Results 1 to 10 of 22

Thread: I am a malware victim too

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2011-02-06, 16:44 #1
    unluckyuser
    unluckyuser is offline
    Junior Member
    Join Date
    Feb 2011
    Posts
    12

    Unhappy I am a malware victim too

    Hello!

    I am a malware victim too :(
    These are the symptoms:
    - I've got site redirected when using search engines like Google
    - Microsoft Security Essentials doesn't start. I have re-enabled and restarted both Security Center and MS Antimalware Service. Upon starting MS SE these two services go back to Disable mode.

    I also noticed I have installed an 810plc32. It appears listed in Add And Remove Programs tool. I'm not sure what this program is for.

    Actions taken that might be of interest:
    - I was able to run MS SE in safemode and scanned my PC. It found and (apparently) fixed some issues.
    - I installed F-PROT Antivirus last night. It yet found trojans in two dll files and I removed them. MS SE faild finding these two.

    I backed up my registry and here are the files requested:
    --------------------------------------------------------------------
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by arturo at 14:35:40.76 on 06/02/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.506 [GMT 0:00]

    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: F-PROT Antivirus for Windows *Enabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    svchost.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\arturo\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    uSearch Page = hxxp://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk
    uSearch Bar = hxxp://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk
    uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
    uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
    mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
    mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
    mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261257661937
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\arturo\applic~1\mozilla\firefox\profiles\4q9fif3v.default\
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    FF - plugin: c:\documents and settings\arturo\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\arturo\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\tabletplugins\npwacom.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Perapera-kun: Popup Japanese and Chinese Translator: peraperakun@gmail.com - %profile%\extensions\peraperakun@gmail.com
    FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

    ============= SERVICES / DRIVERS ===============

    R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2011-2-5 700632]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
    R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
    R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2010-11-3 83624]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
    R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-2-3 5010288]
    S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-2-3 16168]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

    =============== Created Last 30 ================

    2011-02-06 00:48:26 -------- d-----w- c:\docume~1\arturo\applic~1\FRISK Software
    2011-02-05 19:04:07 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{9d47610d-ee4c-4fda-9b7a-1d982e73bb85}\mpengine.dll
    2011-02-05 18:54:57 700632 ----a-w- c:\windows\system32\drivers\FStopW.sys
    2011-02-05 18:54:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\FRISK Software
    2011-02-05 18:54:44 -------- d-----w- c:\program files\FRISK Software
    2011-02-05 13:11:18 -------- d-----w- c:\windows\Temp4973C556-1F66-C625-7459-435CB864CE47-Signatures
    2011-02-05 13:11:02 -------- d-----w- c:\program files\Microsoft Security Client
    2011-01-22 22:15:33 -------- d-----w- c:\docume~1\arturo\locals~1\applic~1\Yahoo
    2011-01-22 22:04:23 -------- d-----w- c:\program files\Yahoo!
    2011-01-21 19:36:33 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlcA.tmp
    2011-01-09 22:03:41 -------- d-----w- c:\docume~1\arturo\applic~1\ProgSense
    2011-01-09 22:03:14 -------- d-----w- C:\downloads
    2011-01-09 22:03:14 -------- d-----w- c:\docume~1\arturo\applic~1\GrabPro
    2011-01-08 01:59:47 -------- d-----w- c:\docume~1\arturo\locals~1\applic~1\Deployment

    ==================== Find3M ====================

    2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

    ============= FINISH: 14:36:48.93 ===============
    --------------------------------------------------------------------

    Spybot-S&D has reported these issues repeatedly:
    --------------------------------------------------------------------
    Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

    DoubleClick: Tracking cookie (Internet Explorer: arturo) (Cookie, nothing done)


