PDA

View Full Version : I am a malware victim too



unluckyuser
2011-02-06, 17:44
Hello!

I am a malware victim too :(
These are the symptoms:
- I've got site redirected when using search engines like Google
- Microsoft Security Essentials doesn't start. I have re-enabled and restarted both Security Center and MS Antimalware Service. Upon starting MS SE these two services go back to Disable mode.

I also noticed I have installed an 810plc32. It appears listed in Add And Remove Programs tool. I'm not sure what this program is for.

Actions taken that might be of interest:
- I was able to run MS SE in safemode and scanned my PC. It found and (apparently) fixed some issues.
- I installed F-PROT Antivirus last night. It yet found trojans in two dll files and I removed them. MS SE faild finding these two.

I backed up my registry and here are the files requested:
--------------------------------------------------------------------
DDS (Ver_10-12-12.02) - NTFSx86
Run by arturo at 14:35:40.76 on 06/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.506 [GMT 0:00]

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: F-PROT Antivirus for Windows *Enabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\arturo\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk
uSearch Bar = hxxp://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk
uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261257661937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\arturo\applic~1\mozilla\firefox\profiles\4q9fif3v.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - plugin: c:\documents and settings\arturo\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\arturo\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Perapera-kun: Popup Japanese and Chinese Translator: peraperakun@gmail.com - %profile%\extensions\peraperakun@gmail.com
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2011-2-5 700632]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2010-11-3 83624]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-2-3 5010288]
S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-2-3 16168]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

=============== Created Last 30 ================

2011-02-06 00:48:26 -------- d-----w- c:\docume~1\arturo\applic~1\FRISK Software
2011-02-05 19:04:07 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{9d47610d-ee4c-4fda-9b7a-1d982e73bb85}\mpengine.dll
2011-02-05 18:54:57 700632 ----a-w- c:\windows\system32\drivers\FStopW.sys
2011-02-05 18:54:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\FRISK Software
2011-02-05 18:54:44 -------- d-----w- c:\program files\FRISK Software
2011-02-05 13:11:18 -------- d-----w- c:\windows\Temp4973C556-1F66-C625-7459-435CB864CE47-Signatures
2011-02-05 13:11:02 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-22 22:15:33 -------- d-----w- c:\docume~1\arturo\locals~1\applic~1\Yahoo
2011-01-22 22:04:23 -------- d-----w- c:\program files\Yahoo!
2011-01-21 19:36:33 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlcA.tmp
2011-01-09 22:03:41 -------- d-----w- c:\docume~1\arturo\applic~1\ProgSense
2011-01-09 22:03:14 -------- d-----w- C:\downloads
2011-01-09 22:03:14 -------- d-----w- c:\docume~1\arturo\applic~1\GrabPro
2011-01-08 01:59:47 -------- d-----w- c:\docume~1\arturo\locals~1\applic~1\Deployment

==================== Find3M ====================

2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 14:36:48.93 ===============
--------------------------------------------------------------------

Spybot-S&D has reported these issues repeatedly:
--------------------------------------------------------------------
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

DoubleClick: Tracking cookie (Internet Explorer: arturo) (Cookie, nothing done)


Right Media: Tracking cookie (Internet Explorer: arturo) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-10-06 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2011-02-01 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-01-25 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2011-02-01 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-01-18 Includes\Spyware.sbi (*)
2011-01-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-02-01 Includes\TrojansC-02.sbi (*)
2011-01-13 Includes\TrojansC-03.sbi (*)
2011-01-25 Includes\TrojansC-04.sbi (*)
2011-01-26 Includes\TrojansC-05.sbi (*)
2010-12-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--------------------------------------------------------------------

Many thanks for taking the time to help me out!

ken545
2011-02-08, 02:14
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.




Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.




Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please






OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

unluckyuser
2011-02-08, 23:30
Hello!
I do appreciate the time you are taking to help me out with this issue :)

I am making three post to copy the reports to make sure they all fit.

ATF-Cleaner went alright.

Malwarebytes report:
---------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5714

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

08/02/2011 09:11:46 PM
mbam-log-2011-02-08 (21-11-46).txt

Scan type: Quick scan
Objects scanned: 160041
Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

unluckyuser
2011-02-08, 23:32
OTL.txt
---------------------------------------------------------------
OTL logfile created on: 08/02/2011 09:16:22 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\arturo\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 479.00 Mb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 204.48 Gb Free Space | 89.63% Space Free | Partition Type: NTFS
Drive E: | 298.08 Gb Total Space | 191.43 Gb Free Space | 64.22% Space Free | Partition Type: NTFS

Computer Name: PCART | User Name: arturo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\arturo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTXFISPI.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\arturo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (FPAVServer) -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (mysql) -- C:\ProgramFiles\AppServ\MySQL\bin\mysqld-nt.exe ()
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (Apache2) -- C:\ProgramFiles\AppServ\Apache2\bin\Apache.exe (Apache Software Foundation)
SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (IAANTMon) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (RapportCerberus_19917) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (FPAV_RTP) -- C:\WINDOWS\system32\DRIVERS\FStopW.sys (FRISK Software International)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (hcwPP2) -- C:\WINDOWS\system32\drivers\hcwPP2.sys (Hauppauge Computer Works, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: peraperakun@gmail.com:2.1.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/18 19:38:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/18 19:38:28 | 000,000,000 | ---D | M]

