View Full Version : A virus? (Inactive)
Draxton0102
2010-02-21, 06:19
Oringinally I had posted here about a week ago, and with no replies, it was put in the archives. So I'm posting here again with some hope that someone may know what what's wrong, if anything is wrong, with my pc this time.
My oringinal post can be found here: http://forums.spybot.info/showthread.php?t=55372
This is my newest hjt log:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:15:55 PM, on 2/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1202660629-412668190-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 3704 bytes
To sum up what I experience is that some of my windows components will get an error and I'll have to restart them. This occurs about an hour or so after turning on my pc. Most of the time it's windows audio and windows installer.
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
There is no obvious sign of infection, but let's have a deeper look.
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )
Draxton0102
2010-02-27, 16:21
Hello katana and thank you for replying.
I downloaded RSIT to my desktop, however when I click on the continue button on the disclaimer screen I get an "AutoIt Error saying Line -1: Error: Variable used without being declared." and after pressing the ok button it closes the program.
Let's try a different tool ...
OTScanIt
Please download OTS.exe (http://oldtimer.geekstogo.com/OTS.exe) by OldTimer and save it to your desktop.
Double click on OTS.exe to run it.
Under Additional Scans section, put a check mark next to Reg - Uninstall List. ( you will need to scroll down)
Click on the Run Scan button at the top left hand corner.
OTS will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.
Draxton0102
2010-02-28, 01:46
Okay, that tool works fine.
Here's the notepad file:
OTS logfile created on: 2/27/2010 5:44:12 PM - Run 1
OTS by OldTimer - Version 3.1.22.3 Folder = C:\Documents and Settings\Cameron\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.12 Gb Total Space | 531.88 Gb Free Space | 89.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NONE-09782A33D3
Current User Name: Cameron
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:43:03 | 000,632,832 | ---- | M] (OldTimer Tools)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/11/05 22:52:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
wpn111.exe -> C:\Program Files\NETGEAR\WPN111\WPN111.exe -> [2008/08/15 16:21:52 | 000,884,795 | ---- | M] (NETGEAR)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:43:03 | 000,632,832 | ---- | M] (OldTimer Tools)
[Win32 Services - Safe List]
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/11/05 22:52:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
[Driver Services - Safe List]
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2009/12/08 05:16:58 | 000,056,816 | ---- | M] (Avira GmbH)
(Mkd2kfNt) Mkd2kfNt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -> [2009/10/13 01:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.)
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.10.0 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\AegisP.sys -> [2009/09/02 15:06:06 | 000,021,275 | ---- | M] (Meetinghouse Data Communications)
(Mkd2Nadr) Mkd2Nadr [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -> [2009/07/13 01:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2008/09/02 17:08:28 | 004,812,288 | ---- | M] (Realtek Semiconductor Corp.)
(WPN111) Wireless USB 2.0 Adapter with RangeMax Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\WPN111.sys -> [2008/04/18 11:28:10 | 000,384,608 | ---- | M] (Atheros Communications, Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2008/04/13 22:09:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\igxpmp32.sys -> [2007/04/16 21:16:26 | 005,760,096 | ---- | M] (Intel Corporation)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\e1e5132.sys -> [2007/04/13 20:33:34 | 000,254,872 | ---- | M] (Intel Corporation)
(RTL8187B) Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8187B.sys -> [2007/04/06 02:12:02 | 000,223,616 | ---- | M] (Realtek Semiconductor Corporation )
(cercsr6) cercsr6 [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\drivers\cercsr6.sys -> [2004/12/13 14:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 03:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.)
(DNINDIS5) DNINDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\DNINDIS5.sys -> [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{03402f96-3dc7-4285-bc50-9e81fefafe43}" [HKLM] -> Reg Error: Key error. [AIM Toolbar Search Class] -> File not found
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
< FireFox Extensions [User Folders] > ->
< HOSTS File > ([2009/09/13 15:16:08 | 000,329,883 | R--- | M] - 11344 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
First 25 entries...
