[kalvin369]

FYI - Before I got your 9:36a post, I ran a Eset Nod32 Scan (which she had previously installed). It located and eliminated 8 inflitratons.

Here are your scans. Computer is behaving very well

****MBR Scan*****

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-22 14:00:25
-----------------------------
14:00:25.140 OS Version: Windows 5.1.2600 Service Pack 3
14:00:25.140 Number of processors: 2 586 0xF0D
14:00:25.140 ComputerName: HOME UserName:
14:00:25.625 Initialize success
14:00:33.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:00:33.953 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
14:00:33.953 Disk 0 MBR read successfully
14:00:33.953 Disk 0 MBR scan
14:00:33.968 Disk 0 Windows XP default MBR code
14:00:33.968 Disk 0 scanning sectors +312576705
14:00:34.015 Disk 0 scanning C:\WINDOWS\system32\drivers
14:00:38.296 Service scanning
14:00:39.671 Disk 0 trace - called modules:
14:00:39.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a9971e8]<<
14:00:39.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a944ab8]
14:00:39.734 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a926910]
14:00:39.750 5 ACPI.sys[b9e7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a373030]
14:00:39.765 \Driver\iaStor[0x8a949a08] -> IRP_MJ_CREATE -> 0x8a9971e8
14:00:39.765 Scan finished successfully
14:01:09.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Luktarn\Desktop\MBR.dat"
14:01:09.265 The log file has been saved successfully to "C:\Documents and Settings\Luktarn\Desktop\aswMBR2.txt"


******Begin OTL Quick Scan*******

OTL logfile created on: 22/5/2011 14:05:26 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Luktarn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041E | Country: Thailand | Language: THA | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 10.07 Gb Free Space | 34.36% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 24.16 Gb Free Space | 41.23% Space Free | Partition Type: NTFS
Drive E: | 61.15 Gb Total Space | 34.75 Gb Free Space | 56.83% Space Free | Partition Type: NTFS
Drive H: | 7.72 Gb Total Space | 4.70 Gb Free Space | 60.91% Space Free | Partition Type: FAT32

Computer Name: HOME | User Name: Luktarn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 11:35:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.scr
PRC - [2011/04/12 00:54:19 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/09/13 13:42:06 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2009/12/11 04:54:04 | 000,819,200 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2009/02/06 21:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 21:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/06/17 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/15 11:35:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.scr
MOD - [2008/06/17 19:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/10/11 13:40:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/13 13:42:06 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/02/06 21:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 21:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - [2010/03/16 03:51:21 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/28 19:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/16 12:27:17] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/02/11 00:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/02/06 21:24:24 | 000,093,336 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/02/06 21:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 21:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/06/17 19:00:00 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\iastor78.sys -- (iastor78)
DRV - [2008/04/29 15:00:00 | 000,288,896 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/03/13 08:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2008/03/05 13:03:38 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2007/12/18 12:18:10 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2007/11/01 15:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 15:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 15:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/17 14:46:00 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/17 14:45:42 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/05/17 14:45:36 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/07/19 18:27:26 | 000,013,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2004/05/10 22:42:38 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
IE - HKCU\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "http://search.icq.co...b_ver=1.1.9&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 10:00:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 10:00:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/16 16:20:41 | 000,000,000 | ---D | M]

[2010/03/16 06:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Extensions
[2011/05/12 23:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions
[2011/03/10 22:53:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/10/22 14:37:12 | 000,000,000 | ---D | M] (Messenger Plus Live Toolbar) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
[2010/12/14 09:23:34 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/04/21 12:06:24 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\conduit.xml
[2011/05/09 00:20:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin-1.xml
[2011/03/23 23:32:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin-2.xml
[2011/05/01 10:00:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin-3.xml
[2011/02/20 11:21:20 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin.gif
[2011/02/20 11:21:20 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin.src
[2011/03/05 21:13:28 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin.xml
[2011/05/12 23:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 06:23:25 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\LUKTARN\APPLICATION DATA\MOVE NETWORKS
[2010/03/21 08:50:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