    Right Media: Tracking cookie (Internet Explorer: arturo) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2010-10-06 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2010-10-05 Includes\Adware.sbi (*)
    2011-02-01 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2010-12-14 Includes\DialerC.sbi (*)
    2010-01-25 Includes\HeavyDuty.sbi (*)
    2010-11-30 Includes\Hijackers.sbi (*)
    2011-01-25 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2010-12-14 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2010-12-14 Includes\Malware.sbi (*)
    2011-02-01 Includes\MalwareC.sbi (*)
    2010-05-18 Includes\PUPS.sbi (*)
    2010-12-14 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2010-12-14 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-01-18 Includes\Spyware.sbi (*)
    2011-01-18 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2010-12-28 Includes\Trojans.sbi (*)
    2011-02-01 Includes\TrojansC-02.sbi (*)
    2011-01-13 Includes\TrojansC-03.sbi (*)
    2011-01-25 Includes\TrojansC-04.sbi (*)
    2011-01-26 Includes\TrojansC-05.sbi (*)
    2010-12-28 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll
    --------------------------------------------------------------------

    Many thanks for taking the time to help me out!
  2. 2011-02-08, 01:14 #2
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.




    Please download ATF Cleaner by Atribune to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
    Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.




    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please






    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2011-02-08, 22:30 #3
    unluckyuser
    unluckyuser is offline
    Junior Member
    Join Date
    Feb 2011
    Posts
    12

    Default

    Hello!
    I do appreciate the time you are taking to help me out with this issue

    I am making three post to copy the reports to make sure they all fit.

    ATF-Cleaner went alright.

    Malwarebytes report:
    ---------------------------------------------------------------
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5714

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    08/02/2011 09:11:46 PM
    mbam-log-2011-02-08 (21-11-46).txt

    Scan type: Quick scan
    Objects scanned: 160041
    Time elapsed: 7 minute(s), 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  4. 2011-02-08, 22:32 #4
    unluckyuser
    unluckyuser is offline
    Junior Member
    Join Date
    Feb 2011
    Posts
    12

    Default

    OTL.txt
    ---------------------------------------------------------------
    OTL logfile created on: 08/02/2011 09:16:22 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\arturo\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1,022.00 Mb Total Physical Memory | 479.00 Mb Available Physical Memory | 47.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): [Binary data over 100 bytes]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 228.13 Gb Total Space | 204.48 Gb Free Space | 89.63% Space Free | Partition Type: NTFS
    Drive E: | 298.08 Gb Total Space | 191.43 Gb Free Space | 64.22% Space Free | Partition Type: NTFS

    Computer Name: PCART | User Name: arturo | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\arturo\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
    PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
    PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
    PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
    PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\CTXFISPI.EXE (Creative Technology Ltd)
    PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
    PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
    PRC - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
    PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
    PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\arturo\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (HidServ) -- File not found
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV - (FPAVServer) -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
    SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
    SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
    SRV - (mysql) -- C:\ProgramFiles\AppServ\MySQL\bin\mysqld-nt.exe ()
    SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
    SRV - (Apache2) -- C:\ProgramFiles\AppServ\Apache2\bin\Apache.exe (Apache Software Foundation)
    SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
    SRV - (IAANTMon) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (RapportCerberus_19917) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (Trusteer Ltd.)
    DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
    DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
    DRV - (FPAV_RTP) -- C:\WINDOWS\system32\DRIVERS\FStopW.sys (FRISK Software International)
    DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
    DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
    DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
    DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
    DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
    DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
    DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
    DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
    DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
    DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
    DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
    DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
    DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
    DRV - (hcwPP2) -- C:\WINDOWS\system32\drivers\hcwPP2.sys (Hauppauge Computer Works, Inc.)
    DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
    DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
    DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
    DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
    DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
    DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
    DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
    DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
    DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
    DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
    DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
    DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
    DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
    DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
    DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
    DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
    DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
    DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
    DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
    DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
    DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
    DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
    DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
    DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
    DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
    DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
    DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...inc&channel=uk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-...tml?channel=uk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co.uk/ig/dell?hl=e...inc&channel=uk