Reset Hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/11/05 22:52:11 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/11/05 22:52:13 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{61539ECD-CC67-4437-A03C-9AACCBD14326}" [HKLM] -> Reg Error: Key error. [AIM Toolbar] -> File not found
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2009/09/05 01:54:42 | 000,417,792 | ---- | M] (Apple Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WPN111\WPN111.exe -> [2008/08/15 16:21:52 | 000,884,795 | ---- | M] (NETGEAR)
< Cameron Startup Folder > -> C:\Documents and Settings\Cameron\Start Menu\Programs\Startup ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5868 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5867 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6CA900EA-66E2-4B3E-B894-AECECA03E558}\\DhcpNameServer -> 192.168.1.1 (NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111) ->
{CEA55DA3-6406-46AA-863D-8C9E160023C1}\\DhcpNameServer -> 192.168.1.2 (Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2007/04/16 19:50:30 | 000,204,800 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\AIM\aim.exe" -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AIM] -> [2009/10/01 13:20:57 | 003,634,024 | ---- | M] (AOL LLC)
"C:\Program Files\Curse\CurseClient.exe" -> C:\Program Files\Curse\CurseClient.exe [C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client] -> [2009/06/08 07:51:36 | 001,934,336 | ---- | M] ()
"C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2009/11/05 22:52:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2009/12/17 01:24:45 | 000,289,584 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" -> C:\Program Files\World of Warcraft\BackgroundDownloader.exe [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> [2009/11/14 05:15:44 | 002,335,304 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" -> C:\Program Files\World of Warcraft\Launcher.exe [C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher] -> [2009/11/14 05:15:45 | 004,895,608 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/02 17:33:17 | 002,067,232 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/23 05:05:50 | 002,069,792 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/02 16:51:33 | 002,167,496 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/25 16:31:32 | 002,067,232 | ---- | M] (Blizzard Entertainment)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/09/01 12:37:12 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
[Registry - Additional Scans - Safe List]
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A} -> HiJackThis
{0C34B801-6AEC-4667-B053-03A67E2D0415} -> Apple Application Support
{26A24AE4-039D-4CA4-87B4-2F83216017FF} -> Java(TM) 6 Update 17
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{3921A67A-5AB1-4E48-9444-C71814CF3027} -> VCRedistSetup
{42929F0F-CE14-47AF-9FC7-FF297A603021} -> Dell Resource CD
{56C049BE-79E9-4502-BEA7-9754A3E60F9B} -> neroxml
{582E9125-32B6-4CBA-AB48-3E33CE3DB389} -> NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} -> Intel(R) PRO Network Connections 12.1.12.0
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{A1288842-D600-453F-B61F-6C2AA3D6A528} -> Ragnarok Online
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} -> QuickTime
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
{C4124E95-5061-4776-8D5D-E3D931C778E1} -> Microsoft VC9 runtime libraries
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{D642E38E-0D24-486C-9A2D-E316DD696F4B} -> Microsoft XML Parser
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
AhnLab Online Security -> AhnLab Online Security
AIM_7 -> AIM 7
Avira AntiVir Desktop -> Avira AntiVir Personal - Free Antivirus
ffdshow -> ffdshow (remove only)
HDMI -> Intel(R) Graphics Media Accelerator Driver
HijackThis -> HijackThis 2.0.2
ie8 -> Windows Internet Explorer 8
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
PSP Action Replay_is1 -> PSP Action Replay
Raganrok Renewal -> Ragnarok Renewal
Ragnarok Online -> Ragnarok Online
RegCure -> RegCure
uTorrent -> µTorrent
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WinRAR archiver -> WinRAR archiver
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
World of Warcraft -> World of Warcraft
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:42:59 | 000,632,832 | ---- | C] (OldTimer Tools)
rsit -> C:\rsit -> [2010/02/27 08:14:50 | 000,000,000 | ---D | C]
Veoh Networks -> C:\Program Files\Veoh Networks -> [2010/02/17 02:28:10 | 000,000,000 | ---D | C]
Sun -> C:\Documents and Settings\NetworkService\Application Data\Sun -> [2010/02/14 11:28:31 | 000,000,000 | ---D | M]
Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2010/02/13 20:55:16 | 000,000,000 | ---D | M]
Apple Computer -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer -> [2010/02/13 20:54:56 | 000,000,000 | ---D | M]
Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2010/02/13 10:54:51 | 000,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2010/02/13 10:54:51 | 000,000,000 | ---D | M]
ComboFix -> C:\ComboFix -> [2010/02/12 02:48:09 | 000,000,000 | --SD | C]
TrendMicro -> C:\Program Files\TrendMicro -> [2010/02/08 23:24:29 | 000,000,000 | ---D | C]
AhnLab -> C:\Program Files\AhnLab -> [2010/02/08 15:56:02 | 000,000,000 | ---D | C]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/11/13 07:26:51 | 000,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/11/13 07:26:50 | 000,000,000 | ---D | M]
Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2009/10/16 18:28:00 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/09/04 02:43:50 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/09/01 12:39:06 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/09/01 12:37:10 | 000,000,000 | --SD | M]
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
[Files/Folders - Modified Within 30 Days]
OTS.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:43:03 | 000,632,832 | ---- | M] (OldTimer Tools)
RegCure Startup.job -> C:\WINDOWS\tasks\RegCure Startup.job -> [2010/02/27 17:41:10 | 000,000,382 | ---- | M] ()
RegCure Program Check.job -> C:\WINDOWS\tasks\RegCure Program Check.job -> [2010/02/27 17:00:00 | 000,000,394 | ---- | M] ()
ntuser.dat -> C:\Documents and Settings\Cameron\ntuser.dat -> [2010/02/27 09:57:09 | 006,553,600 | -H-- | M] ()
ntuser.ini -> C:\Documents and Settings\Cameron\ntuser.ini -> [2010/02/27 09:57:09 | 000,000,178 | -HS- | M] ()
IconCache.db -> C:\Documents and Settings\Cameron\Local Settings\Application Data\IconCache.db -> [2010/02/27 09:57:03 | 002,107,238 | -H-- | M] ()
World of Warcraft.lnk -> C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk -> [2010/02/27 08:52:42 | 000,000,799 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Cameron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/02/27 07:46:09 | 000,248,832 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/02/26 10:45:07 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/02/26 10:45:05 | 000,002,048 | --S- | M] ()
RegCure.job -> C:\WINDOWS\tasks\RegCure.job -> [2010/02/25 03:48:50 | 000,000,376 | ---- | M] ()
HiJackThis.lnk -> C:\Documents and Settings\Cameron\Desktop\HiJackThis.lnk -> [2010/02/20 22:15:44 | 000,002,445 | ---- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/02/19 18:28:00 | 000,000,284 | ---- | M] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/02/13 20:54:58 | 000,000,664 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/02/08 15:57:12 | 000,002,206 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Cameron\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/02/05 23:31:59 | 000,013,104 | ---- | M] ()
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
37 C:\Documents and Settings\Cameron\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Cameron\Local Settings\temp\*.tmp ->
10 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
[Files - No Company Name]
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/02/13 20:54:58 | 000,000,664 | ---- | C] ()
Irremote.ini -> C:\WINDOWS\Irremote.ini -> [2009/09/14 06:01:21 | 000,000,000 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/09/04 04:40:55 | 000,000,069 | ---- | C] ()
libeay32.dll -> C:\WINDOWS\System32\libeay32.dll -> [2009/09/02 15:06:05 | 000,651,264 | ---- | C] ()
ssleay32.dll -> C:\WINDOWS\System32\ssleay32.dll -> [2009/09/02 15:06:05 | 000,147,456 | ---- | C] ()
igfxCoIn_v4820.dll -> C:\WINDOWS\System32\igfxCoIn_v4820.dll -> [2009/09/01 12:45:56 | 000,204,800 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
< End of report >
Information
REMOVE P2P PROGRAMS
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
µTorrent
Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.
----------------------------------------------------------------------------------------
Registry Cleaners + "Tweak" Tools
Re. RegCure
I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools
They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though
Stopping services and setting policies can speed up your machine ..... as long as you stop and set the right ones, and even then it's debatable if you will notice the improvement.
Remove the wrong registry entry, or stop the wrong service, and not only can you slow your machine .... you could kill it !
