Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: A virus? (Inactive)

  1. #1
    Member
    Join Date
    Jul 2008
    Posts
    48

    Default A virus? (Inactive)

    Oringinally I had posted here about a week ago, and with no replies, it was put in the archives. So I'm posting here again with some hope that someone may know what what's wrong, if anything is wrong, with my pc this time.

    My oringinal post can be found here: http://forums.spybot.info/showthread.php?t=55372

    This is my newest hjt log:

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 10:15:55 PM, on 2/20/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WPN111\wpn111.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-1202660629-412668190-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    --
    End of file - 3704 bytes


    To sum up what I experience is that some of my windows components will get an error and I'll have to restart them. This occurs about an hour or so after turning on my pc. Most of the time it's windows audio and windows installer.

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Please note that all instructions given are customised for this computer only,
    the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.


    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Failure to reply within 5 days will result in the topic being closed.
    5. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those few things, everything should go smoothly

    Some of the logs I request will be quite large, You may need to split them over a couple of replies.

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe

    ----------------------------------------------------------------------------------------


    There is no obvious sign of infection, but let's have a deeper look.


    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
      ( They can also be found in the C:\RSIT folder )
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  3. #3
    Member
    Join Date
    Jul 2008
    Posts
    48

    Default

    Hello katana and thank you for replying.

    I downloaded RSIT to my desktop, however when I click on the continue button on the disclaimer screen I get an "AutoIt Error saying Line -1: Error: Variable used without being declared." and after pressing the ok button it closes the program.

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Let's try a different tool ...



    OTScanIt

    1. Please download OTS.exe by OldTimer and save it to your desktop.
    2. Double click on OTS.exe to run it.
    3. Under Additional Scans section, put a check mark next to Reg - Uninstall List. ( you will need to scroll down)
    4. Click on the Run Scan button at the top left hand corner.
    5. OTS will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  5. #5
    Member
    Join Date
    Jul 2008
    Posts
    48

    Default

    Okay, that tool works fine.
    Here's the notepad file:

    Code:
    OTS logfile created on: 2/27/2010 5:44:12 PM - Run 1
    OTS by OldTimer - Version 3.1.22.3     Folder = C:\Documents and Settings\Cameron\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 596.12 Gb Total Space | 531.88 Gb Free Space | 89.22% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: NONE-09782A33D3
    Current User Name: Cameron
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    ots.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:43:03 | 000,632,832 | ---- | M] (OldTimer Tools)
    jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/11/05 22:52:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
    avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
    sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
    iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
    wpn111.exe -> C:\Program Files\NETGEAR\WPN111\WPN111.exe -> [2008/08/15 16:21:52 | 000,884,795 | ---- | M] (NETGEAR)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
     
    [Modules - Safe List]
    ots.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:43:03 | 000,632,832 | ---- | M] (OldTimer Tools)
     
    [Win32 Services - Safe List]
    (JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/11/05 22:52:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
    (AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
    (AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
     
    [Driver Services - Safe List]
    (avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2009/12/08 05:16:58 | 000,056,816 | ---- | M] (Avira GmbH)
    (Mkd2kfNt) Mkd2kfNt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -> [2009/10/13 01:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.)
    (AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.10.0 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\AegisP.sys -> [2009/09/02 15:06:06 | 000,021,275 | ---- | M] (Meetinghouse Data Communications)
    (Mkd2Nadr) Mkd2Nadr [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -> [2009/07/13 01:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.)
    (ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH)
    (avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH)
    (avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
    (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2008/09/02 17:08:28 | 004,812,288 | ---- | M] (Realtek Semiconductor Corp.)
    (WPN111) Wireless USB 2.0 Adapter with RangeMax Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\WPN111.sys -> [2008/04/18 11:28:10 | 000,384,608 | ---- | M] (Atheros Communications, Inc.)
    (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation)
    (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2008/04/13 22:09:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
    (ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\igxpmp32.sys -> [2007/04/16 21:16:26 | 005,760,096 | ---- | M] (Intel Corporation)
    (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\e1e5132.sys -> [2007/04/13 20:33:34 | 000,254,872 | ---- | M] (Intel Corporation)
    (RTL8187B) Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8187B.sys -> [2007/04/06 02:12:02 | 000,223,616 | ---- | M] (Realtek Semiconductor Corporation                           )
    (cercsr6) cercsr6 [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\drivers\cercsr6.sys -> [2004/12/13 14:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.)
    (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 03:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.)
    (DNINDIS5) DNINDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\DNINDIS5.sys -> [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
     
