I am a malware victim too

**unluckyuser** · 2011-02-10, 01:54

Hello!

I noticed that MS Security Essential now works! The services are not stopped any more.

Anyway, ran ESET but it says nothing was found :(

Here's the log
-------------------------------------------------------------------
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=4712ff61550db34fa01ef26499d948ce
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-10 12:48:25
# local_time=2011-02-10 12:48:25 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3328 16777191 100 0 365135 365135 0 0
# compatibility_mode=5891 16776869 42 87 9391 9338081 0 0
# compatibility_mode=8192 67108863 100 0 3742 3742 0 0
# scanned=238221
# found=0
# cleaned=0
# scan_time=5286

**ken545** · 2011-02-10, 01:59

Log looks ok. How are things running now ?

**unluckyuser** · 2011-02-10, 02:06

Originally Posted by ken545

Log looks ok. How are things running now ?

Now I'm trying search engines. So far no redirecting issues \o/

Do you think the PC is clean now? Or may the virus is just inactive for now? I will try on Firefox now.

**unluckyuser** · 2011-02-10, 02:42

Something happened. I was searching for Red Acari and Wolf Spiders (I have a plague at home). Then I clicked on a link to Wolf Spider that looked safe to jump to. A message popped up from the browser (IE). It said

"Windows Security has found critial process activity on your system and will perform fast scan of system files"

Next thing, MS Security Essentials, from the system tray, popped up a message saying something has been detected and the system needs to be scanned. So I did so and MS SE's main windows threw the following results:

Exploit:Java/CVE-2009-3867.MZ (Removed)
Exploit:Java/CVE-2008-5353.RP (Removed)
TrojanDownloader:Java/OpenConnection.GT (Removed)
Trojan:Win32/Bamital.I (Removed)
Trojan:Win32/Bamital (Removed)

Do I need to update Java?

On the browser, I clicked ok on that pop-up and what seems to be a fake scan started. The url is krisenalex.no-ip.org/?id=06abQDYx I closed the tab.

So how come did I end up on that site? Was I redirected? If so, this time around was different as before.

**ken545** · 2011-02-10, 10:37

Hi,

Lets update your Java, we where going to do that anyway when we were done.

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

1. Click Start > Settings > Control Panel.
2. Double-click the Java Plug-in icon in the control panel.
3. Click the Cache tab.
4. Click Clear A confirmation dialog box appears.
5. Click Yes to confirm.
6. Click Apply.

Download the HostsXpert 4.3 - Hosts File Manager.

Unzip HostsXpert 4.2.0.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert
Click HostsXpert.exe to Run HostsXpert - Hosts File Manager from its new home
Click "Make Hosts Writable?" in the upper left corner.
Click Restore Microsoft's Hosts file and then click OK.
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Run OTL and post a new log please

**unluckyuser** · 2011-02-10, 23:54

Hello!

Thank you very much for your continued support!

I installed JRE as you said. However, something happened. At first I didn't see the Clear Cache option. Seems this version has a different panel layout. Anyway, I saw a View Cache button and clicked on it. MS Security Essentials fired up and say it detected two offensive items and removed them:

Exploit:Java/CVE-2010-0840.BB (Removed)
Exploit:Java/CVE-2010-0844.E (Removed)

I then found in Settings the option and cleared the cache

I ran OTL and here is the OTL.txt log (Although, not Extras.txt generated this time round?):
------------------------------------------------------------------
OTL logfile created on: 10/02/2011 10:36:24 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\arturo\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 534.00 Mb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 204.18 Gb Free Space | 89.50% Space Free | Partition Type: NTFS
Drive E: | 298.08 Gb Total Space | 191.43 Gb Free Space | 64.22% Space Free | Partition Type: NTFS

Computer Name: PCART | User Name: arturo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\arturo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTXFISPI.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\arturo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (FPAVServer) -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (mysql) -- C:\ProgramFiles\AppServ\MySQL\bin\mysqld-nt.exe ()
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (Apache2) -- C:\ProgramFiles\AppServ\Apache2\bin\Apache.exe (Apache Software Foundation)
SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (IAANTMon) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (MpKsl98606d00) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74DD153D-5F5F-4A2F-99D7-D728D0CE0F70}\MpKsl98606d00.sys (Microsoft Corporation)
DRV - (RapportCerberus_19917) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (FPAV_RTP) -- C:\WINDOWS\system32\DRIVERS\FStopW.sys (FRISK Software International)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (hcwPP2) -- C:\WINDOWS\system32\drivers\hcwPP2.sys (Hauppauge Computer Works, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...inc&channel=uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co.uk/ig/dell?hl=e...inc&channel=uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: peraperakun@gmail.com:2.1.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/18 19:38:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/10 22:11:34 | 000,000,000 | ---D | M]