To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing and what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.
discussion on regcleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html
And for more good information see what Miekiemoes has to say >> http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
----------------------------------------------------------------------------------------
Step 1
Malwarebytes' Anti-Malware
I notice that you have MBAM installed, please do the following
Start MalwareBytes AntiMalware
Update Malwarebytes' Anti-Malware
Select the Update tab
Click Update
When the update is complete, select the Scanner tab
Select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------------------------------------
Step 2
Open OTScanIt. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > ->
YN -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{03402f96-3dc7-4285-bc50-9e81fefafe43}" [HKLM] -> Reg Error: Key error. [AIM Toolbar Search Class]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{61539ECD-CC67-4437-A03C-9AACCBD14326}" [HKLM] -> Reg Error: Key error. [AIM Toolbar]
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YY -> "C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent]
[Files/Folders - Created Within 30 Days]
NY -> 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files/Folders - Modified Within 30 Days]
NY -> 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 37 C:\Documents and Settings\Cameron\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Cameron\Local Settings\temp\*.tmp
NY -> 10 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Empty Temp Folders]
The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.
Warning: This fix is for this user only. DO NOT duplicate this fix or you risk damaging your own system
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Malwarebytes Log
OTS Log
I see that you have run Combofix, do you still have the log ?
How are things running now ?
Draxton0102
2010-02-28, 22:34
OST Log:
OTS logfile created on: 2/28/2010 2:20:27 PM - Run 2
OTS by OldTimer - Version 3.1.22.3 Folder = C:\Documents and Settings\Cameron\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.12 Gb Total Space | 534.82 Gb Free Space | 89.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NONE-09782A33D3
Current User Name: Cameron
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:43:03 | 000,632,832 | ---- | M] (OldTimer Tools)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/11/05 22:52:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
wpn111.exe -> C:\Program Files\NETGEAR\WPN111\WPN111.exe -> [2008/08/15 16:21:52 | 000,884,795 | ---- | M] (NETGEAR)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:43:03 | 000,632,832 | ---- | M] (OldTimer Tools)
[Win32 Services - Safe List]
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/11/05 22:52:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
[Driver Services - Safe List]
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2009/12/08 05:16:58 | 000,056,816 | ---- | M] (Avira GmbH)
(Mkd2kfNt) Mkd2kfNt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -> [2009/10/13 01:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.)
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.10.0 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\AegisP.sys -> [2009/09/02 15:06:06 | 000,021,275 | ---- | M] (Meetinghouse Data Communications)
(Mkd2Nadr) Mkd2Nadr [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -> [2009/07/13 01:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2008/09/02 17:08:28 | 004,812,288 | ---- | M] (Realtek Semiconductor Corp.)
(WPN111) Wireless USB 2.0 Adapter with RangeMax Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\WPN111.sys -> [2008/04/18 11:28:10 | 000,384,608 | ---- | M] (Atheros Communications, Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2008/04/13 22:09:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\igxpmp32.sys -> [2007/04/16 21:16:26 | 005,760,096 | ---- | M] (Intel Corporation)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\e1e5132.sys -> [2007/04/13 20:33:34 | 000,254,872 | ---- | M] (Intel Corporation)
(RTL8187B) Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8187B.sys -> [2007/04/06 02:12:02 | 000,223,616 | ---- | M] (Realtek Semiconductor Corporation )
(cercsr6) cercsr6 [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\drivers\cercsr6.sys -> [2004/12/13 14:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 03:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.)
(DNINDIS5) DNINDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\DNINDIS5.sys -> [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
< FireFox Extensions [User Folders] > ->
< HOSTS File > ([2009/09/13 15:16:08 | 000,329,883 | R--- | M] - 11344 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
First 25 entries...
Reset Hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/11/05 22:52:11 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/11/05 22:52:13 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2009/09/05 01:54:42 | 000,417,792 | ---- | M] (Apple Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WPN111\WPN111.exe -> [2008/08/15 16:21:52 | 000,884,795 | ---- | M] (NETGEAR)
< Cameron Startup Folder > -> C:\Documents and Settings\Cameron\Start Menu\Programs\Startup ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5868 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5867 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6CA900EA-66E2-4B3E-B894-AECECA03E558}\\DhcpNameServer -> 192.168.1.1 (NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111) ->
{CEA55DA3-6406-46AA-863D-8C9E160023C1}\\DhcpNameServer -> 192.168.1.2 (Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2007/04/16 19:50:30 | 000,204,800 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\AIM\aim.exe" -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AIM] -> [2009/10/01 13:20:57 | 003,634,024 | ---- | M] (AOL LLC)
"C:\Program Files\Curse\CurseClient.exe" -> C:\Program Files\Curse\CurseClient.exe [C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client] -> [2009/06/08 07:51:36 | 001,934,336 | ---- | M] ()
"C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2009/11/05 22:52:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" -> C:\Program Files\World of Warcraft\BackgroundDownloader.exe [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> [2009/11/14 05:15:44 | 002,335,304 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" -> C:\Program Files\World of Warcraft\Launcher.exe [C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher] -> [2009/11/14 05:15:45 | 004,895,608 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/02 17:33:17 | 002,067,232 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/23 05:05:50 | 002,069,792 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/02 16:51:33 | 002,167,496 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/25 16:31:32 | 002,067,232 | ---- | M] (Blizzard Entertainment)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/09/01 12:37:12 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
[Files/Folders - Created Within 30 Days]
ComboFix -> C:\ComboFix -> [2010/02/28 14:20:14 | 000,000,000 | --SD | C]
_OTS -> C:\_OTS -> [2010/02/28 14:11:50 | 000,000,000 | ---D | C]
OTS.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:42:59 | 000,632,832 | ---- | C] (OldTimer Tools)
rsit -> C:\rsit -> [2010/02/27 08:14:50 | 000,000,000 | ---D | C]
Veoh Networks -> C:\Program Files\Veoh Networks -> [2010/02/17 02:28:10 | 000,000,000 | ---D | C]
Sun -> C:\Documents and Settings\NetworkService\Application Data\Sun -> [2010/02/14 11:28:31 | 000,000,000 | ---D | M]
Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2010/02/13 20:55:16 | 000,000,000 | ---D | M]
Apple Computer -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer -> [2010/02/13 20:54:56 | 000,000,000 | ---D | M]
Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2010/02/13 10:54:51 | 000,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2010/02/13 10:54:51 | 000,000,000 | ---D | M]
TrendMicro -> C:\Program Files\TrendMicro -> [2010/02/08 23:24:29 | 000,000,000 | ---D | C]
AhnLab -> C:\Program Files\AhnLab -> [2010/02/08 15:56:02 | 000,000,000 | ---D | C]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/11/13 07:26:51 | 000,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/11/13 07:26:50 | 000,000,000 | ---D | M]
Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2009/10/16 18:28:00 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/09/04 02:43:50 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/09/01 12:39:06 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/09/01 12:37:10 | 000,000,000 | --SD | M]
[Files/Folders - Modified Within 30 Days]
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/02/28 14:17:26 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/02/28 14:17:25 | 000,002,048 | --S- | M] ()
ntuser.dat -> C:\Documents and Settings\Cameron\ntuser.dat -> [2010/02/28 14:16:43 | 006,553,600 | -H-- | M] ()
ntuser.ini -> C:\Documents and Settings\Cameron\ntuser.ini -> [2010/02/28 14:16:40 | 000,000,178 | -HS- | M] ()
IconCache.db -> C:\Documents and Settings\Cameron\Local Settings\Application Data\IconCache.db -> [2010/02/28 01:45:25 | 001,578,754 | -H-- | M] ()
OTS.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:43:03 | 000,632,832 | ---- | M] (OldTimer Tools)
World of Warcraft.lnk -> C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk -> [2010/02/27 08:52:42 | 000,000,799 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Cameron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/02/27 07:46:09 | 000,248,832 | ---- | M] ()
HiJackThis.lnk -> C:\Documents and Settings\Cameron\Desktop\HiJackThis.lnk -> [2010/02/20 22:15:44 | 000,002,445 | ---- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/02/19 18:28:00 | 000,000,284 | ---- | M] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/02/13 20:54:58 | 000,000,664 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/02/08 15:57:12 | 000,002,206 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Cameron\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/02/05 23:31:59 | 000,013,104 | ---- | M] ()
[Files - No Company Name]
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/02/13 20:54:58 | 000,000,664 | ---- | C] ()
Irremote.ini -> C:\WINDOWS\Irremote.ini -> [2009/09/14 06:01:21 | 000,000,000 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/09/04 04:40:55 | 000,000,069 | ---- | C] ()
libeay32.dll -> C:\WINDOWS\System32\libeay32.dll -> [2009/09/02 15:06:05 | 000,651,264 | ---- | C] ()
ssleay32.dll -> C:\WINDOWS\System32\ssleay32.dll -> [2009/09/02 15:06:05 | 000,147,456 | ---- | C] ()
igfxCoIn_v4820.dll -> C:\WINDOWS\System32\igfxCoIn_v4820.dll -> [2009/09/01 12:45:56 | 000,204,800 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
< End of report >
MBAM Log:
Malwarebytes' Anti-Malware 1.44
Database version: 3808
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2/28/2010 2:09:54 PM
mbam-log-2010-02-28 (14-09-54).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 195656
Time elapsed: 31 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
No, I don't have a ComboFix log file. I kept that program from a previous infection just in case, but I really don't know how to use it.