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{03402f96-3dc7-4285-bc50-9e81fefafe43}" [HKLM] -> Reg Error: Key error. [AIM Toolbar Search Class] -> File not found
    < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
    HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
    HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    < FireFox Extensions [User Folders] > -> 
    < HOSTS File > ([2009/09/13 15:16:08 | 000,329,883 | R--- | M] - 11344 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
    First 25 entries...
    Reset Hosts
    127.0.0.1       localhost
    127.0.0.1	www.007guard.com
    127.0.0.1	007guard.com
    127.0.0.1	008i.com
    127.0.0.1	www.008k.com
    127.0.0.1	008k.com
    127.0.0.1	www.00hq.com
    127.0.0.1	00hq.com
    127.0.0.1	010402.com
    127.0.0.1	www.032439.com
    127.0.0.1	032439.com
    127.0.0.1	www.0scan.com
    127.0.0.1	0scan.com
    127.0.0.1	1000gratisproben.com
    127.0.0.1	www.1000gratisproben.com
    127.0.0.1	1001namen.com
    127.0.0.1	www.1001namen.com
    127.0.0.1	www.100888290cs.com
    127.0.0.1	100888290cs.com
    127.0.0.1	100sexlinks.com
    127.0.0.1	www.100sexlinks.com
    127.0.0.1	www.10sek.com
    127.0.0.1	10sek.com
    127.0.0.1	www.1-2005-search.com
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/11/05 22:52:11 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/11/05 22:52:13 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    WebBrowser\\"{61539ECD-CC67-4437-A03C-9AACCBD14326}" [HKLM] -> Reg Error: Key error. [AIM Toolbar] -> File not found
    WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
    "QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2009/09/05 01:54:42 | 000,417,792 | ---- | M] (Apple Inc.)
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WPN111\WPN111.exe -> [2008/08/15 16:21:52 | 000,884,795 | ---- | M] (NETGEAR)
    < Cameron Startup Folder > -> C:\Documents and Settings\Cameron\Start Menu\Programs\Startup -> 
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"HonorAutoRunSetting" ->  [1] -> File not found
    \\"NoDriveAutoRun" ->  [67108863] -> File not found
    \\"NoDriveTypeAutoRun" ->  [323] -> File not found
    \\"NoDrives" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [323] -> File not found
    \\"NoDriveAutoRun" ->  [67108863] -> File not found
    \\"NoDrives" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] ->  [Reg Error: Key error.] -> File not found
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5868 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5867 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
    {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 192.168.1.1 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {6CA900EA-66E2-4B3E-B894-AECECA03E558}\\DhcpNameServer -> 192.168.1.1   (NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111) -> 
    {CEA55DA3-6406-46AA-863D-8C9E160023C1}\\DhcpNameServer -> 192.168.1.2   (Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter) -> 
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
    igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2007/04/16 19:50:30 | 000,204,800 | ---- | M] (Intel Corporation)
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    "C:\Program Files\AIM\aim.exe" -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AIM] -> [2009/10/01 13:20:57 | 003,634,024 | ---- | M] (AOL LLC)
    "C:\Program Files\Curse\CurseClient.exe" -> C:\Program Files\Curse\CurseClient.exe [C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client] -> [2009/06/08 07:51:36 | 001,934,336 | ---- | M] ()
    "C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2009/11/05 22:52:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
    "C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2009/12/17 01:24:45 | 000,289,584 | ---- | M] (BitTorrent, Inc.)
    "C:\Program Files\World of Warcraft\BackgroundDownloader.exe" -> C:\Program Files\World of Warcraft\BackgroundDownloader.exe [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> [2009/11/14 05:15:44 | 002,335,304 | ---- | M] (Blizzard Entertainment)
    "C:\Program Files\World of Warcraft\Launcher.exe" -> C:\Program Files\World of Warcraft\Launcher.exe [C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher] -> [2009/11/14 05:15:45 | 004,895,608 | ---- | M] (Blizzard Entertainment)
    "C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/02 17:33:17 | 002,067,232 | ---- | M] (Blizzard Entertainment)
    "C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/23 05:05:50 | 002,069,792 | ---- | M] (Blizzard Entertainment)
    "C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/02 16:51:33 | 002,167,496 | ---- | M] (Blizzard Entertainment)
    "C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/25 16:31:32 | 002,067,232 | ---- | M] (Blizzard Entertainment)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > ->  -> 
    C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/09/01 12:37:12 | 000,000,000 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
     
    [Registry - Additional Scans - Safe List]
    < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
    {0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A} -> HiJackThis
    {0C34B801-6AEC-4667-B053-03A67E2D0415} -> Apple Application Support
    {26A24AE4-039D-4CA4-87B4-2F83216017FF} -> Java(TM) 6 Update 17
    {350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
    {3921A67A-5AB1-4E48-9444-C71814CF3027} -> VCRedistSetup
    {42929F0F-CE14-47AF-9FC7-FF297A603021} -> Dell Resource CD
    {56C049BE-79E9-4502-BEA7-9754A3E60F9B} -> neroxml
    {582E9125-32B6-4CBA-AB48-3E33CE3DB389} -> NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
    {6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
    {7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
    {777CA40C-0206-4EF6-A0FC-618BF06BF8D0} -> Intel(R) PRO Network Connections 12.1.12.0
    {9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    {A1288842-D600-453F-B61F-6C2AA3D6A528} -> Ragnarok Online
    {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
    {A429C2AE-EBF1-4F81-A221-1C115CAADDAD} -> QuickTime
    {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
    {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
    {C4124E95-5061-4776-8D5D-E3D931C778E1} -> Microsoft VC9 runtime libraries
    {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
    {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
    {D642E38E-0D24-486C-9A2D-E316DD696F4B} -> Microsoft XML Parser
    {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
    Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
    AhnLab Online Security -> AhnLab Online Security
    AIM_7 -> AIM 7
    Avira AntiVir Desktop -> Avira AntiVir Personal - Free Antivirus
    ffdshow -> ffdshow (remove only)
    HDMI -> Intel(R) Graphics Media Accelerator Driver
    HijackThis -> HijackThis 2.0.2
    ie8 -> Windows Internet Explorer 8
    Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
    Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
    MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
    PSP Action Replay_is1 -> PSP Action Replay
    Raganrok Renewal -> Ragnarok Renewal
    Ragnarok Online -> Ragnarok Online
    RegCure -> RegCure
    uTorrent -> µTorrent
    Windows Media Format Runtime -> Windows Media Format 11 runtime
    Windows Media Player -> Windows Media Player 11
    Windows XP Service Pack -> Windows XP Service Pack 3
    WinRAR archiver -> WinRAR archiver
    WMFDist11 -> Windows Media Format 11 runtime
    wmp11 -> Windows Media Player 11
    World of Warcraft -> World of Warcraft
    Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
    < Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
     