[2009/12/19 18:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Extensions
[2011/02/02 22:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions
[2010/04/27 20:58:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/19 22:03:37 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010/10/11 10:54:50 | 000,000,000 | ---D | M] (Perapera-kun: Popup Japanese and Chinese Translator) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions\peraperakun@gmail.com
[2011/02/02 22:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 19:38:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/01/18 19:38:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/01/18 19:38:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/01/18 19:38:24 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261257661937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\arturo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\arturo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/08 21:13:11 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\arturo\Desktop\OTL.exe
[2011/02/08 21:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\Malwarebytes
[2011/02/08 21:01:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/08 21:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/08 21:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/08 21:01:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/08 21:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/08 21:00:49 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\arturo\Desktop\mbam-setup.exe
[2011/02/08 20:56:45 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\arturo\Desktop\ATF-Cleaner.exe
[2011/02/06 14:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/06 14:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/02/06 14:01:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\arturo\Desktop\erunt-setup.exe
[2011/02/06 13:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Desktop\erunt
[2011/02/06 00:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\FRISK Software
[2011/02/05 20:47:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/02/05 18:57:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/02/05 18:54:57 | 000,700,632 | ---- | C] (FRISK Software International) -- C:\WINDOWS\System32\drivers\FStopW.sys
[2011/02/05 18:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FRISK Software
[2011/02/05 18:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\FRISK Software
[2011/02/05 18:52:42 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/02/05 18:49:35 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_avct_stb_all_2011_1204_ppc2.exe
[2011/02/05 13:11:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp4973C556-1F66-C625-7459-435CB864CE47-Signatures
[2011/02/05 13:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/05 00:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Desktop\TMP
[2011/01/23 21:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Desktop\PointTaker
[2011/01/22 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\Yahoo!
[2011/01/22 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Local Settings\Application Data\Yahoo
[2011/01/22 22:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/01/22 22:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/01/18 20:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/01/18 20:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/09 22:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\ProgSense
[2011/01/09 22:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\GrabPro
[2011/01/09 22:03:14 | 000,000,000 | ---D | C] -- C:\downloads
[2011/01/09 22:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\Orbit
[2006/06/21 20:45:36 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/08 21:13:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\arturo\Desktop\OTL.exe
[2011/02/08 21:01:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/08 21:00:50 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\arturo\Desktop\mbam-setup.exe
[2011/02/08 20:56:46 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\arturo\Desktop\ATF-Cleaner.exe
[2011/02/08 20:32:55 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/02/08 20:32:08 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\OHUN.job
[2011/02/08 20:32:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/08 20:32:03 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/07 23:40:40 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/02/07 23:40:40 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/02/07 23:40:40 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/02/07 23:40:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/07 23:40:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/07 19:03:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/06 14:38:50 | 000,005,213 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\Attach.zip
[2011/02/06 14:16:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\ERUNT.lnk
[2011/02/06 14:10:12 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\dds.com
[2011/02/06 14:09:41 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\dds.scr
[2011/02/06 14:01:04 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\arturo\Desktop\erunt-setup.exe
[2011/02/06 13:57:29 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\erunt.zip
[2011/02/05 20:47:39 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\F-PROT Antivirus for Windows.lnk
[2011/02/05 20:36:56 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011/02/05 18:52:53 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/02/05 18:49:46 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_avct_stb_all_2011_1204_ppc2.exe
[2011/02/05 18:47:24 | 029,851,648 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\fpav-windows-x86-hc-en.msi
[2011/02/05 13:12:16 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/02/05 11:37:18 | 000,001,749 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/01/31 21:45:34 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\arturo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/22 22:04:39 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\arturo\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/08 21:01:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/06 14:38:50 | 000,005,213 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\Attach.zip
[2011/02/06 14:16:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\ERUNT.lnk
[2011/02/06 14:10:10 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\dds.com
[2011/02/06 14:09:38 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\dds.scr
[2011/02/06 13:57:27 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\erunt.zip
[2011/02/06 09:50:01 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/05 18:55:03 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\F-PROT Antivirus for Windows.lnk
[2011/02/05 18:55:03 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\F-PROT Antivirus for Windows.lnk
[2011/02/05 18:47:15 | 029,851,648 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\fpav-windows-x86-hc-en.msi
[2011/02/05 13:12:16 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/02/05 13:11:16 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/01/22 22:04:39 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\arturo\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/18 20:02:24 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/01/18 20:00:15 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2010/09/30 09:29:58 | 000,067,072 | RHS- | C] () -- C:\WINDOWS\System32\datao.dll
[2010/08/07 12:38:23 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2010/02/15 23:23:34 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\arturo\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2010/01/27 22:48:31 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2009/12/23 12:05:01 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\arturo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 23:09:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/12/18 22:53:47 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\arturo\Local Settings\Application Data\fusioncache.dat
[2007/05/04 06:32:30 | 002,035,712 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2007/05/04 06:32:30 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\sablot.dll
[2007/05/04 06:32:30 | 000,165,643 | ---- | C] () -- C:\WINDOWS\System32\libmhash.dll
[2007/05/04 06:32:30 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2007/05/04 06:32:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\mSQL.dll
[2007/02/20 08:29:50 | 000,039,912 | ---- | C] () -- C:\WINDOWS\php.ini
[2006/06/21 21:15:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 21:11:12 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/21 20:38:35 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/06/21 20:38:35 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/06/21 20:38:35 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/06/21 20:38:32 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2006/06/21 20:35:52 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/21 20:35:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/06/21 20:34:09 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/19 07:42:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\dlcgplc.ini
[2005/11/10 00:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/10 13:36:12 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll

========== LOP Check ==========

[2006/06/21 21:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/02/05 18:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FRISK Software
[2009/12/19 20:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010/02/24 23:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2006/06/21 21:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/19 19:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/23 20:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Amazon
[2010/01/24 12:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Blender Foundation
[2009/12/23 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Dev-Cpp
[2010/04/08 23:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\FileZilla
[2011/02/06 00:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\FRISK Software
[2011/01/09 22:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\GrabPro
[2010/10/05 11:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\gtk-2.0
[2010/09/16 11:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Notepad++
[2010/04/25 10:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\oald7
[2010/01/16 15:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\OpenOffice.org
[2011/02/05 17:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Orbit
[2011/01/09 22:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\ProgSense
[2009/12/19 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Subversion
[2010/02/24 23:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Trusteer
[2011/02/08 20:32:08 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\Tasks\OHUN.job

========== Purity Check ==========



< End of report >

unluckyuser
2011-02-08, 23:33
Extras.txt
---------------------------------------------------------------
OTL Extras logfile created on: 08/02/2011 09:16:22 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\arturo\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 479.00 Mb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 204.48 Gb Free Space | 89.63% Space Free | Partition Type: NTFS
Drive E: | 298.08 Gb Total Space | 191.43 Gb Free Space | 64.22% Space Free | Partition Type: NTFS

Computer Name: PCART | User Name: arturo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4500:UDP" = 4500:UDP:LocalSubNet:Enabled:IPsec (IKE NAT-T)
"500:UDP" = 500:UDP:LocalSubNet:Enabled:IPsec (IKE)
"135:TCP" = 135:TCP:LocalSubNet:Enabled:RPC Endpoint Mapper and DCOM infrastructure

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
"C:\ProgramFiles\AppServ\Apache2\bin\Apache.exe" = C:\ProgramFiles\AppServ\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\ProgramFiles\Python26\pythonw.exe" = C:\ProgramFiles\Python26\pythonw.exe:*:Enabled:pythonw -- ()
"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe" = C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe:LocalSubNet:Enabled:Microsoft Visual Studio -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0C6F7EA4-D42E-4281-90E1-369D44FC761A}" = TortoiseSVN 1.6.8.19260 (32 bit)
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel(R) Quick Resume Technology Drivers
"{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}" = Intel® Viiv™
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B0DC84A9-06CB-420A-B8FF-6769EB5EDE95}" = 810plc32
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E58B329B-FB28-4874-90DE-0D7CB2709267}" = F-PROT Antivirus for Windows
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AppServ" = AppServ 2.4.9 (remove only)
"Audacity_is1" = Audacity 1.2.6
"Blender" = Blender (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.2.1
"GoldWave v5.58" = GoldWave v5.58
"GraphicsGale FreeEdition_is1" = GraphicsGale FreeEdition version 1.93.10
"ie8" = Windows Internet Explorer 8
"Intel® Quick Resume Technology" = Intel(R) Quick Resume Technology Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft DirectX SDK (August 2009)" = Microsoft DirectX SDK (August 2009)
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OALD7" = Oxford Advanced Learner's Dictionary - 7th edition
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealAlt_is1" = Real Alternative 2.0.2
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/08/2010 04:53:36 AM | Computer Name = PCART | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 21/08/2010 04:53:36 AM | Computer Name = PCART | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 22/08/2010 05:50:03 PM | Computer Name = PCART | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 22/08/2010 05:50:03 PM | Computer Name = PCART | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 25/08/2010 01:31:58 PM | Computer Name = PCART | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 25/08/2010 01:31:58 PM | Computer Name = PCART | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 26/08/2010 04:56:23 PM | Computer Name = PCART | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 26/08/2010 04:56:23 PM | Computer Name = PCART | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 28/08/2010 07:23:19 AM | Computer Name = PCART | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 28/08/2010 07:23:19 AM | Computer Name = PCART | Source = MSSecurityEssentials | ID = 5000
Description =

[ IntelDH Events ]
Error - 05/02/2011 12:17:34 PM | Computer Name = PCART | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 05/02/2011 01:16:29 PM | Computer Name = PCART | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 05/02/2011 04:33:59 PM | Computer Name = PCART | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 05/02/2011 08:45:38 PM | Computer Name = PCART | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 06/02/2011 05:50:19 AM | Computer Name = PCART | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 06/02/2011 10:22:22 AM | Computer Name = PCART | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 06/02/2011 10:31:47 AM | Computer Name = PCART | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 06/02/2011 02:30:59 PM | Computer Name = PCART | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 07/02/2011 03:03:58 PM | Computer Name = PCART | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 07/02/2011 04:35:53 PM | Computer Name = PCART | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