[2009/12/19 18:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Extensions
[2011/02/02 22:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions
[2010/04/27 20:58:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/19 22:03:37 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010/10/11 10:54:50 | 000,000,000 | ---D | M] (Perapera-kun: Popup Japanese and Chinese Translator) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions\peraperakun@gmail.com
[2011/02/10 22:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/10 22:11:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011/02/10 22:11:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/01/18 19:38:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/01/18 19:38:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/01/18 19:38:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/01/18 19:38:24 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/02/10 22:26:40 | 000,000,698 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1261257661937 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\arturo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\arturo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/10 22:25:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/10 22:24:56 | 000,000,000 | ---D | C] -- C:\HostsXpert
[2011/02/10 22:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/10 22:11:34 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/10 22:11:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/10 22:11:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/10 22:11:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/10 22:09:54 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\arturo\Desktop\jre-6u23-windows-i586.exe
[2011/02/10 22:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Desktop\JavaRa
[2011/02/09 21:17:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/02/09 21:09:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/09 21:06:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/09 21:06:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/09 21:06:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/09 21:06:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/09 21:06:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/09 21:01:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/08 21:13:11 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\arturo\Desktop\OTL.exe
[2011/02/08 21:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\Malwarebytes
[2011/02/08 21:01:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/08 21:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/08 21:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/08 21:01:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/08 21:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/08 21:00:49 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\arturo\Desktop\mbam-setup.exe
[2011/02/08 20:56:45 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\arturo\Desktop\ATF-Cleaner.exe
[2011/02/06 14:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/06 14:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/02/06 14:01:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\arturo\Desktop\erunt-setup.exe
[2011/02/06 13:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Desktop\erunt
[2011/02/06 00:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\FRISK Software
[2011/02/05 18:57:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/02/05 18:54:57 | 000,700,632 | ---- | C] (FRISK Software International) -- C:\WINDOWS\System32\drivers\FStopW.sys
[2011/02/05 18:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FRISK Software
[2011/02/05 18:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\FRISK Software
[2011/02/05 18:52:42 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/02/05 18:49:35 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_avct_stb_all_2011_1204_ppc2.exe
[2011/02/05 13:11:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp4973C556-1F66-C625-7459-435CB864CE47-Signatures
[2011/02/05 13:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/05 00:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Desktop\TMP
[2011/01/23 21:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Desktop\PointTaker
[2011/01/22 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\Yahoo!
[2011/01/22 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Local Settings\Application Data\Yahoo
[2011/01/22 22:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/01/22 22:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/01/18 20:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/01/18 20:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2006/06/21 20:45:36 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/10 22:36:44 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/02/10 22:26:40 | 000,000,698 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/10 22:24:35 | 000,353,485 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\HostsXpert.zip
[2011/02/10 22:11:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/10 22:11:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/10 22:11:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/10 22:11:14 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/10 22:11:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/10 22:09:55 | 016,561,952 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\arturo\Desktop\jre-6u23-windows-i586.exe
[2011/02/10 22:04:05 | 000,159,757 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\JavaRa.zip
[2011/02/10 22:01:21 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/02/10 21:57:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/10 21:57:43 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 02:44:05 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/02/10 02:44:05 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/02/10 02:44:05 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/02/10 02:44:05 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/10 02:44:05 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/10 01:51:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 21:09:33 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/02/09 20:55:11 | 004,266,117 | R--- | M] () -- C:\Documents and Settings\arturo\Desktop\ComboFix.exe
[2011/02/09 00:20:41 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\RKUnhookerLE.EXE
[2011/02/08 21:13:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\arturo\Desktop\OTL.exe
[2011/02/08 21:01:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/08 21:00:50 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\arturo\Desktop\mbam-setup.exe
[2011/02/08 20:56:46 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\arturo\Desktop\ATF-Cleaner.exe
[2011/02/06 14:38:50 | 000,005,213 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\Attach.zip
[2011/02/06 14:16:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\ERUNT.lnk
[2011/02/06 14:10:12 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\dds.com
[2011/02/06 14:09:41 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\dds.scr
[2011/02/06 14:01:04 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\arturo\Desktop\erunt-setup.exe
[2011/02/06 13:57:29 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\erunt.zip
[2011/02/05 20:47:39 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\F-PROT Antivirus for Windows.lnk
[2011/02/05 20:36:56 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/02/05 18:52:53 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/02/05 18:49:46 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_avct_stb_all_2011_1204_ppc2.exe
[2011/02/05 18:47:24 | 029,851,648 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\fpav-windows-x86-hc-en.msi
[2011/02/05 13:12:16 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/02/05 11:37:18 | 000,001,749 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/01/31 21:45:34 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\arturo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/22 22:04:39 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\arturo\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/10 22:24:33 | 000,353,485 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\HostsXpert.zip
[2011/02/10 22:04:03 | 000,159,757 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\JavaRa.zip
[2011/02/09 21:48:38 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/02/09 21:09:33 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/02/09 21:09:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/09 21:06:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/09 21:06:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/09 21:06:28 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/09 21:06:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/09 21:06:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/09 20:54:30 | 004,266,117 | R--- | C] () -- C:\Documents and Settings\arturo\Desktop\ComboFix.exe
[2011/02/09 00:20:30 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\RKUnhookerLE.EXE
[2011/02/08 21:01:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/06 14:38:50 | 000,005,213 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\Attach.zip
[2011/02/06 14:16:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\ERUNT.lnk
[2011/02/06 14:10:10 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\dds.com
[2011/02/06 14:09:38 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\dds.scr
[2011/02/06 13:57:27 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\erunt.zip
[2011/02/06 09:50:01 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/05 18:55:03 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\F-PROT Antivirus for Windows.lnk
[2011/02/05 18:55:03 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\F-PROT Antivirus for Windows.lnk
[2011/02/05 18:47:15 | 029,851,648 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\fpav-windows-x86-hc-en.msi
[2011/02/05 13:12:16 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/02/05 13:11:16 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/01/22 22:04:39 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\arturo\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/18 20:02:24 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/01/18 20:00:15 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2010/09/30 09:29:58 | 000,067,072 | RHS- | C] () -- C:\WINDOWS\System32\datao.dll
[2010/08/07 12:38:23 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2010/02/15 23:23:34 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\arturo\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2010/01/27 22:48:31 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2009/12/23 12:05:01 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\arturo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 23:09:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/12/18 22:53:47 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\arturo\Local Settings\Application Data\fusioncache.dat
[2007/05/04 06:32:30 | 002,035,712 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2007/05/04 06:32:30 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\sablot.dll
[2007/05/04 06:32:30 | 000,165,643 | ---- | C] () -- C:\WINDOWS\System32\libmhash.dll
[2007/05/04 06:32:30 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2007/05/04 06:32:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\mSQL.dll
[2007/02/20 08:29:50 | 000,039,912 | ---- | C] () -- C:\WINDOWS\php.ini
[2006/06/21 21:15:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 21:11:12 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/21 20:38:35 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/06/21 20:38:35 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/06/21 20:38:35 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/06/21 20:38:32 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2006/06/21 20:35:52 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/21 20:35:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/06/21 20:34:09 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/19 07:42:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\dlcgplc.ini
[2005/11/10 00:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/10 13:36:12 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll

========== LOP Check ==========

[2006/06/21 21:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/02/05 18:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FRISK Software
[2009/12/19 20:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010/02/24 23:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2006/06/21 21:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/19 19:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/23 20:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Amazon
[2010/01/24 12:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Blender Foundation
[2009/12/23 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Dev-Cpp
[2010/04/08 23:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\FileZilla
[2011/02/06 00:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\FRISK Software
[2011/01/09 22:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\GrabPro
[2010/10/05 11:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\gtk-2.0
[2010/09/16 11:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Notepad++
[2010/04/25 10:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\oald7
[2010/01/16 15:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\OpenOffice.org
[2011/02/05 17:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Orbit
[2011/01/09 22:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\ProgSense
[2009/12/19 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Subversion
[2010/02/24 23:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Trusteer
[2011/02/10 22:36:44 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========

< End of report >

**ken545** · 2011-02-11, 00:01

Looking good

How are things running now, any more redirects ?

**unluckyuser** · 2011-02-11, 00:21

Hi ken545!

Thanks for the good news!

I've been navigating around looking for crystallized sweet potato recipe (because we have a birthday party this week end). Jumping onto sites without any redirecting.

I will keep on using search engines and report issues if any.

Do you think the PC is now clean?

**ken545** · 2011-02-11, 01:47

Well Happy Birthday to whoever it is your celebrating

I think your good to go, but lets do this. Post back in a few days and let me know how things are running

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

**unluckyuser** · 2011-02-12, 17:54

Hi ken545!

Originally Posted by ken545

Well Happy Birthday to whoever it is your celebrating

Thanks! It's my friend's girlfriend, Alexa. I will pass your congratulations on to her.

We have been using the PC and Internet without any redirecting issues. Because of that we managed to find a good crystallized sweet potato recipe. The making was a success! And food and drinks are ready. Just waiting for the first guests to show up :D

Anyway, back to topic. The PC runs even smoother now. I created a restored point as you recommended. And thanks a lot for the must read links!

Thank you very much for all your help and the good job on the step-by-step instructions. Every thing was so clear. Really appreciate the time you spent helping us out on this matter.

Cheers!

Thread: I am a malware victim too

Thread Tools

Display

Posting Permissions