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...inc&channel=uk
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-...tml?channel=uk
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
    FF - prefs.js..extensions.enabledItems: peraperakun@gmail.com:2.1.1

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/18 19:38:28 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/18 19:38:28 | 000,000,000 | ---D | M]

    [2009/12/19 18:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Extensions
    [2011/02/02 22:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions
    [2010/04/27 20:58:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/12/19 22:03:37 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
    [2010/10/11 10:54:50 | 000,000,000 | ---D | M] (Perapera-kun: Popup Japanese and Chinese Translator) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions\peraperakun@gmail.com
    [2011/02/02 22:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/01/18 19:38:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2011/01/18 19:38:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2011/01/18 19:38:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2011/01/18 19:38:24 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
    O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
    O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase6770.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1261257661937 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\arturo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\arturo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/08 21:13:11 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\arturo\Desktop\OTL.exe
    [2011/02/08 21:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\Malwarebytes
    [2011/02/08 21:01:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/02/08 21:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/02/08 21:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/02/08 21:01:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/02/08 21:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/02/08 21:00:49 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\arturo\Desktop\mbam-setup.exe
    [2011/02/08 20:56:45 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\arturo\Desktop\ATF-Cleaner.exe
    [2011/02/06 14:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/02/06 14:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2011/02/06 14:01:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\arturo\Desktop\erunt-setup.exe
    [2011/02/06 13:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Desktop\erunt
    [2011/02/06 00:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\FRISK Software
    [2011/02/05 20:47:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/02/05 18:57:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2011/02/05 18:54:57 | 000,700,632 | ---- | C] (FRISK Software International) -- C:\WINDOWS\System32\drivers\FStopW.sys
    [2011/02/05 18:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FRISK Software
    [2011/02/05 18:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\FRISK Software
    [2011/02/05 18:52:42 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_free_stb_all_2011_1204_cnet.exe
    [2011/02/05 18:49:35 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_avct_stb_all_2011_1204_ppc2.exe
    [2011/02/05 13:11:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp4973C556-1F66-C625-7459-435CB864CE47-Signatures
    [2011/02/05 13:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/02/05 00:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Desktop\TMP
    [2011/01/23 21:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Desktop\PointTaker
    [2011/01/22 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\Yahoo!
    [2011/01/22 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Local Settings\Application Data\Yahoo
    [2011/01/22 22:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
    [2011/01/22 22:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
    [2011/01/18 20:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
    [2011/01/18 20:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011/01/09 22:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\ProgSense
    [2011/01/09 22:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\GrabPro
    [2011/01/09 22:03:14 | 000,000,000 | ---D | C] -- C:\downloads
    [2011/01/09 22:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\Orbit
    [2006/06/21 20:45:36 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/02/08 21:13:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\arturo\Desktop\OTL.exe
    [2011/02/08 21:01:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/08 21:00:50 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\arturo\Desktop\mbam-setup.exe
    [2011/02/08 20:56:46 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\arturo\Desktop\ATF-Cleaner.exe
    [2011/02/08 20:32:55 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2011/02/08 20:32:08 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\OHUN.job
    [2011/02/08 20:32:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/02/08 20:32:03 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/07 23:40:40 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
