Jump to content
Sign in to follow this  
newonnet

Strangely Slow

Recommended Posts

Hi guys

 

Could someone have a quick look over my logs please? I may just be a little paranoid here but the PC seems to be running slower then previously, browsing seems to take a long time and also just opening windows. I would rather someone who knows what they are doing just give it a quick once over please?

I notice in my HJT log there is something called bdoscandel.exe (even sounds worrying!!) but wasnt sure if i should 'fix' it.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:22:08, on 30/07/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG10\avgfws.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgam.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\PROGRAM FILES\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=2080530

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKUS\S-1-5-21-3267859554-278318661-2006048689-1018\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3267859554-278318661-2006048689-1018\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'UpdatusUser')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4E0B518A-99A1-4EAF-AF30-9EC9AB5C7214}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

 

--

End of file - 8439 bytes

 

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by at 0:32:40 on 2011-07-30

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2067 [GMT 1:00]

.

AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Enabled*

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

svchost.exe

C:\Program Files\AVG\AVG10\avgfws.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgam.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\PROGRAM FILES\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-explorer: HideSCABattery = 0 (0x0)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{4E0B518A-99A1-4EAF-AF30-9EC9AB5C7214} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{4E0B518A-99A1-4EAF-AF30-9EC9AB5C7214} : DhcpNameServer = 194.168.4.100 194.168.8.100

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 AvgRkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-25 390528]

R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-13 57144]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]

R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-24 2214504]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-2-26 30432]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]

R3 RegKernelHelp;RegKernelHelp;\??\c:\program files\safe returner\regkernelhelp.sys --> c:\program files\safe returner\RegKernelHelp.sys [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-11-12 1691480]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-2-26 30432]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-25 16968]

S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2010-5-9 3768]

S3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys --> c:\windows\system32\drivers\pbsaudrv.sys [?]

S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys --> c:\windows\system32\drivers\scrcap.sys [?]

S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-23 517448]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]

S4 MSSQL$QSRNVIVO;SQL Server (QSRNVIVO);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-12-18 85504]

S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S4 Seagate Sync Service;Seagate Sync Service;"c:\program files\seagate\sync\seasyncservices.exe" --> c:\program files\seagate\sync\SeaSyncServices.exe [?]

.

=============== File Associations ===============

.

JSEFile=c:\program files\analogx\script defender\sdefend.exe %1 %*

scrfile="%1" /S

VBEFile=c:\program files\analogx\script defender\sdefend.exe %1 %*

VBSFile=c:\program files\analogx\script defender\sdefend.exe %1 %*

.

=============== Created Last 30 ================

.

2011-07-23 16:50:36 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-07-23 16:50:36 -------- d-----w- c:\windows\system32\wbem\Repository

2011-07-20 23:31:30 -------- d-----w- c:\documents and settings\***********\application data\Firestorm

2011-07-20 23:31:29 -------- d-----w- c:\documents and settings\***********\local settings\application data\Firestorm

2011-07-20 23:30:28 -------- d-----w- c:\program files\Firestorm-Beta

2011-07-20 23:26:32 -------- d-----w- c:\program files\Phoenix Viewer

2011-07-04 20:53:34 -------- d-----w- c:\windows\nview

.

==================== Find3M ====================

.

2011-07-14 21:36:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-04 21:07:29 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-07-04 21:07:29 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-07-04 21:07:25 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-07-03 13:36:26 119296 ----a-w- c:\windows\system32\zlib.dll

2011-06-22 17:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-04 03:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 01:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

.

============= FINISH: 0:33:36.62 ===============

 

 

.

 

Many thanks

Share this post


Link to post
Share on other sites

Hello newonnet and :wp:.

I'm RedCar92 and my name is Bill, I'll be glad to help you with your computer problems.

  • Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear. Malware removal can be stressful but we will clean it.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.

This may cause a delay, but I will do my best to keep it as short as possible.

 

Please bear with me, I will post back to you as soon as I can.

 

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

 

Doing so could make your pc inoperative and could require a full reinstall of your OS, losing all your programs and data.

 

Stay with this topic until I give you the all clean post.

Share this post


Link to post
Share on other sites

Greetings newonnet,

you asked about bdoscandel.exe, that file is part of BitDefender Online Scanner. It is a good one.

I am not seeing anything bad in your logs. We will look a little deeper now.

 

Next

  • Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Next

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Logs to post

  • aswMBR.txt

  • OTL.txt

  • Extras.txt

Share this post


Link to post
Share on other sites

Hi Bill

 

Thanks for the reply....

 

I followed the instructions and the first time I ran aswMBR, it completed the scan but before I was able to save the file produced my PC crashed, ttok me to that blue screen that says "A problem was detected etc etc......" and I had to manually turn the PC of my the button. This was happening fairly regularly when watching youtube vids but i found a tip that seemed to work, in the settings uncheck enable hardware accereration, not sure if its relevent here or not.

 

So here are the logs from both aswMBR and OTL.....

 

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software

Run date: 2011-07-31 04:11:00

-----------------------------

04:11:00.187 OS Version: Windows 5.1.2600 Service Pack 3

04:11:00.187 Number of processors: 2 586 0xF0D

04:11:00.187 ComputerName: C UserName:

04:11:00.921 Initialize success

04:11:24.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

04:11:24.093 Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3

04:11:26.109 Disk 0 MBR read successfully

04:11:26.109 Disk 0 MBR scan

04:11:26.109 Disk 0 unknown MBR code

04:11:26.125 Disk 0 scanning sectors +312496380

04:11:26.187 Disk 0 scanning C:\WINDOWS\system32\drivers

04:11:34.234 Service scanning

04:11:35.421 Modules scanning

04:11:44.812 Disk 0 trace - called modules:

04:11:44.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

04:11:44.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b5b9ab8]

04:11:44.828 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000075[0x8b5f7e50]

04:11:44.828 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b5bc940]

04:11:44.828 Scan finished successfully

04:11:57.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\***** *****\Desktop\MBR.dat"

04:11:57.468 The log file has been saved successfully to "C:\Documents and Settings\***** *****\Desktop\aswMBR.txt"

 

 

OTL logfile created on: 31/07/2011 04:13:52 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\***** *****\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.00 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 77.32% Memory free

7.22 Gb Paging File | 6.68 Gb Available in Paging File | 92.55% Paging File free

Paging file location(s): C:\pagefile.sys 4485 4485 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.66 Gb Total Space | 85.47 Gb Free Space | 58.68% Space Free | Partition Type: NTFS

 

Computer Name: COLIN | User Name: ***** ***** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\***** *****\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)

PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()

PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\***** *****\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)

MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (stllssvr) -- File not found

SRV - (Seagate Sync Service) -- File not found

SRV - (NMSAccess) -- File not found

SRV - (DM1Service) -- File not found

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgfws) -- C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()

SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

SRV - (PCPitstop Scheduling) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)

SRV - (PinnacleUpdateSvc) -- C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe (KALiNKOsoft)

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)

DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)

DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)

DRV - (RapportCerberus_26762) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys (Trusteer Ltd.)

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgRkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (hitmanpro35) -- C:\WINDOWS\system32\drivers\hitmanpro35.sys ()

DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (RapportBuka) -- C:\WINDOWS\system32\drivers\RapportBuka.sys (Trusteer Ltd.)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) Logitech Webcam 250(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()

DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (MovRVDrv32) -- C:\WINDOWS\system32\drivers\MovRVDrv32.sys (Windows ® 2000 DDK provider)

DRV - (SndTDriverV32) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys (Windows ® 2000/XP)

DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)

DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)

DRV - (EIO_XP) -- C:\WINDOWS\system32\drivers\EIO_XP.sys (ASUSTeK Computer Inc.)

DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)

DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)

DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)

DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=2080530

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=2080530

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C B8 25 CC 85 74 CB 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 22:12:32 | 000,000,000 | ---D | M]

 

[2010/04/13 18:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***** *****\Application Data\Mozilla\Extensions

[2009/11/24 22:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***** *****\Application Data\Mozilla\Extensions\mozswing@mozswing.org

 

O1 HOSTS File: ([2011/07/29 22:47:46 | 000,435,484 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 15015 more lines...

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 [2010/10/23 00:32:58 | 000,000,000 | R--D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010/10/23 00:32:58 | 000,000,000 | R--D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010/10/23 00:32:58 | 000,000,000 | R--D | M]

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/07/31 04:06:20 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\***** *****\Desktop\aswMBR.exe

[2011/07/31 04:05:52 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\***** *****\Desktop\OTL.exe

[2011/07/31 04:05:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\***** *****\Recent

[2011/07/30 00:32:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\***** *****\My Documents\My Videos

[2011/07/24 19:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2011/07/24 01:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2011/07/23 21:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safe Returner

[2011/07/21 00:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***** *****\Application Data\Firestorm

[2011/07/21 00:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***** *****\Local Settings\Application Data\Firestorm

[2011/07/21 00:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Firestorm-Beta

[2011/07/21 00:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Firestorm-Beta

[2011/07/21 00:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Phoenix Viewer

[2011/07/21 00:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Phoenix Viewer

[2011/07/14 22:45:25 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2011/07/04 21:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview

[2010/09/12 23:54:58 | 000,850,200 | ---- | C] (DivX, Inc. ) -- C:\Documents and Settings\***** *****\Application Data\DivXInstaller.exe

[2008/06/30 17:25:02 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll

[2008/06/30 17:25:02 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll

[2008/06/30 17:25:02 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll

 

========== Files - Modified Within 30 Days ==========

 

[2011/07/31 04:17:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC274F88-B6E8-45E5-AC6F-3DDDD91FCDDB}.job

[2011/07/31 04:11:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\***** *****\Desktop\MBR.dat

[2011/07/31 04:10:33 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\***** *****\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk

[2011/07/31 04:09:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/31 04:08:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/31 04:08:25 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/31 04:06:20 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\***** *****\Desktop\aswMBR.exe

[2011/07/31 04:05:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***** *****\Desktop\OTL.exe

[2011/07/31 01:06:04 | 126,296,615 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/07/30 20:39:26 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\***** *****\My Documents\cc_20110730_203925.reg

[2011/07/30 17:05:31 | 000,188,593 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2011/07/29 22:47:46 | 000,435,484 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/07/29 22:36:49 | 000,005,406 | ---- | M] () -- C:\Documents and Settings\***** *****\My Documents\cc_20110729_223645.reg

[2011/07/29 20:11:32 | 000,658,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm

[2011/07/26 19:22:11 | 002,299,837 | ---- | M] () -- C:\Documents and Settings\***** *****\Desktop\What is MAPLAG - Information for Workers.pdf

[2011/07/24 17:25:22 | 000,008,038 | ---- | M] () -- C:\Documents and Settings\***** *****\My Documents\cc_20110724_172515.reg

[2011/07/24 17:19:39 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\***** *****\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2011/07/24 15:17:28 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/07/23 17:02:24 | 000,435,330 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110729-224746.backup

[2011/07/23 16:59:05 | 000,001,312 | ---- | M] () -- C:\Documents and Settings\***** *****\My Documents\cc_20110723_165902.reg

[2011/07/16 23:22:25 | 000,002,395 | ---- | M] () -- C:\Documents and Settings\***** *****\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint Shop Photo Album.lnk

[2011/07/15 01:45:56 | 000,000,096 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011/07/15 01:42:28 | 000,201,728 | ---- | M] () -- C:\Documents and Settings\***** *****\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/14 22:49:13 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2011/07/14 22:49:13 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2011/07/14 22:46:36 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\***** *****\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2011/07/14 22:36:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/07/14 21:55:44 | 000,434,916 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110723-170224.backup

[2011/07/14 21:54:54 | 000,434,916 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110714-215543.backup

[2011/07/11 01:21:56 | 000,000,240 | ---- | M] () -- C:\WINDOWS\SYSTEM.SYD

[2011/07/10 22:03:41 | 000,000,588 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2011/07/09 23:36:49 | 000,245,260 | ---- | M] () -- C:\Documents and Settings\***** *****\Desktop\Best Practice Guidance When Parents are using Drugs.pdf

[2011/07/09 23:35:10 | 000,573,966 | ---- | M] () -- C:\Documents and Settings\***** *****\Desktop\Core Standards CP Conferences Dec 10_0.pdf

[2011/07/09 23:33:08 | 000,173,646 | ---- | M] () -- C:\Documents and Settings\***** *****Desktop\Wirral_Floating_support_leaflet_v2.pdf

[2011/07/09 23:31:38 | 000,165,786 | ---- | M] () -- C:\Documents and Settings\***** *****\Desktop\Team_Member-_floating_support_23-06-11__3_.pdf

[2011/07/09 23:30:16 | 000,226,017 | ---- | M] () -- C:\Documents and Settings\***** *****\Desktop\Recovery Capital.pdf

[2011/07/09 23:27:37 | 000,143,858 | ---- | M] () -- C:\Documents and Settings\***** *****\Desktop\A4-recovery-capital-230710-v5.pdf

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/05 22:46:32 | 000,010,680 | ---- | M] () -- C:\Documents and Settings\***** *****\My Documents\cc_20110705_224628.reg

[2011/07/05 21:03:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/07/04 22:07:29 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/07/04 22:07:29 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/07/04 22:07:25 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/07/04 21:58:16 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2011/07/04 21:35:14 | 000,008,128 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/07/04 21:35:10 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011/07/03 18:26:58 | 000,434,718 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110714-215454.backup

[2011/07/03 14:36:26 | 000,119,296 | ---- | M] () -- C:\WINDOWS\System32\zlib.dll

 

========== Files Created - No Company Name ==========

 

[2011/07/31 04:11:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\***** *****\Desktop\MBR.dat

[2011/07/30 20:39:26 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\***** *****\My Documents\cc_20110730_203925.reg

[2011/07/29 22:36:48 | 000,005,406 | ---- | C] () -- C:\Documents and Settings\***** *****\My Documents\cc_20110729_223645.reg

[2011/07/26 19:22:11 | 002,299,837 | ---- | C] () -- C:\Documents and Settings\***** *****\Desktop\What is MAPLAG - Information for Workers.pdf

[2011/07/24 17:25:20 | 000,008,038 | ---- | C] () -- C:\Documents and Settings\***** *****\My Documents\cc_20110724_172515.reg

[2011/07/24 01:33:51 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys

[2011/07/23 16:59:04 | 000,001,312 | ---- | C] () -- C:\Documents and Settings\***** *****\My Documents\cc_20110723_165902.reg

[2011/07/09 23:36:49 | 000,245,260 | ---- | C] () -- C:\Documents and Settings\***** *****\Desktop\Best Practice Guidance When Parents are using Drugs.pdf

[2011/07/09 23:35:10 | 000,573,966 | ---- | C] () -- C:\Documents and Settings\***** *****\Desktop\Core Standards CP Conferences Dec 10_0.pdf

[2011/07/09 23:33:08 | 000,173,646 | ---- | C] () -- C:\Documents and Settings\***** *****\Desktop\Wirral_Floating_support_leaflet_v2.pdf

[2011/07/09 23:31:38 | 000,165,786 | ---- | C] () -- C:\Documents and Settings\***** *****\Desktop\Team_Member-_floating_support_23-06-11__3_.pdf

[2011/07/09 23:30:16 | 000,226,017 | ---- | C] () -- C:\Documents and Settings\***** *****\Desktop\Recovery Capital.pdf

[2011/07/09 23:27:37 | 000,143,858 | ---- | C] () -- C:\Documents and Settings\***** *****\Desktop\A4-recovery-capital-230710-v5.pdf

[2011/07/07 18:46:32 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC274F88-B6E8-45E5-AC6F-3DDDD91FCDDB}.job

[2011/07/05 22:46:30 | 000,010,680 | ---- | C] () -- C:\Documents and Settings\***** *****\My Documents\cc_20110705_224628.reg

[2011/07/04 21:54:07 | 000,186,097 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml

[2011/07/04 21:35:10 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011/06/01 23:37:05 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/01/25 23:59:17 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/01/25 23:59:12 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/01/25 23:59:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/10/25 10:38:45 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/10/22 15:19:04 | 000,008,128 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/04/05 00:00:58 | 000,119,296 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

[2010/04/05 00:00:58 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

[2010/04/05 00:00:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dxinputdll.dll

[2010/04/03 22:18:49 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2010/04/03 22:18:49 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2010/04/03 18:03:22 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2010/02/27 20:41:26 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010/01/14 03:41:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll

[2010/01/14 03:38:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll

[2009/12/20 00:59:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll

[2009/12/20 00:58:40 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini

[2009/12/15 20:56:06 | 000,000,051 | ---- | C] () -- C:\WINDOWS\dbghist.ini

[2009/11/01 00:56:25 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\Drv64_32.dat

[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2009/09/28 01:14:45 | 000,000,010 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2009/07/30 23:11:33 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\***** *****\Application Data\PnkBstrK.sys

[2009/07/30 23:09:34 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2009/07/20 15:17:40 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/06/21 18:02:44 | 000,002,554 | ---- | C] () -- C:\Documents and Settings\***** *****\Application Data\SAS7_000.DAT

[2009/06/02 19:56:08 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini

[2009/02/09 01:46:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/01/28 18:41:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll

[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe

[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2008/12/21 10:27:26 | 001,914,216 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll

[2008/12/21 10:27:26 | 000,247,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll

[2008/12/21 10:20:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL

[2008/12/19 01:36:14 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008/11/12 23:46:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll

[2008/10/23 20:34:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt

[2008/10/23 20:20:16 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2008/10/15 17:26:50 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll

[2008/10/15 17:26:50 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll

[2008/10/15 17:26:50 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll

[2008/09/05 23:17:22 | 000,000,096 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/08/27 12:27:27 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2008/08/27 03:46:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4964.dll

[2008/08/26 23:32:28 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll

[2008/08/26 23:32:28 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll

[2008/08/26 23:32:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll

[2008/08/26 23:30:56 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll

[2008/08/26 23:30:56 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll

[2008/08/25 19:27:34 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\***** *****\Local Settings\Application Data\fusioncache.dat

[2008/08/11 21:51:28 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.ldb

[2008/08/07 00:12:36 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2008/08/02 18:31:44 | 000,201,728 | ---- | C] () -- C:\Documents and Settings\***** *****\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/08/02 17:56:55 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool.dat

[2008/07/01 20:36:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2008/06/30 17:45:11 | 000,000,540 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI

[2008/06/30 17:25:10 | 000,339,968 | ---- | C] () -- C:\WINDOWS\vsnpstd.exe

[2008/06/30 17:25:09 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini

[2008/06/30 17:25:06 | 000,390,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys

[2008/06/30 17:25:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd.exe

[2008/05/29 22:14:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/05/29 22:01:45 | 000,000,736 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/05/29 21:38:03 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2008/05/29 21:37:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll

[2008/05/29 21:36:27 | 000,001,207 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/05/16 19:31:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/11/06 20:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2006/11/01 07:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2006/11/01 07:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/11 17:06:43 | 000,274,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/11 17:00:28 | 000,484,322 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/11 17:00:28 | 000,086,980 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

 

========== LOP Check ==========

 

[2010/10/21 20:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/10/23 00:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2011/07/27 08:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/02/26 05:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/08/14 19:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2011/05/11 22:01:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2009/11/15 04:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2009/10/28 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2010/10/25 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/10/27 00:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate

[2008/09/05 23:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2008/08/07 00:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier

[2011/04/10 14:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2008/07/16 00:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGTEK

[2011/06/27 22:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2008/10/15 17:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel

[2011/07/29 22:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeReturner

[2009/11/14 18:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SnitchPlusData

[2009/09/02 22:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony

[2009/10/28 23:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit

[2008/05/29 22:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2011/07/29 22:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/02/09 21:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer

[2010/04/08 18:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2009/11/15 18:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/02/21 02:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\ArcticLine

[2010/04/11 14:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****Application Data\Auslogics

[2010/12/18 21:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\AVG

[2010/10/23 00:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\AVG10

[2009/11/01 02:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\Axara

[2010/07/10 16:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\Canneverbe Limited

[2008/07/12 18:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\Ceedo

[2010/07/02 19:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\CheckPoint

[2008/10/27 00:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\ConvertTemp

[2009/01/21 19:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\DAEMON Tools

[2009/11/15 04:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\DAEMON Tools Lite

[2009/01/21 19:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\DAEMON Tools Pro

[2010/04/03 17:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\EndNote

[2009/10/26 19:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\FFSJ

[2011/07/21 00:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\Firestorm

[2009/12/21 02:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\GetRightToGo

[2010/09/28 21:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\IMCapture for Skype

[2010/04/05 00:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\KALiNKOsoft

[2010/02/27 20:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\Leadertech

[2010/04/29 01:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\Opera

[2011/05/03 21:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\Password Solutions

[2009/11/01 02:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\Power Sound Editor Free

[2010/10/24 20:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\SafeReturner

[2008/10/23 20:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\Samsung

[2011/06/29 00:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\SecondLife

[2009/09/02 22:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\Sony

[2009/10/22 18:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\SpinTop

[2010/02/09 21:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\Trusteer

[2010/04/08 18:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\Ubisoft

[2010/01/23 00:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\Uniblue

[2011/07/05 22:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\WinPatrol

[2009/10/25 22:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***** *****\Application Data\wsInspector

[2011/07/31 04:17:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BC274F88-B6E8-45E5-AC6F-3DDDD91FCDDB}.job

 

========== Purity Check ==========

 

 

 

========== Files - Unicode (All) ==========

[2011/05/26 01:23:03 | 000,000,017 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\䍸Ɉ

[2011/05/26 01:23:03 | 000,000,017 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\䍸Ɉ

[2011/05/24 22:04:46 | 000,000,017 | ---- | M] ()(C:\WINDOWS\System32\?a) -- C:\WINDOWS\System32\툸ă

[2011/05/24 22:04:46 | 000,000,017 | ---- | C] ()(C:\WINDOWS\System32\?a) -- C:\WINDOWS\System32\툸ă

[2009/12/19 23:34:39 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\僠̴

[2009/12/19 23:34:39 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\僠̴

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5E4F943

@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8

@Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:SummaryInformation

@Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:DocumentSummaryInformation

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EF63291

 

< End of report >

 

OTL Extras logfile created on: 31/07/2011 04:13:52 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\***** *****\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.00 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 77.32% Memory free

7.22 Gb Paging File | 6.68 Gb Available in Paging File | 92.55% Paging File free

Paging file location(s): C:\pagefile.sys 4485 4485 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.66 Gb Total Space | 85.47 Gb Free Space | 58.68% Space Free | Partition Type: NTFS

 

Computer Name: COLIN | User Name: ***** ***** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hta [@ = htafile] -- C:\Program Files\AnalogX\Script Defender\sdefend.exe (AnalogX, LLC)

.js [@ = JSFile] -- C:\Program Files\AnalogX\Script Defender\sdefend.exe (AnalogX, LLC)

.jse [@ = JSEFile] -- C:\Program Files\AnalogX\Script Defender\sdefend.exe (AnalogX, LLC)

.scr [@ = scrfile] -- "%1" /S

.vbe [@ = VBEFile] -- C:\Program Files\AnalogX\Script Defender\sdefend.exe (AnalogX, LLC)

.vbs [@ = VBSFile] -- C:\Program Files\AnalogX\Script Defender\sdefend.exe (AnalogX, LLC)

.wsf [@ = WSFFile] -- C:\Program Files\AnalogX\Script Defender\sdefend.exe (AnalogX, LLC)

.wsh [@ = WSHFile] -- C:\Program Files\AnalogX\Script Defender\sdefend.exe (AnalogX, LLC)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htafile [open] -- C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %* (AnalogX, LLC)

jsfile [open] -- C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %* (AnalogX, LLC)

jsefile [open] -- C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %* (AnalogX, LLC)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

vbefile [open] -- C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %* (AnalogX, LLC)

vbsfile [open] -- C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %* (AnalogX, LLC)

wsffile [open] -- C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %* (AnalogX, LLC)

wshfile [open] -- C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %* (AnalogX, LLC)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1 -- [2010/10/23 00:32:58 | 000,000,000 | R--D | M]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0<

Edited by newonnet

Share this post


Link to post
Share on other sites

Greetings newonnet,

Good news, I am not seeing any problems in your logs. Just a couple more details and we will finish up.

 

Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

Next

I see in your logs that you have Malwarebytes installed on your system.

  • Double click on MalwareBytes, mbam.exe to run it.
  • If Malwarebytes asks to update click on yes, if you are not asked.
  • Click on the Update tab then click on Check for updates.
  • After updates finish, click on the Scanner tab. Select Perform quick scan.
  • Click on Scan button.
  • When finished copy/paste the contents of mbam.txt into your next post please.

Next

Please use Internet Explorer to download and run the following scan: Eset Online Scanner

  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes if there are any infections you will see a List of found threats.
  • Click Export to text file
  • Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.
  • If no threats are found there will be no list, this is good, just tell me that no threats were found.

Logs to post:

  • mbam.txt
  • Results of ESET scan if any
  • Is there any improvement in PC performance?

Share this post


Link to post
Share on other sites

Hi Bill

 

Ok, TFC ran, Malwarebytes reports no problems and ESET showed no issues.

PC seems to be running ok now.

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Database version: 7340

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

31/07/2011 21:26:58

mbam-log-2011-07-31 (21-26-58).txt

 

Scan type: Quick scan

Objects scanned: 197213

Time elapsed: 6 minute(s), 28 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

Many thanks for your help Bill

 

Regards

 

Newonnet

Share this post


Link to post
Share on other sites

Greetings newonnet,

Time to cleanup our tools and finish up

 

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
This will remove DDS files also.

 

Your Hijackthis is down level.

To remove Hijackthis do the following:

  • Click Start Control PanelAdd or Remove Programs
  • Click on Hijackthis
  • Click on Remove
  • When done close all windows.
  • Navigate to C:\Program files\Trend Micro
  • Delete the Hijackthis folder.
  • Close all windows.

On your desktop, right click on aswMBR.exe and select delete

On your desktop, right click on aswMBR.txt and select delete

 

You should keep TFC, Malwarebytes and ESET. Update and run them regularly to keep your PC clean.

 

Congratulations, your logs look All Clean.

Now Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

 

The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Here are some tips to reduce the potential for spyware infection in the future:

 

1. Make your Internet Explorer More Secure

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.

     

    • Change the Download signed ActiveX controls to Prompt.
    • Change the Download unsigned ActiveX controls to Disable.
    • Change the Initialize and script ActiveX controls not marked as safe to Disable.
    • Change the Installation of desktop items to Prompt.
    • Change the Launching programs and files in an IFRAME to Prompt.
    • Change the Navigate sub-frames across different domains to Prompt.
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
2. Update your Anti-Virus Software - I can not overemphasize the need for you to update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

 

3. Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. Without these you are leaving the back door open.

 

4. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.

For information on how to download and install, please read this tutorial by WinHelp2002

Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

 

5. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

 

6. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

 

A slow PC can be caused by many thing including virus and spyware. PCPitstop offer several solutions here http://www.pcpitstop.com/ If you haven't done a defrag recently here is a good one http://download.cnet.com/Puran-Defrag-Free-Edition/3000-2094_4-75115626.html If you google windows xp slow Pc you will get many hits to select from. Beware of registry tools, I have found that they do little good and often much harm. You may also try this forum http://forums.pcpitstop.com/index.php?/forum/3-user-to-user-help/

 

If you have any questions or issues please post now. This thread will close in a few days.

Thanks for your patience and hard work, I hope this help towards a solution to your PC probelm.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×