Hosts file not found
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Luktarn\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Malwarebytes Corporation )
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/16 03:44:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 14:05:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.scr
[2011/05/22 13:58:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Luktarn\Recent
[2011/05/16 13:51:34 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Luktarn\Desktop\aswMBR.exe
[2011/05/16 13:32:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Luktarn\IECompatCache
[2011/05/16 03:28:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/15 11:40:09 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.com
[2011/05/15 08:56:05 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Luktarn\Desktop\explorer.exe
[2011/05/14 17:40:36 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Luktarn\My Documents\explorer.exe
[2011/05/13 12:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/13 11:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/13 11:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/13 11:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Application Data\advantage
[2011/05/12 22:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\elton john
[2011/05/07 22:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\New Folder
[2011/05/07 00:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\BB
[2011/04/26 01:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\SONGS
[2011/04/25 01:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/25 01:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/25 01:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/21 08:47:52 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\xpiinstall.exe
[4 C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/22 23:28:15 | 000,000,512 | ---- | M] () -- C:\backup_mbr_0.bin
[2011/05/22 14:04:12 | 000,444,862 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/22 14:04:12 | 000,072,486 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/22 14:01:09 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\MBR.dat
[2011/05/22 14:00:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 14:00:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/22 13:59:58 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/22 13:59:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/22 13:47:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2111687655-1177238915-1004UA.job
[2011/05/16 13:51:41 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Luktarn\Desktop\aswMBR.exe
[2011/05/16 13:45:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/15 16:47:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/15 16:47:01 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/05/15 11:47:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2111687655-1177238915-1004Core.job
[2011/05/15 11:35:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.scr
[2011/05/15 11:35:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.com
[2011/05/14 17:39:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/13 12:09:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 02:01:18 | 001,062,514 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\School.PDF
[2011/05/12 23:57:44 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 15:47:00 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Luktarn.job
[2011/05/11 11:29:20 | 001,343,569 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\SomO.3gp
[2011/05/09 12:02:50 | 000,138,302 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\ProducerDocuments.pdf
[2011/05/07 01:46:00 | 000,543,620 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\fax-menus-no-prices-3-11.pdf
[2011/05/07 01:45:28 | 002,686,543 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\menu.pdf
[2011/05/07 01:30:50 | 000,161,451 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\SantaAna.pdf
[2011/04/27 11:38:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/25 01:49:26 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/25 01:46:28 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[4 C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 23:28:15 | 000,000,512 | ---- | C] () -- C:\backup_mbr_0.bin
[2011/05/16 13:53:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\MBR.dat
[2011/05/16 13:45:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 11:54:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 02:01:18 | 001,062,514 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\School.PDF
[2011/05/11 11:29:20 | 001,343,569 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\SomO.3gp
[2011/05/09 12:02:50 | 000,138,302 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\ProducerDocuments.pdf
[2011/05/07 01:46:00 | 000,543,620 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\fax-menus-no-prices-3-11.pdf
[2011/05/07 01:45:19 | 002,686,543 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\menu.pdf
[2011/05/07 01:30:50 | 000,161,451 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\SantaAna.pdf
[2011/04/27 11:38:36 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/25 01:49:26 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/25 01:46:28 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/21 01:30:33 | 000,295,042 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/01/09 18:14:20 | 000,000,281 | ---- | C] () -- C:\Program Files\© Local Disk.lnk
[2011/01/05 15:41:56 | 000,075,420 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/27 22:23:44 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Luktarn\Application Data\default.pls
[2010/08/09 21:05:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2010/08/08 16:56:40 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/03/24 02:50:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/17 15:18:17 | 000,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2010/03/17 15:18:16 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2010/03/16 19:01:02 | 000,129,536 | ---- | C] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/16 18:45:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/16 06:26:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/16 04:14:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/16 03:51:26 | 000,001,404 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010/03/16 03:51:06 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/03/16 03:51:02 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/16 03:51:02 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/16 03:51:01 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/03/16 03:50:59 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/16 03:47:09 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/16 03:41:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/16 03:34:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/16 03:32:03 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/03/16 03:18:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2010/03/16 03:18:19 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2010/03/16 03:18:12 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2010/03/16 03:18:12 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2010/03/16 03:13:28 | 001,646,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/17 19:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/06/17 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/06/17 19:00:00 | 000,444,862 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/06/17 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/06/17 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/06/17 19:00:00 | 000,072,486 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/06/17 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/06/17 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/06/17 19:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/06/17 19:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/06/17 19:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/06/17 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/03/16 03:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/08/08 17:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons. Family Resort
[2011/02/25 22:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/08/08 16:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Burger Island 2
[2010/03/16 04:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/01/04 16:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/03/20 10:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/07 19:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/05/15 17:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/03/16 15:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2010/11/29 20:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/08 16:56:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Luktarn\Application Data\.#
[2010/04/30 22:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\ACD Systems
[2011/05/16 03:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\advantage
[2010/08/08 17:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Ashtons. Family Resort
[2010/03/16 13:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Auslogics
[2011/02/25 22:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Babylon
[2010/08/08 16:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\GamesCafe
[2010/09/13 13:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Netscape
[2010/08/08 13:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\NevoSoft Games
[2010/07/03 22:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Notepad++
[2010/09/13 14:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Photodex
[2010/08/07 19:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\PlayFirst
[2011/05/22 14:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\PriceGong
[2010/07/03 22:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\URSoft
[2011/05/22 14:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\uTorrent