    [2011/02/07 23:40:40 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
    [2011/02/07 23:40:40 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
    [2011/02/07 23:40:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2011/02/07 23:40:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2011/02/07 19:03:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/02/06 14:38:50 | 000,005,213 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\Attach.zip
    [2011/02/06 14:16:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\ERUNT.lnk
    [2011/02/06 14:10:12 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\dds.com
    [2011/02/06 14:09:41 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\dds.scr
    [2011/02/06 14:01:04 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\arturo\Desktop\erunt-setup.exe
    [2011/02/06 13:57:29 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\erunt.zip
    [2011/02/05 20:47:39 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\F-PROT Antivirus for Windows.lnk
    [2011/02/05 20:36:56 | 000,000,209 | RHS- | M] () -- C:\boot.ini
    [2011/02/05 18:52:53 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_free_stb_all_2011_1204_cnet.exe
    [2011/02/05 18:49:46 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_avct_stb_all_2011_1204_ppc2.exe
    [2011/02/05 18:47:24 | 029,851,648 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\fpav-windows-x86-hc-en.msi
    [2011/02/05 13:12:16 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2011/02/05 11:37:18 | 000,001,749 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
    [2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2011/01/31 21:45:34 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\arturo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/22 22:04:39 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\arturo\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/02/08 21:01:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/06 14:38:50 | 000,005,213 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\Attach.zip
    [2011/02/06 14:16:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\ERUNT.lnk
    [2011/02/06 14:10:10 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\dds.com
    [2011/02/06 14:09:38 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\dds.scr
    [2011/02/06 13:57:27 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\erunt.zip
    [2011/02/06 09:50:01 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
    [2011/02/05 18:55:03 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\F-PROT Antivirus for Windows.lnk
    [2011/02/05 18:55:03 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\F-PROT Antivirus for Windows.lnk
    [2011/02/05 18:47:15 | 029,851,648 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\fpav-windows-x86-hc-en.msi
    [2011/02/05 13:12:16 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2011/02/05 13:11:16 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/01/22 22:04:39 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\arturo\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2011/01/18 20:02:24 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
    [2011/01/18 20:00:15 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
    [2010/09/30 09:29:58 | 000,067,072 | RHS- | C] () -- C:\WINDOWS\System32\datao.dll
    [2010/08/07 12:38:23 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
    [2010/02/15 23:23:34 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\arturo\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
    [2010/01/27 22:48:31 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
    [2009/12/23 12:05:01 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\arturo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/12/18 23:09:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2009/12/18 22:53:47 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\arturo\Local Settings\Application Data\fusioncache.dat
    [2007/05/04 06:32:30 | 002,035,712 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
    [2007/05/04 06:32:30 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\sablot.dll
    [2007/05/04 06:32:30 | 000,165,643 | ---- | C] () -- C:\WINDOWS\System32\libmhash.dll
    [2007/05/04 06:32:30 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
    [2007/05/04 06:32:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\mSQL.dll
    [2007/02/20 08:29:50 | 000,039,912 | ---- | C] () -- C:\WINDOWS\php.ini
    [2006/06/21 21:15:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/06/21 21:11:12 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/06/21 20:38:35 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
    [2006/06/21 20:38:35 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
    [2006/06/21 20:38:35 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2006/06/21 20:38:32 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
    [2006/06/21 20:35:52 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2006/06/21 20:35:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
    [2006/06/21 20:34:09 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/12/19 07:42:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\dlcgplc.ini
    [2005/11/10 00:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/09/10 13:36:12 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll

    ========== LOP Check ==========

    [2006/06/21 21:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2011/02/05 18:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FRISK Software
    [2009/12/19 20:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
    [2010/02/24 23:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2006/06/21 21:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/12/19 19:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/09/23 20:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Amazon
    [2010/01/24 12:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Blender Foundation
    [2009/12/23 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Dev-Cpp
    [2010/04/08 23:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\FileZilla
    [2011/02/06 00:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\FRISK Software
    [2011/01/09 22:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\GrabPro
    [2010/10/05 11:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\gtk-2.0
    [2010/09/16 11:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Notepad++
    [2010/04/25 10:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\oald7
    [2010/01/16 15:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\OpenOffice.org
    [2011/02/05 17:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Orbit
    [2011/01/09 22:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\ProgSense
    [2009/12/19 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Subversion
    [2010/02/24 23:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Trusteer
    [2011/02/08 20:32:08 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\Tasks\OHUN.job

    ========== Purity Check ==========



    < End of report >
  5. 2011-02-08, 22:33 #5
    unluckyuser
    unluckyuser is offline
    Junior Member
    Join Date
    Feb 2011
    Posts
    12

    Default

    Extras.txt
    ---------------------------------------------------------------
    OTL Extras logfile created on: 08/02/2011 09:16:22 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\arturo\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1,022.00 Mb Total Physical Memory | 479.00 Mb Available Physical Memory | 47.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): [Binary data over 100 bytes]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 228.13 Gb Total Space | 204.48 Gb Free Space | 89.63% Space Free | Partition Type: NTFS
    Drive E: | 298.08 Gb Total Space | 191.43 Gb Free Space | 64.22% Space Free | Partition Type: NTFS

    Computer Name: PCART | User Name: arturo | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "4500:UDP" = 4500:UDP:LocalSubNet:Enabled:IPsec (IKE NAT-T)
    "500:UDP" = 500:UDP:LocalSubNet:Enabled:IPsec (IKE)
    "135:TCP" = 135:TCP:LocalSubNet:Enabled:RPC Endpoint Mapper and DCOM infrastructure

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
    "C:\ProgramFiles\AppServ\Apache2\bin\Apache.exe" = C:\ProgramFiles\AppServ\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
    "C:\ProgramFiles\Python26\pythonw.exe" = C:\ProgramFiles\Python26\pythonw.exe:*:Enabled:pythonw -- ()
    "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe" = C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe:LocalSubNet:Enabled:Microsoft Visual Studio -- (Microsoft Corporation)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{0C6F7EA4-D42E-4281-90E1-369D44FC761A}" = TortoiseSVN 1.6.8.19260 (32 bit)
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
    "{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
    "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
    "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
    "{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
    "{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
    "{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel(R) Quick Resume Technology Drivers
    "{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}" = Intel® Viiv™
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{B0DC84A9-06CB-420A-B8FF-6769EB5EDE95}" = 810plc32
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
    "{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
    "{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
    "{E58B329B-FB28-4874-90DE-0D7CB2709267}" = F-PROT Antivirus for Windows
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
    "7-Zip" = 7-Zip 4.65
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop 6.0" = Adobe Photoshop 6.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe SVG Viewer" = Adobe SVG Viewer
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
    "AppServ" = AppServ 2.4.9 (remove only)
    "Audacity_is1" = Audacity 1.2.6
    "Blender" = Blender (remove only)
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "ERUNT_is1" = ERUNT 1.1j
    "FileZilla Client" = FileZilla Client 3.3.2.1
    "GoldWave v5.58" = GoldWave v5.58
    "GraphicsGale FreeEdition_is1" = GraphicsGale FreeEdition version 1.93.10
    "ie8" = Windows Internet Explorer 8
    "Intel® Quick Resume Technology" = Intel(R) Quick Resume Technology Drivers
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft DirectX SDK (August 2009)" = Microsoft DirectX SDK (August 2009)
    "Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
    "Notepad++" = Notepad++
    "NVIDIA Drivers" = NVIDIA Drivers
    "OALD7" = Oxford Advanced Learner's Dictionary - 7th edition
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RealAlt_is1" = Real Alternative 2.0.2
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Wacom Tablet Driver" = Wacom Tablet
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "WinGimp-2.0_is1" = GIMP 2.6.8
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinMerge_is1" = WinMerge 2.12.4
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 21/08/2010 04:53:36 AM | Computer Name = PCART | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
    P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 21/08/2010 04:53:36 AM | Computer Name = PCART | Source = MSSecurityEssentials | ID = 5000
    Description =

    Error - 22/08/2010 05:50:03 PM | Computer Name = PCART | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
    P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 22/08/2010 05:50:03 PM | Computer Name = PCART | Source = MSSecurityEssentials | ID = 5000
    Description =