I'm rarely on this pc due to work so I won't know how well it's running until later in the week. So I'll have to wait and see later on.
There's no sign of infection, but let's have one last scan to make sure.
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK
Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.
Draxton0102
2010-03-01, 12:15
;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-03-01 04:14:08
PROTECTIONS: 1
MALWARE: 25
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AntiVir Desktop 9.0.1.32 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@trafficmp[3].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@trafficmp[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@247realmedia[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@tribalfusion[1].txt
00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@7search[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@yadro[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@azjmp[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@toplist[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@toplist[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\networkservice\cookies\system@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\cookies\system@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\networkservice\cookies\system@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\networkservice\cookies\system@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\networkservice\cookies\system@ad.yieldmanager[4].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@ad.yieldmanager[4].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@serving-sys[4].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@serving-sys[3].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@www.burstbeacon[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@server.iad.liveperson[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@server.iad.liveperson[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@questionmarket[3].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@questionmarket[1].txt
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@xxxcounter[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@go[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@target[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@ads.addynamix[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@ads.addynamix[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@citi.bridgetrack[1].txt
00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@registrydefender[2].txt
00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@registrydefender[1].txt
01048936 Generic Malware Virus/Trojan No 0 Yes No c:\program files\gamespy arcade\services\_common\portraitloader.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
217842 HIGH MS10-015
217839 HIGH MS10-012
217838 HIGH MS10-011
217834 HIGH MS10-008
217833 HIGH MS10-007
217832 HIGH MS10-006
217831 HIGH MS10-005
;===================================================================================================================================================================================
Apart from some cookies, and a gamespy arcade file which is safe enough if you use the software your log looks good :)
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Uninstall OTScanIt (OTS.exe)
Open OTScanIt Click Cleanup,
When a box pops up click YES.
You can also delete any logs we have produced and any other tools we have downloaded.
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
Draxton0102
2010-03-03, 16:54
Everything seems fine. Although when I click on a link I've searched for, it'll redirect me to a different link even though the one I searched for is perfectly fine. I know this because I've to hit the back button several times before the link will send me to my requested page.
Everything seems fine. Although when I click on a link I've searched for, it'll redirect me to a different link even though the one I searched for is perfectly fine. I know this because I've to hit the back button several times before the link will send me to my requested page.
That doesn't sound right :sad:
GMER Rootkit Detector
Please download GMER Rootkit Scanner from Here (http://www.gmer.net/gmer.zip) or Here (http://majorgeeks.com/downloadget.php?id=5198&file=15&evp=3f18075291813a665b2a25536a70b307)
***Please close any open programs ***
Extract the contents of the zip file to your desktop.
Disable your onboard Anti Virus and any other Active protection programs you have installed.
Double-click gmer.exe. The program will begin to run.
Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO,
Now use the following settings for a more complete scan..
http://i51.photobucket.com/albums/f387/Katana_1970/th_Gmer_initScan-1.gif (http://i51.photobucket.com/albums/f387/Katana_1970/Gmer_initScanfull.gif)
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once the scan is complete, you may receive another notice about rootkit activity. If you recive it, click OK.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.