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/03/16 12:48:27 | 000,000,648 | ---- | M] ()(C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\?Torrent.lnk) -- C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/03/16 12:48:27 | 000,000,648 | ---- | C] ()(C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\?Torrent.lnk) -- C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:1CE11B51
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:908A1B53
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:679ABA25
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:56F368C9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:EA701346

< End of report >

[Advertisements]

That looks good - what did Eset find out of curiosity

The problem appears to have been a double MBR infection - two types TDL3 and TDL4, aswMBR cleared the TDL4 but it is not designed for the TDL3 one. Hence I needed to replace the MBR outside of windows. They are getting too sneaky these malware writers

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

[Essexboy]

That looks good - what did Eset find out of curiosity

The problem appears to have been a double MBR infection - two types TDL3 and TDL4, aswMBR cleared the TDL4 but it is not designed for the TDL3 one. Hence I needed to replace the MBR outside of windows. They are getting too sneaky these malware writers

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

[kalvin369]

Awesome! Thanks again:

Here is the log file from Eset. Perhaps it'll give you some insight. Looks like it was dealing with trojans of some variety..?




Scan Log
Version of virus signature database: 6142 (20110522)
Date: 22/5/2011 Time: 12:46:44 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;D:\Boot sector;E:\Boot sector;C:\;D:\;E:\
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe » INNO » file0006.bin » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Default User\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Default User\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Default User\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Default User\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Guest\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Guest\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Guest\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Guest\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Luktarn\Application Data\Adobe\plugs\KB3304296.exe - Win32/TrojanDropper.Agent.PEY trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Luktarn\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Luktarn\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Luktarn\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Luktarn\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Luktarn\Cookies\[email protected][1].txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Luktarn\Local Settings\Application Data\Identities\{7C269604-CD50-4EE6-9E55-68802CA0410B}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » PROCESS_LIBRARY.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » HIRING_REQUISITION_CUSTOMIZED.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » HIRING_REQUISITION.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » TRACK_ISSUES.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » POLICIES.FDT » MIME - is OK (internal scanning not performed)
C:\Program Files\7-Zip\Uninstall.exe » NSIS - incorrect CRC checksum, the file may be damaged
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\genius_maxfighter_f16u.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\logitech_attack3.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\logitech_extreme_3d.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\logitech_force_3d.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\logitech_freedom.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\saitek_cyborg_evo.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\saitek_x52.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_hawk.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_widow.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_cougar_flightstick.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_dark_tornado.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\xbox_360.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_06\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_06\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_06\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_06\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition - Customized.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Track Issues.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Nero\Nero Burning ROM\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)
C:\Program Files\Nero\Nero8\Nero Burning Rom\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Installer\465eb.msi » MSI » ISSetupFile.SetupFile11 » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Installer\465eb.msi » MSI » ISSetupFile.SetupFile13 » MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\jre1.6.0_06\jre1.6.0_06.msi » MSI » Data1.cab » CAB » core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\_OTL\MovedFiles\05152011_162840\C_Documents and Settings\All Users\Application Data\pF28601MaDdD28601\pF28601MaDdD28601.exe - a variant of Win32/Kryptik.NSR trojan - cleaned by deleting - quarantined [1]
C:\_OTL\MovedFiles\05152011_162840\C_Documents and Settings\Luktarn\Application Data\28EBD6823E002FAF21D67D2BD7C3E97F\enemies-names.txt - Win32/Adware.AntimalwareDoctor.AE.Gen application - cleaned by deleting - quarantined [1]
C:\_OTL\MovedFiles\05152011_162840\C_Documents and Settings\Luktarn\Application Data\28EBD6823E002FAF21D67D2BD7C3E97F\local.ini - Win32/Adware.AntimalwareDoctor.AE.Gen application - cleaned by deleting - quarantined [1]
C:\_OTL\MovedFiles\05152011_162840\C_Documents and Settings\Luktarn\Application Data\28EBD6823E002FAF21D67D2BD7C3E97F\tun70uidop.exe - Win32/Adware.AntimalwareDoctor application - cleaned by deleting - quarantined [1]
C:\_OTL\MovedFiles\05152011_162840\C_Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe - a variant of Win32/Injector.GJP trojan - cleaned by deleting - quarantined [1]
C:\_OTL\MovedFiles\05152011_162840\C_Documents and Settings\Luktarn\Local Settings\Temp\Cjo.exe - Win32/TrojanDownloader.FakeAlert.BGV trojan - cleaned by deleting - quarantined [1]
C:\_OTL\MovedFiles\05152011_162840\C_WINDOWS\Clojua.exe - Win32/TrojanDownloader.FakeAlert.BGV trojan - cleaned by deleting - quarantined [1]
C:\_OTL\MovedFiles\05152011_162840\C_WINDOWS\system32\bios1I.dll - error opening [4]
C:\_OTL\MovedFiles\05152011_162840\C_WINDOWS\tasks\RROPWOEANJ.job - error opening [4]
C:\_OTL\MovedFiles\05152011_162840\C_WINDOWS\tasks\TPSNPZFFO.job - error opening [4]
D:\เก็บไว้\yeahปี3เทอม2\Engtour\legendary\10 อันดับสถานที่ท่องเที่ยวปริศนาทั่วโลก.mht » MIME - is OK (internal scanning not performed)
D:\เก็บไว้\yeahปี3เทอม2\Engtour\legendary\Cruise on the Nile aboard the Steam Ship Sudan, cruise in Egypt.mht » MIME - is OK (internal scanning not performed)
D:\เก็บไว้\yeahปี3เทอม2\Engtour\legendary\Oregon Ghosts.mht » MIME - is OK (internal scanning not performed)
D:\เก็บไว้\yeahปี3เทอม2\Engtour\legendary\Taj History,History of Taj Mahal,Legends of Taj Mahal.mht » MIME - is OK (internal scanning not performed)
D:\เก็บไว้\yeahปี3เทอม2\Engtour\legendary\The book The Secrets of the Grand Canal.mht » MIME - is OK (internal scanning not performed)
D:\เก็บไว้\yeahปี3เทอม2\Engtour\legendary\The Oregon Vortex & The House Of Mystery In Gold Hill, Oregon.mht » MIME - is OK (internal scanning not performed)
D:\เก็บไว้\yeahปี3เทอม2\Engtour\legendary\Tower of London.mht » MIME - is OK (internal scanning not performed)
Number of scanned objects: 242034
Number of threats found: 8
Number of cleaned objects: 8
Time of completion: 1:21:21 PM Total scanning time: 2077 sec (00:34:37)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.

[Essexboy]

No problem there it took out the stuff that we had already quarantined in OTL

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.