    Error - 25/08/2010 01:31:58 PM | Computer Name = PCART | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
    P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 25/08/2010 01:31:58 PM | Computer Name = PCART | Source = MSSecurityEssentials | ID = 5000
    Description =

    Error - 26/08/2010 04:56:23 PM | Computer Name = PCART | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
    P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 26/08/2010 04:56:23 PM | Computer Name = PCART | Source = MSSecurityEssentials | ID = 5000
    Description =

    Error - 28/08/2010 07:23:19 AM | Computer Name = PCART | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
    P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 28/08/2010 07:23:19 AM | Computer Name = PCART | Source = MSSecurityEssentials | ID = 5000
    Description =

    [ IntelDH Events ]
    Error - 05/02/2011 12:17:34 PM | Computer Name = PCART | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 05/02/2011 01:16:29 PM | Computer Name = PCART | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 05/02/2011 04:33:59 PM | Computer Name = PCART | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 05/02/2011 08:45:38 PM | Computer Name = PCART | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 06/02/2011 05:50:19 AM | Computer Name = PCART | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 06/02/2011 10:22:22 AM | Computer Name = PCART | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 06/02/2011 10:31:47 AM | Computer Name = PCART | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 06/02/2011 02:30:59 PM | Computer Name = PCART | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 07/02/2011 03:03:58 PM | Computer Name = PCART | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    Error - 07/02/2011 04:35:53 PM | Computer Name = PCART | Source = IntelQRTD | ID = 7
    Description = Could not attach to EL Acpi driver.

    [ System Events ]
    Error - 06/02/2011 02:32:18 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7001
    Description = The Fax service depends on the Print Spooler service which failed
    to start because of the following error: %%1058

    Error - 06/02/2011 02:32:18 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7023
    Description = The Intel® Quick Resume Technology Drivers service terminated with
    the following error: %%203

    Error - 06/02/2011 06:57:10 PM | Computer Name = PCART | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.3 for the Network Card with network
    address 0013721C30CB has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 07/02/2011 03:05:21 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7001
    Description = The Fax service depends on the Print Spooler service which failed
    to start because of the following error: %%1058

    Error - 07/02/2011 03:05:21 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7023
    Description = The Intel® Quick Resume Technology Drivers service terminated with
    the following error: %%203

    Error - 07/02/2011 04:37:16 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7001
    Description = The Fax service depends on the Print Spooler service which failed
    to start because of the following error: %%1058

    Error - 07/02/2011 04:37:16 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7023
    Description = The Intel® Quick Resume Technology Drivers service terminated with
    the following error: %%203

    Error - 07/02/2011 04:45:04 PM | Computer Name = PCART | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.2 for the Network Card with network
    address 0013721C30CB has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 08/02/2011 04:33:35 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7001
    Description = The Fax service depends on the Print Spooler service which failed
    to start because of the following error: %%1058

    Error - 08/02/2011 04:33:35 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7023
    Description = The Intel® Quick Resume Technology Drivers service terminated with
    the following error: %%203


    < End of report >
  6. 2011-02-08, 23:52 #6
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Looks like you have F-PROT Antivirus and AVG, more than one AV is overkill and will cause issues and hamper system performance, you need to uninstall one via Add Remove Programs in the Control Panel.

    Not looking at anything bad on your log but if your experiencing redirects there may be a rootkit involved.



    Scan With RootKitUnHooker

    • Please choose one link and download Rootkit Unhooker and save it to your desktop.
      Link 1
      Link 2
      Link 3
    • Now double-click on RKUnhookerLE.exe to run it.
    • Click the Report tab, then click Scan.
    • Check (Tick) Drivers and Stealth
    • Uncheck the rest. then click OK
    • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
    • Wait till the scanner has finished and then click File > Save Report.
    • Save the report somewhere where you can find it. Click Close.
    • Copy the entire contents of the report and paste it in your next reply.


    Note** you may get the following warning, just click OK and continue.

    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules