/22 10:49:04 | 00,000,779 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/22 10:47:42 | 00,017,888 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/09/22 10:46:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/22 10:46:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/22 10:46:26 | 10,730,74176 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/21 23:29:51 | 04,298,250 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/09/21 23:19:59 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/21 22:33:00 | 00,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003UA.job
[2009/09/21 17:33:00 | 00,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003Core.job
[2009/09/20 22:16:52 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/09/20 20:14:22 | 03,860,512 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/09/20 19:58:24 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/09/20 19:16:24 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
[2009/09/20 14:42:11 | 00,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/09/19 17:34:07 | 00,002,295 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2009/09/19 15:15:13 | 00,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/18 14:21:19 | 00,049,995 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1253276190196.jpg
[2009/09/17 00:07:56 | 00,185,565 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\kj11-dimitri-kjeragbolten.jpg
[2009/09/17 00:07:51 | 00,498,925 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2725713935_2e67cf74e8_b.jpg
[2009/09/17 00:06:57 | 01,618,675 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\moher.jpg
[2009/09/17 00:06:23 | 00,074,132 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\swimpc.jpg
[2009/09/17 00:04:22 | 00,062,355 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\_prekestol_jpg_465461a.jpg
[2009/09/15 14:51:14 | 00,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avant Browser.lnk
[2009/09/15 13:28:05 | 00,000,043 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lightn.gif
[2009/09/13 00:29:07 | 00,227,358 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cross eyed.bmp
[2009/09/13 00:12:26 | 00,041,130 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\twaddle.jpg
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/08 13:35:13 | 00,048,752 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\humor,scrabble,you,lost,the,game,board,game,game,lost-c1ada83f8a8c5d3742b5ffa7e41730d3_h.jpg
========== LOP Check ==========
[2009/09/19 15:14:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/02/14 18:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AceBIT
[2008/02/14 17:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2003/01/01 11:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/09/19 14:41:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/02/03 17:55:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/12/21 15:22:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2003/01/01 12:07:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2003/01/01 09:41:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/06/11 20:55:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/08/26 22:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/09/20 22:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/20 14:03:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2008/02/14 18:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AceBIT
[2009/09/20 14:03:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2008/08/13 21:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/02/13 15:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoreFTP
[2008/03/01 13:48:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2008/03/22 04:39:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/02/14 17:35:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlobalSCAPE
[2009/09/06 14:54:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hide IP NG
[2009/09/19 14:46:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2009/08/26 15:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mask Surf
[2007/12/05 23:48:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Motive
[2009/09/16 18:45:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
[2009/01/31 22:00:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orbit
[2009/03/08 22:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Primal 3D Body
[2003/01/01 12:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/08/26 22:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simply Super Software
[2008/02/16 17:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2008/02/09 14:51:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartFTP
[2009/09/21 22:19:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StumbleUpon
[2009/08/26 16:16:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tor
[2009/09/19 14:07:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2007/12/05 14:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
[2009/08/29 12:11:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2003/09/24 03:38:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/21 17:33:00 | 00,000,924 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003Core.job
[2009/09/21 22:33:00 | 00,000,976 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003UA.job
[2009/09/22 10:46:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/20 22:16:52 | 00,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF1D8F55
< End of report >
OTL logfile created on: 22/09/2009 11:14:20 - Run 2
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.30 Mb Total Physical Memory | 728.70 Mb Available Physical Memory | 71.21% Memory free
2.41 Gb Paging File | 2.13 Gb Available in Paging File | 88.60% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.01 Gb Total Space | 55.19 Gb Free Space | 78.84% Space Free | Partition Type: NTFS
Drive D: | 4.50 Gb Total Space | 0.55 Gb Free Space | 12.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-G2ASVV4L2M
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe (McAfee Security)
PRC - C:\Program Files\Common Files\AOL\1209815663\ee\AOLSoftware.exe (America Online, Inc.)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Avant Browser\avant.exe (Avant Force)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (StumbleUponUpdateService [On_Demand | Stopped]) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe (stumbleupon.com)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: the changes will be overwritten when the application exits. * * To make a manual change to preferences
FF - prefs.js..extensions.enabledItems: you can visit the URL about:config * For more information
FF - prefs.js..extensions.enabledItems: see http://www.mozilla.o...zing.html#prefs */user_pref("app.update.lastUpdateTime.addon-background-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143593);user_pref("app.update.lastUpdateTime.background-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143591);user_pref("app.update.lastUpdateTime.blocklist-background-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143591);user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143594);user_pref("app.update.lastUpdateTime.search-engine-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143597);user_pref("browser.migration.version"
FF - prefs.js..extensions.enabledItems: 1);user_pref("browser.places.importBookmarksHTML"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.places.importDefaults"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.places.leftPaneFolderId"
FF - prefs.js..extensions.enabledItems: -1);user_pref("browser.places.migratePostDataAnnotations"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.places.smartBookmarksVersion"
FF - prefs.js..extensions.enabledItems: 1);user_pref("browser.places.updateRecentTagsUri"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.startup.homepage"
FF - prefs.js..extensions.enabledItems: "http://www.google.co.uk/");user_pref("browser.startup.homepage_override.mstone"
FF - prefs.js..extensions.enabledItems: "rv:1.9.0.1");user_pref("extensions.enabledItems"
FF - prefs.js..extensions.enabledItems: "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1");user_pref("extensions.lastAppVersion"
FF - prefs.js..extensions.enabledItems: "3.0.1");user_pref("intl.charsetmenu.browser.cache"
FF - prefs.js..extensions.enabledItems: "ISO-8859-1
FF - prefs.js..extensions.enabledItems: UTF-8");user_pref("network.cookie.prefsMigrated"
FF - prefs.js..extensions.enabledItems: true);user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey
FF - prefs.js..browser.search.selectedEngine: "Orbit Search (Powered By Google)"
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/20 14:24:21 | 00,000,000 | ---D | M]
[2008/08/07 22:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/08/07 22:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/08/07 22:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\rlis8chp.default\extensions
O1 HOSTS File: (324359 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11100 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1209815663\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Acme.PCHButton] C:\Program Files\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 61 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/01 09:36:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 21:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 14 Days ==========
[2009/09/21 23:19:55 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/21 11:05:34 | 10,730,74176 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/20 19:58:22 | 03,860,512 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/09/20 19:58:22 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/09/20 14:24:15 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/09/20 14:03:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/09/20 13:51:05 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/19 22:53:14 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/09/19 17:26:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/09/19 17:26:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/09/19 17:24:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/09/19 15:15:13 | 00,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/19 15:15:01 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/09/19 15:15:01 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/09/19 15:15:01 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/09/19 15:15:00 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/09/19 15:14:57 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/09/19 15:14:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/09/19 14:51:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Security
[2009/09/19 14:41:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/09/19 14:27:07 | 00,000,384 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/09/19 14:27:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit
[2009/09/19 14:27:00 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/09/19 14:18:27 | 00,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2009/09/19 14:15:58 | 00,000,000 | ---D | C] -- C:\Program Files\WinASO
[2009/09/19 14:07:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/09/18 14:21:19 | 00,049,995 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1253276190196.jpg
[2009/09/17 00:07:56 | 00,185,565 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\kj11-dimitri-kjeragbolten.jpg
[2009/09/17 00:07:51 | 00,498,925 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2725713935_2e67cf74e8_b.jpg
[2009/09/17 00:06:57 | 01,618,675 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\moher.jpg
[2009/09/17 00:06:23 | 00,074,132 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\swimpc.jpg
[2009/09/17 00:04:22 | 00,062,355 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\_prekestol_jpg_465461a.jpg
[2009/09/15 14:51:14 | 00,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avant Browser.lnk
[2009/09/15 13:28:05 | 00,000,043 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lightn.gif
[2009/09/13 00:29:07 | 00,227,358 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cross eyed.bmp
[2009/09/13 00:12:26 | 00,041,130 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\twaddle.jpg
[2009/09/08 13:35:18 | 00,048,752 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\humor,scrabble,you,lost,the,game,board,game,game,lost-c1ada83f8a8c5d3742b5ffa7e41730d3_h.jpg
========== Files - Modified Within 14 Days ==========
[2009/09/22 10:49:04 | 00,000,779 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/22 10:47:42 | 00,017,888 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/09/22 10:46:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/22 10:46:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/22 10:46:26 | 10,730,74176 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/21 23:29:51 | 04,298,250 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/09/21 23:19:59 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/21 22:33:00 | 00,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003UA.job
[2009/09/21 17:33:00 | 00,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003Core.job
[2009/09/20 22:16:52 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/09/20 20:14:22 | 03,860,512 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/09/20 19:58:24 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/09/20 19:16:24 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
[2009/09/20 14:42:11 | 00,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/09/19 17:34:07 | 00,002,295 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2009/09/19 15:15:13 | 00,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/18 14:21:19 | 00,049,995 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1253276190196.jpg
[2009/09/17 00:07:56 | 00,185,565 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\kj11-dimitri-kjeragbolten.jpg
[2009/09/17 00:07:51 | 00,498,925 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2725713935_2e67cf74e8_b.jpg
[2009/09/17 00:06:57 | 01,618,675 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\moher.jpg
[2009/09/17 00:06:23 | 00,074,132 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\swimpc.jpg
[2009/09/17 00:04:22 | 00,062,355 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\_prekestol_jpg_465461a.jpg
[2009/09/15 14:51:14 | 00,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avant Browser.lnk
[2009/09/15 13:28:05 | 00,000,043 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lightn.gif
[2009/09/13 00:29:07 | 00,227,358 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cross eyed.bmp
[2009/09/13 00:12:26 | 00,041,130 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\twaddle.jpg
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/08 13:35:13 | 00,048,752 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\humor,scrabble,you,lost,the,game,board,game,game,lost-c1ada83f8a8c5d3742b5ffa7e41730d3_h.jpg
========== LOP Check ==========
[2009/09/19 15:14:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/02/14 18:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AceBIT
[2008/02/14 17:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2003/01/01 11:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/09/19 14:41:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/02/03 17:55:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/12/21 15:22:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2003/01/01 12:07:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2003/01/01 09:41:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/06/11 20:55:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/08/26 22:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/09/20 22:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/20 14:03:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2008/02/14 18:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AceBIT
[2009/09/20 14:03:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2008/08/13 21:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/02/13 15:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoreFTP
[2008/03/01 13:48:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2008/03/22 04:39:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/02/14 17:35:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlobalSCAPE
[2009/09/06 14:54:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hide IP NG
[2009/09/19 14:46:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2009/08/26 15:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mask Surf
[2007/12/05 23:48:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Motive
[2009/09/16 18:45:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
[2009/01/31 22:00:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orbit
[2009/03/08 22:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Primal 3D Body
[2003/01/01 12:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/08/26 22:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simply Super Software
[2008/02/16 17:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2008/02/09 14:51:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartFTP
[2009/09/21 22:19:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StumbleUpon
[2009/08/26 16:16:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tor
[2009/09/19 14:07:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2007/12/05 14:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
[2009/08/29 12:11:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2003/09/24 03:38:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/21 17:33:00 | 00,000,924 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003Core.job
[2009/09/21 22:33:00 | 00,000,976 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003UA.job
[2009/09/22 10:46:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/20 22:16:52 | 00,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF1D8F55
< End of report >
#20
Posted 22 September 2009 - 06:22 AM
Hello,
Congratulations, your computer appears clean
Now let's remove the tools we've been using.
Please follow these steps.
-- Step 1 --
Your backup files in the System Restore points may be infected and need to be cleared. The only way to do this is to turn off System Restore and then turn it back on again. This will delete all your backup files in the System Restore points, including any that are infected. You can then create a new restore point containing your clean files. Please follow these instructions.
Here are some measures you can take to ensure that your computer remains clean.
1. Updates
Windows Updates
It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.
As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.
You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.
Other Updates
Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc
2. Security Programs
Here is a list of security programs that I would recommend.
Firewall
A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.
Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.
Antivirus
An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.
AVG
Avira Free
Avast
Anti-Malware
Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.
Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.
Prevention
SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.
Cleaner
ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.
Browser
Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
Congratulations, your computer appears clean
Now let's remove the tools we've been using.
Please follow these steps.
-- Step 1 --
- Download OTC to your desktop and run it
- Click Yes to beginning the Cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Your backup files in the System Restore points may be infected and need to be cleared. The only way to do this is to turn off System Restore and then turn it back on again. This will delete all your backup files in the System Restore points, including any that are infected. You can then create a new restore point containing your clean files. Please follow these instructions.
- Right-click on My Computer and select Properties.
- Click the System Restore tab.
- Check Turn off System Restore.
- Click Apply then click Yes to confirm. This will remove all your System Restore points and infected files.
- Now uncheck the Turn off System Restore, click Apply then OK.
Here are some measures you can take to ensure that your computer remains clean.
1. Updates
Windows Updates
It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.
- Click Start
- Select Control Panel
- Click on Automatic (recommended)
- Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
- Click Apply then OK.
As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.
- Click Start
- Select Control Panel
- Select Add or Remove Programs
- Remove all Java updates except the latest one you have just installed.
You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.
Other Updates
Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc
2. Security Programs
Here is a list of security programs that I would recommend.
Firewall
A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.
Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.
Antivirus
An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.
AVG
Avira Free
Avast
Anti-Malware
Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.
Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.
Prevention
SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.
Cleaner
ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.
Browser
Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
#21
Posted 22 September 2009 - 07:27 AM
Hi, hammer. Thanks for all of your help. All seems fine now, so thanks again. Good work!
#22
Posted 23 September 2009 - 12:27 AM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users