[ System Events ]
Error - 06/02/2011 02:32:18 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7001
Description = The Fax service depends on the Print Spooler service which failed
to start because of the following error: %%1058

Error - 06/02/2011 02:32:18 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7023
Description = The Intel® Quick Resume Technology Drivers service terminated with
the following error: %%203

Error - 06/02/2011 06:57:10 PM | Computer Name = PCART | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 0013721C30CB has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 07/02/2011 03:05:21 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7001
Description = The Fax service depends on the Print Spooler service which failed
to start because of the following error: %%1058

Error - 07/02/2011 03:05:21 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7023
Description = The Intel® Quick Resume Technology Drivers service terminated with
the following error: %%203

Error - 07/02/2011 04:37:16 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7001
Description = The Fax service depends on the Print Spooler service which failed
to start because of the following error: %%1058

Error - 07/02/2011 04:37:16 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7023
Description = The Intel® Quick Resume Technology Drivers service terminated with
the following error: %%203

Error - 07/02/2011 04:45:04 PM | Computer Name = PCART | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 0013721C30CB has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 08/02/2011 04:33:35 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7001
Description = The Fax service depends on the Print Spooler service which failed
to start because of the following error: %%1058

Error - 08/02/2011 04:33:35 PM | Computer Name = PCART | Source = Service Control Manager | ID = 7023
Description = The Intel® Quick Resume Technology Drivers service terminated with
the following error: %%203


< End of report >

ken545
2011-02-09, 00:52
Hi,

Looks like you have F-PROT Antivirus and AVG, more than one AV is overkill and will cause issues and hamper system performance, you need to uninstall one via Add Remove Programs in the Control Panel.

Not looking at anything bad on your log but if your experiencing redirects there may be a rootkit involved.



Scan With RootKitUnHooker


Please choose one link and download Rootkit Unhooker and save it to your desktop.
Link 1 (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE)
Link 2 (http://www.kernelmode.info/ARKs/RKUnhookerLE.zip)
Link 3 (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar)

Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.


Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

unluckyuser
2011-02-09, 02:35
Hello,
Thanks for the great support regardless it is late night! :bigthumb:

I usually have MS Security Essentials but because this virus don't allow it to start up I figured I install another antivirus. It was F-PROT. I downloaded AVG over the weekend but didn't installed it. Although I had it installed in the past. To be honest, I don't know what antivirus is better :(

I ran RootKitUnHooker as mentioned and at the end of the log, in the program, it said nothing was found :(

Here is the log:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3977216 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 84.40 )
0xF56D6000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3653632 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 84.40 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2146304 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2146304 bytes
0x804D7000 RAW 2146304 bytes
0x804D7000 WMIxWDM 2146304 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xEB5E9000 C:\WINDOWS\system32\drivers\ha20x2k.sys 1114112 bytes (Creative Technology Ltd, Creative 20X HAL (WDM))
0xF5411000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xEF8F9000 C:\WINDOWS\system32\drivers\sthda.sys 1015808 bytes (SigmaTel, Inc., NDRC)
0xB1EB0000 C:\WINDOWS\System32\Drivers\dump_iastor.sys 872448 bytes
0xF7260000 iastor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xF716E000 FStopW.sys 696320 bytes (FRISK Software International, FPAV - RealTime Protector)
0xF536A000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xEB4F9000 C:\WINDOWS\system32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xF70CA000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB77B7000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF559A000 C:\WINDOWS\system32\drivers\ctaud2k.sys 442368 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xF52B8000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xB78C4000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB0BF7000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB0C76000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF5510000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF5544000 C:\WINDOWS\system32\drivers\ctoss2k.sys 204800 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xF5311000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF73A3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEB5BC000 C:\WINDOWS\system32\drivers\emupia2k.sys 184320 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xF709D000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB0CDF000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF5671000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 176128 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xAD443000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB784F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB7826000 C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 167936 bytes (Trusteer Ltd., RapportPG)
0xB789C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEB595000 C:\WINDOWS\system32\drivers\ctsfm2k.sys 159744 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xB794F000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xF734D000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF569C000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 155648 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0)
0xF5629000 C:\WINDOWS\system32\DRIVERS\hcwPP2.sys 151552 bytes (Hauppauge Computer Works, Inc., WinTV PVR PCI II (v2) WDM Video Capture)
0xF5576000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5606000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF564E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB787A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB7573000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806E3000 ACPI_HAL 134272 bytes
0x806E3000 C:\WINDOWS\system32\hal.dll 134272 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7240000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7373000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7082000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7335000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB0D21000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7157000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5353000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB0D39000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB0D0B000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7218000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xB0162000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF56C2000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB791C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF722E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7392000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5342000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB2A73000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF75D2000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7602000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB289F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF5CCF000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7532000 RapportKELL.sys 57344 bytes (Trusteer Ltd., RapportKE)
0xF75F2000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7512000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7622000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF74F2000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7642000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF75E2000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF74E2000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7632000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF6744000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF6794000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7522000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF67D4000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7502000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF5C8F000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7612000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF75C2000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF74D2000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7652000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF5CAF000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xADEC5000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xAF92E000 C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys 36864 bytes (Wacom Technology, Wacom HID Mouse Monitor Filter Driver)
0xB2E94000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF782A000 C:\WINDOWS\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xF7832000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF6B14000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF6B0C000 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys 32768 bytes (Trusteer Ltd., RapportCerberus)
0xF787A000 C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xB2A13000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7842000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7752000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7822000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF6B2C000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF783A000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7862000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF786A000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF6B24000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF6B1C000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF775A000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7852000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF785A000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF784A000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF781A000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB2E2B000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF5298000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB32B0000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF79BE000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF79BA000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF0D22000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF78E2000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB2930000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF798E000 C:\WINDOWS\System32\DRIVERS\ELhid.sys 12288 bytes (Intel Corporation, -)
0xF0700000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF52B4000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF79C6000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7992000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF06F4000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF798A000 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 12288 bytes (Wacom Technology, Virtual Hid Device)
0xF6C94000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A22000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xB2FDE000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF79D6000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF610D000 C:\WINDOWS\System32\DRIVERS\ELkbd.sys 8192 bytes (Intel Corporation, -)
0xF610B000 C:\WINDOWS\System32\DRIVERS\ELmon.sys 8192 bytes (Intel Corporation, -)
0xF7A2C000 C:\WINDOWS\System32\DRIVERS\ELmou.sys 8192 bytes (Intel Corporation, -)
0xF6C96000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A14000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
0xF79D2000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF6C92000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF6C90000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A24000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79D8000 C:\WINDOWS\System32\Drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF79D4000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7B73000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BCC000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xB23FD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7B47000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A9A000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

ken545
2011-02-09, 03:00
Well just remember what I said about having one AV, some people think that more is better but with AV Software it's not. I really cant tell you which one to keep , what one finds another may not .

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

unluckyuser
2011-02-09, 23:24
Hi,
Thank you very much for your reply!


Well just remember what I said about having one AV, some people think that more is better but with AV Software it's not.

Understood. Thanks for the advise.

Turned off antivirus and firewall. Ran ComboFix and it went well.

Here goes ComboFix log:
--------------------------------------------------------------------
ComboFix 11-02-09.02 - arturo 09/02/2011 21:10:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.652 [GMT 0:00]
Running from: c:\documents and settings\arturo\Desktop\ComboFix.exe
AV: F-PROT Antivirus for Windows *Disabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

.
((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-02-08 21:01 . 2011-02-08 21:01 -------- d-----w- c:\documents and settings\arturo\Application Data\Malwarebytes
2011-02-08 21:01 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 21:01 . 2011-02-08 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-08 21:01 . 2011-02-08 21:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-08 21:01 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-06 14:16 . 2011-02-06 14:18 -------- d-----w- c:\program files\ERUNT
2011-02-06 00:48 . 2011-02-06 00:48 -------- d-----w- c:\documents and settings\arturo\Application Data\FRISK Software
2011-02-05 19:04 . 2011-02-02 17:10 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9D47610D-EE4C-4FDA-9B7A-1D982E73BB85}\mpengine.dll
2011-02-05 18:54 . 2010-09-22 12:46 700632 ----a-w- c:\windows\system32\drivers\FStopW.sys
2011-02-05 18:54 . 2011-02-05 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\FRISK Software
2011-02-05 18:54 . 2011-02-05 18:54 -------- d-----w- c:\program files\FRISK Software
2011-02-05 13:11 . 2011-02-05 13:11 -------- d-----w- c:\windows\Temp4973C556-1F66-C625-7459-435CB864CE47-Signatures
2011-02-05 13:11 . 2011-02-05 13:12 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-22 22:15 . 2011-01-22 22:15 -------- d-----w- c:\documents and settings\arturo\Local Settings\Application Data\Yahoo
2011-01-22 22:15 . 2011-01-22 22:15 -------- d-----w- c:\documents and settings\arturo\Application Data\Yahoo!
2011-01-22 22:04 . 2011-01-22 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-01-22 22:04 . 2011-01-22 22:04 -------- d-----w- c:\program files\Yahoo!
2011-01-21 19:36 . 2011-01-21 19:36 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcA.tmp
2011-01-18 20:02 . 2011-01-18 20:02 -------- d-----w- c:\program files\Safari
2011-01-18 20:00 . 2011-01-18 20:00 -------- d-----w- c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 17:11 . 2009-12-19 18:28 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-31 7561216]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-01 18944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2010-07-05 1674032]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-23 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\ProgramFiles\\AppServ\\Apache2\\bin\\Apache.exe"=
"c:\\ProgramFiles\\Python26\\pythonw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [05/02/2011 06:54 PM 700632]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 10:43 PM 59240]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 10:54 PM 34792]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 10:43 PM 169320]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [03/02/2010 11:06 PM 5010288]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [03/02/2010 11:06 PM 16168]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 10:43 PM 767208]
S4 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [03/11/2010 04:40 PM 83624]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [02/12/2006 06:17 AM 2805000]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Perapera-kun: Popup Japanese and Chinese Translator: peraperakun@gmail.com - %profile%\extensions\peraperakun@gmail.com
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 21:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\programfiles\AppServ\MySQL\bin\mysqld-nt --defaults-file=c:\progra~2\AppServ\MySQL\my.ini mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-02-09 21:17:21
ComboFix-quarantined-files.txt 2011-02-09 21:17

Pre-Run: 219,311,022,080 bytes free
Post-Run: 219,410,190,336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - EF10B99699AA7028DC07BA49B6287158

ken545
2011-02-10, 00:16
Nothing bad really removed and the rest of the log looks ok.

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

unluckyuser
2011-02-10, 02:54
Hello!

I noticed that MS Security Essential now works! The services are not stopped any more.

Anyway, ran ESET but it says nothing was found :(

Here's the log
-------------------------------------------------------------------
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=4712ff61550db34fa01ef26499d948ce
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-10 12:48:25
# local_time=2011-02-10 12:48:25 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3328 16777191 100 0 365135 365135 0 0
# compatibility_mode=5891 16776869 42 87 9391 9338081 0 0
# compatibility_mode=8192 67108863 100 0 3742 3742 0 0
# scanned=238221
# found=0
# cleaned=0
# scan_time=5286

ken545
2011-02-10, 02:59
Log looks ok. How are things running now ?

unluckyuser
2011-02-10, 03:06
Log looks ok. How are things running now ?

Now I'm trying search engines. So far no redirecting issues \o/

Do you think the PC is clean now? Or may the virus is just inactive for now? I will try on Firefox now.

unluckyuser
2011-02-10, 03:42
Something happened. I was searching for Red Acari and Wolf Spiders (I have a plague at home). Then I clicked on a link to Wolf Spider that looked safe to jump to. A message popped up from the browser (IE). It said

"Windows Security has found critial process activity on your system and will perform fast scan of system files"

Next thing, MS Security Essentials, from the system tray, popped up a message saying something has been detected and the system needs to be scanned. So I did so and MS SE's main windows threw the following results:

Exploit:Java/CVE-2009-3867.MZ (Removed)
Exploit:Java/CVE-2008-5353.RP (Removed)
TrojanDownloader:Java/OpenConnection.GT (Removed)
Trojan:Win32/Bamital.I (Removed)
Trojan:Win32/Bamital (Removed)

Do I need to update Java?

On the browser, I clicked ok on that pop-up and what seems to be a fake scan started. The url is krisenalex.no-ip.org/?id=06abQDYx I closed the tab.

So how come did I end up on that site? Was I redirected? If so, this time around was different as before.

ken545
2011-02-10, 11:37
Hi,

Lets update your Java, we where going to do that anyway when we were done.

Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



1. Click Start > Settings > Control Panel.
2. Double-click the Java Plug-in icon in the control panel.
3. Click the Cache tab.
4. Click Clear A confirmation dialog box appears.
5. Click Yes to confirm.
6. Click Apply.


Download the HostsXpert 4.3 - Hosts File Manager (http://www.funkytoad.com/download/HostsXpert.zip).

Unzip HostsXpert 4.2.0.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert
Click HostsXpert.exe to Run HostsXpert - Hosts File Manager from its new home
Click "Make Hosts Writable?" in the upper left corner.
Click Restore Microsoft's Hosts file and then click OK.
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.




Run OTL and post a new log please

unluckyuser
2011-02-11, 00:54
Hello!

Thank you very much for your continued support! :bigthumb:

I installed JRE as you said. However, something happened. At first I didn't see the Clear Cache option. Seems this version has a different panel layout. Anyway, I saw a View Cache button and clicked on it. MS Security Essentials fired up and say it detected two offensive items and removed them:

Exploit:Java/CVE-2010-0840.BB (Removed)
Exploit:Java/CVE-2010-0844.E (Removed)

I then found in Settings the option and cleared the cache

I ran OTL and here is the OTL.txt log (Although, not Extras.txt generated this time round?):
------------------------------------------------------------------
OTL logfile created on: 10/02/2011 10:36:24 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\arturo\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 534.00 Mb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 204.18 Gb Free Space | 89.50% Space Free | Partition Type: NTFS
Drive E: | 298.08 Gb Total Space | 191.43 Gb Free Space | 64.22% Space Free | Partition Type: NTFS

Computer Name: PCART | User Name: arturo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\arturo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTXFISPI.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\arturo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (FPAVServer) -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (mysql) -- C:\ProgramFiles\AppServ\MySQL\bin\mysqld-nt.exe ()
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (Apache2) -- C:\ProgramFiles\AppServ\Apache2\bin\Apache.exe (Apache Software Foundation)
SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (IAANTMon) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsl98606d00) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74DD153D-5F5F-4A2F-99D7-D728D0CE0F70}\MpKsl98606d00.sys (Microsoft Corporation)
DRV - (RapportCerberus_19917) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (FPAV_RTP) -- C:\WINDOWS\system32\DRIVERS\FStopW.sys (FRISK Software International)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (hcwPP2) -- C:\WINDOWS\system32\drivers\hcwPP2.sys (Hauppauge Computer Works, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: peraperakun@gmail.com:2.1.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/18 19:38:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/10 22:11:34 | 000,000,000 | ---D | M]

[2009/12/19 18:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Extensions
[2011/02/02 22:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions
[2010/04/27 20:58:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/19 22:03:37 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010/10/11 10:54:50 | 000,000,000 | ---D | M] (Perapera-kun: Popup Japanese and Chinese Translator) -- C:\Documents and Settings\arturo\Application Data\Mozilla\Firefox\Profiles\4q9fif3v.default\extensions\peraperakun@gmail.com
[2011/02/10 22:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/10 22:11:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011/02/10 22:11:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/01/18 19:38:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/01/18 19:38:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/01/18 19:38:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/01/18 19:38:24 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/02/10 22:26:40 | 000,000,698 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261257661937 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\arturo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\arturo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/10 22:25:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/10 22:24:56 | 000,000,000 | ---D | C] -- C:\HostsXpert
[2011/02/10 22:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/10 22:11:34 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/10 22:11:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/10 22:11:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/10 22:11:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/10 22:09:54 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\arturo\Desktop\jre-6u23-windows-i586.exe
[2011/02/10 22:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Desktop\JavaRa
[2011/02/09 21:17:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/02/09 21:09:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/09 21:06:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/09 21:06:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/09 21:06:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/09 21:06:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/09 21:06:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/09 21:01:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/08 21:13:11 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\arturo\Desktop\OTL.exe
[2011/02/08 21:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\Malwarebytes
[2011/02/08 21:01:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/08 21:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/08 21:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/08 21:01:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/08 21:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/08 21:00:49 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\arturo\Desktop\mbam-setup.exe
[2011/02/08 20:56:45 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\arturo\Desktop\ATF-Cleaner.exe
[2011/02/06 14:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/06 14:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/02/06 14:01:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\arturo\Desktop\erunt-setup.exe
[2011/02/06 13:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Desktop\erunt
[2011/02/06 00:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\FRISK Software
[2011/02/05 18:57:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/02/05 18:54:57 | 000,700,632 | ---- | C] (FRISK Software International) -- C:\WINDOWS\System32\drivers\FStopW.sys
[2011/02/05 18:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FRISK Software
[2011/02/05 18:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\FRISK Software
[2011/02/05 18:52:42 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/02/05 18:49:35 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_avct_stb_all_2011_1204_ppc2.exe
[2011/02/05 13:11:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp4973C556-1F66-C625-7459-435CB864CE47-Signatures
[2011/02/05 13:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/05 00:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Desktop\TMP
[2011/01/23 21:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Desktop\PointTaker
[2011/01/22 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Application Data\Yahoo!
[2011/01/22 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arturo\Local Settings\Application Data\Yahoo
[2011/01/22 22:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/01/22 22:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/01/18 20:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/01/18 20:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2006/06/21 20:45:36 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/10 22:36:44 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/02/10 22:26:40 | 000,000,698 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/10 22:24:35 | 000,353,485 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\HostsXpert.zip
[2011/02/10 22:11:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/10 22:11:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/10 22:11:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/10 22:11:14 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/10 22:11:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/10 22:09:55 | 016,561,952 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\arturo\Desktop\jre-6u23-windows-i586.exe
[2011/02/10 22:04:05 | 000,159,757 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\JavaRa.zip
[2011/02/10 22:01:21 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/02/10 21:57:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/10 21:57:43 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 02:44:05 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/02/10 02:44:05 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/02/10 02:44:05 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/02/10 02:44:05 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/10 02:44:05 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/10 01:51:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 21:09:33 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/02/09 20:55:11 | 004,266,117 | R--- | M] () -- C:\Documents and Settings\arturo\Desktop\ComboFix.exe
[2011/02/09 00:20:41 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\RKUnhookerLE.EXE
[2011/02/08 21:13:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\arturo\Desktop\OTL.exe
[2011/02/08 21:01:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/08 21:00:50 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\arturo\Desktop\mbam-setup.exe
[2011/02/08 20:56:46 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\arturo\Desktop\ATF-Cleaner.exe
[2011/02/06 14:38:50 | 000,005,213 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\Attach.zip
[2011/02/06 14:16:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\ERUNT.lnk
[2011/02/06 14:10:12 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\dds.com
[2011/02/06 14:09:41 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\dds.scr
[2011/02/06 14:01:04 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\arturo\Desktop\erunt-setup.exe
[2011/02/06 13:57:29 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\erunt.zip
[2011/02/05 20:47:39 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\F-PROT Antivirus for Windows.lnk
[2011/02/05 20:36:56 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/02/05 18:52:53 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/02/05 18:49:46 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\arturo\Desktop\avg_avct_stb_all_2011_1204_ppc2.exe
[2011/02/05 18:47:24 | 029,851,648 | ---- | M] () -- C:\Documents and Settings\arturo\Desktop\fpav-windows-x86-hc-en.msi
[2011/02/05 13:12:16 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/02/05 11:37:18 | 000,001,749 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/01/31 21:45:34 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\arturo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/22 22:04:39 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\arturo\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/10 22:24:33 | 000,353,485 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\HostsXpert.zip
[2011/02/10 22:04:03 | 000,159,757 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\JavaRa.zip
[2011/02/09 21:48:38 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/02/09 21:09:33 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/02/09 21:09:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/09 21:06:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/09 21:06:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/09 21:06:28 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/09 21:06:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/09 21:06:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/09 20:54:30 | 004,266,117 | R--- | C] () -- C:\Documents and Settings\arturo\Desktop\ComboFix.exe
[2011/02/09 00:20:30 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\RKUnhookerLE.EXE
[2011/02/08 21:01:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/06 14:38:50 | 000,005,213 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\Attach.zip
[2011/02/06 14:16:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\ERUNT.lnk
[2011/02/06 14:10:10 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\dds.com
[2011/02/06 14:09:38 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\dds.scr
[2011/02/06 13:57:27 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\erunt.zip
[2011/02/06 09:50:01 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/05 18:55:03 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\F-PROT Antivirus for Windows.lnk
[2011/02/05 18:55:03 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\F-PROT Antivirus for Windows.lnk
[2011/02/05 18:47:15 | 029,851,648 | ---- | C] () -- C:\Documents and Settings\arturo\Desktop\fpav-windows-x86-hc-en.msi
[2011/02/05 13:12:16 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/02/05 13:11:16 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/01/22 22:04:39 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\arturo\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/18 20:02:24 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/01/18 20:00:15 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2010/09/30 09:29:58 | 000,067,072 | RHS- | C] () -- C:\WINDOWS\System32\datao.dll
[2010/08/07 12:38:23 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2010/02/15 23:23:34 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\arturo\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2010/01/27 22:48:31 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2009/12/23 12:05:01 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\arturo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 23:09:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/12/18 22:53:47 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\arturo\Local Settings\Application Data\fusioncache.dat
[2007/05/04 06:32:30 | 002,035,712 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2007/05/04 06:32:30 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\sablot.dll
[2007/05/04 06:32:30 | 000,165,643 | ---- | C] () -- C:\WINDOWS\System32\libmhash.dll
[2007/05/04 06:32:30 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2007/05/04 06:32:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\mSQL.dll
[2007/02/20 08:29:50 | 000,039,912 | ---- | C] () -- C:\WINDOWS\php.ini
[2006/06/21 21:15:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 21:11:12 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/21 20:38:35 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/06/21 20:38:35 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/06/21 20:38:35 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/06/21 20:38:32 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2006/06/21 20:35:52 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/21 20:35:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/06/21 20:34:09 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/19 07:42:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\dlcgplc.ini
[2005/11/10 00:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/10 13:36:12 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll

========== LOP Check ==========

[2006/06/21 21:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/02/05 18:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FRISK Software
[2009/12/19 20:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010/02/24 23:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2006/06/21 21:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/19 19:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/23 20:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Amazon
[2010/01/24 12:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Blender Foundation
[2009/12/23 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Dev-Cpp
[2010/04/08 23:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\FileZilla
[2011/02/06 00:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\FRISK Software
[2011/01/09 22:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\GrabPro
[2010/10/05 11:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\gtk-2.0
[2010/09/16 11:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Notepad++
[2010/04/25 10:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\oald7
[2010/01/16 15:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\OpenOffice.org
[2011/02/05 17:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Orbit
[2011/01/09 22:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\ProgSense
[2009/12/19 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Subversion
[2010/02/24 23:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arturo\Application Data\Trusteer
[2011/02/10 22:36:44 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



< End of report >

ken545
2011-02-11, 01:01
Looking good :bigthumb:

How are things running now, any more redirects ?

unluckyuser
2011-02-11, 01:21
Hi ken545!

Thanks for the good news!

I've been navigating around looking for crystallized sweet potato recipe (because we have a birthday party this week end). Jumping onto sites without any redirecting. :bigthumb:

I will keep on using search engines and report issues if any.

Do you think the PC is now clean?

ken545
2011-02-11, 02:47
Well Happy Birthday to whoever it is your celebrating :birthday:

I think your good to go, but lets do this. Post back in a few days and let me know how things are running


Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)




Safe Surfn
Ken

unluckyuser
2011-02-12, 18:54
Hi ken545!


Well Happy Birthday to whoever it is your celebrating :birthday:


Thanks! It's my friend's girlfriend, Alexa. I will pass your congratulations on to her.


We have been using the PC and Internet without any redirecting issues. Because of that we managed to find a good crystallized sweet potato recipe. The making was a success! And food and drinks are ready. Just waiting for the first guests to show up :D

Anyway, back to topic. The PC runs even smoother now. I created a restored point as you recommended. And thanks a lot for the must read links!

:thanks:

Thank you very much for all your help and the good job on the step-by-step instructions. Every thing was so clear. Really appreciate the time you spent helping us out on this matter.

Cheers! :bigthumb:

ken545
2011-02-12, 22:30
Your very welcome,

Take care,
Ken :)

ken545
2011-02-17, 11:19
Since this issue appears resolved this thread will now be closed