    [Files/Folders - Created Within 30 Days]
     OTS.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:42:59 | 000,632,832 | ---- | C] (OldTimer Tools)
     rsit -> C:\rsit -> [2010/02/27 08:14:50 | 000,000,000 | ---D | C]
     Veoh Networks -> C:\Program Files\Veoh Networks -> [2010/02/17 02:28:10 | 000,000,000 | ---D | C]
     Sun -> C:\Documents and Settings\NetworkService\Application Data\Sun -> [2010/02/14 11:28:31 | 000,000,000 | ---D | M]
     Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2010/02/13 20:55:16 | 000,000,000 | ---D | M]
     Apple Computer -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer -> [2010/02/13 20:54:56 | 000,000,000 | ---D | M]
     Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2010/02/13 10:54:51 | 000,000,000 | ---D | M]
     Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2010/02/13 10:54:51 | 000,000,000 | ---D | M]
     ComboFix -> C:\ComboFix -> [2010/02/12 02:48:09 | 000,000,000 | --SD | C]
     TrendMicro -> C:\Program Files\TrendMicro -> [2010/02/08 23:24:29 | 000,000,000 | ---D | C]
     AhnLab -> C:\Program Files\AhnLab -> [2010/02/08 15:56:02 | 000,000,000 | ---D | C]
     Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/11/13 07:26:51 | 000,000,000 | ---D | M]
     Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/11/13 07:26:50 | 000,000,000 | ---D | M]
     Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2009/10/16 18:28:00 | 000,000,000 | ---D | M]
     Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/09/04 02:43:50 | 000,000,000 | --SD | M]
     Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/09/01 12:39:06 | 000,000,000 | ---D | M]
     Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/09/01 12:37:10 | 000,000,000 | --SD | M]
     6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
     1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
     
    [Files/Folders - Modified Within 30 Days]
     OTS.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:43:03 | 000,632,832 | ---- | M] (OldTimer Tools)
     RegCure Startup.job -> C:\WINDOWS\tasks\RegCure Startup.job -> [2010/02/27 17:41:10 | 000,000,382 | ---- | M] ()
     RegCure Program Check.job -> C:\WINDOWS\tasks\RegCure Program Check.job -> [2010/02/27 17:00:00 | 000,000,394 | ---- | M] ()
     ntuser.dat -> C:\Documents and Settings\Cameron\ntuser.dat -> [2010/02/27 09:57:09 | 006,553,600 | -H-- | M] ()
     ntuser.ini -> C:\Documents and Settings\Cameron\ntuser.ini -> [2010/02/27 09:57:09 | 000,000,178 | -HS- | M] ()
     IconCache.db -> C:\Documents and Settings\Cameron\Local Settings\Application Data\IconCache.db -> [2010/02/27 09:57:03 | 002,107,238 | -H-- | M] ()
     World of Warcraft.lnk -> C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk -> [2010/02/27 08:52:42 | 000,000,799 | ---- | M] ()
     DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Cameron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/02/27 07:46:09 | 000,248,832 | ---- | M] ()
     SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/02/26 10:45:07 | 000,000,006 | -H-- | M] ()
     bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/02/26 10:45:05 | 000,002,048 | --S- | M] ()
     RegCure.job -> C:\WINDOWS\tasks\RegCure.job -> [2010/02/25 03:48:50 | 000,000,376 | ---- | M] ()
     HiJackThis.lnk -> C:\Documents and Settings\Cameron\Desktop\HiJackThis.lnk -> [2010/02/20 22:15:44 | 000,002,445 | ---- | M] ()
     AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/02/19 18:28:00 | 000,000,284 | ---- | M] ()
     d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/02/13 20:54:58 | 000,000,664 | ---- | M] ()
     wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/02/08 15:57:12 | 000,002,206 | ---- | M] ()
     GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Cameron\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/02/05 23:31:59 | 000,013,104 | ---- | M] ()
     6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
     37 C:\Documents and Settings\Cameron\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Cameron\Local Settings\temp\*.tmp -> 
     10 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
     1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
     
    [Files - No Company Name]
     d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/02/13 20:54:58 | 000,000,664 | ---- | C] ()
     Irremote.ini -> C:\WINDOWS\Irremote.ini -> [2009/09/14 06:01:21 | 000,000,000 | ---- | C] ()
     NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/09/04 04:40:55 | 000,000,069 | ---- | C] ()
     libeay32.dll -> C:\WINDOWS\System32\libeay32.dll -> [2009/09/02 15:06:05 | 000,651,264 | ---- | C] ()
     ssleay32.dll -> C:\WINDOWS\System32\ssleay32.dll -> [2009/09/02 15:06:05 | 000,147,456 | ---- | C] ()
     igfxCoIn_v4820.dll -> C:\WINDOWS\System32\igfxCoIn_v4820.dll -> [2009/09/01 12:45:56 | 000,204,800 | ---- | C] ()
     GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
     GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
     GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
     GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
    < End of report >

  6. #6
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Information

    REMOVE P2P PROGRAMS

    IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    µTorrent

    Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
    The bad guys use P2P filesharing as a major conduit to spread their wares.

    Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

    ----------------------------------------------------------------------------------------
    Registry Cleaners + "Tweak" Tools

    Re. RegCure

    I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools

    They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
    Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though
    Stopping services and setting policies can speed up your machine ..... as long as you stop and set the right ones, and even then it's debatable if you will notice the improvement.

    Remove the wrong registry entry, or stop the wrong service, and not only can you slow your machine .... you could kill it !

    To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing and what else the changes may affect.
    In short, if you know how to use them safely ----- you don't actually need them.

    discussion on regcleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html
    And for more good information see what Miekiemoes has to say >> http://miekiemoes.blogspot.com/2008/...eaking_13.html
    ----------------------------------------------------------------------------------------
    Step 1

    Malwarebytes' Anti-Malware
    I notice that you have MBAM installed, please do the following

    • Start MalwareBytes AntiMalware
      • Update Malwarebytes' Anti-Malware
      • Select the Update tab
      • Click Update
    • When the update is complete, select the Scanner tab
    • Select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


    ----------------------------------------------------------------------------------------
    Step 2

    Open OTScanIt. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > ->
    YN -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{03402f96-3dc7-4285-bc50-9e81fefafe43}" [HKLM] -> Reg Error: Key error. [AIM Toolbar Search Class]
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> WebBrowser\\"{61539ECD-CC67-4437-A03C-9AACCBD14326}" [HKLM] -> Reg Error: Key error. [AIM Toolbar]
    YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    YY -> "C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent]
    [Files/Folders - Created Within 30 Days]
    NY -> 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    [Files/Folders - Modified Within 30 Days]
    NY -> 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    NY -> 37 C:\Documents and Settings\Cameron\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Cameron\Local Settings\temp\*.tmp
    NY -> 10 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
    NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    [Empty Temp Folders]
    The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.
    Warning: This fix is for this user only. DO NOT duplicate this fix or you risk damaging your own system
    ----------------------------------------------------------------------------------------
    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    Some of the logs I request will be quite large, You may need to split them over a couple of replies.
    • Malwarebytes Log
    • OTS Log
    • I see that you have run Combofix, do you still have the log ?
    • How are things running now ?
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  7. #7
    Member
    Join Date
    Jul 2008
    Posts
    48

    Default

    OST Log:
    Code:
    OTS logfile created on: 2/28/2010 2:20:27 PM - Run 2
    OTS by OldTimer - Version 3.1.22.3     Folder = C:\Documents and Settings\Cameron\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
    7.00 Gb Paging File | 7.00 Gb Available in Paging File | 95.00% Paging File free
    Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 596.12 Gb Total Space | 534.82 Gb Free Space | 89.72% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: NONE-09782A33D3
    Current User Name: Cameron
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    ots.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:43:03 | 000,632,832 | ---- | M] (OldTimer Tools)
    jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/11/05 22:52:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
    avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
    sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
    iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
    wpn111.exe -> C:\Program Files\NETGEAR\WPN111\WPN111.exe -> [2008/08/15 16:21:52 | 000,884,795 | ---- | M] (NETGEAR)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
     
    [Modules - Safe List]
    ots.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:43:03 | 000,632,832 | ---- | M] (OldTimer Tools)
     
    [Win32 Services - Safe List]
    (JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/11/05 22:52:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
    (AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
    (AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
     
    [Driver Services - Safe List]
    (avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2009/12/08 05:16:58 | 000,056,816 | ---- | M] (Avira GmbH)
    (Mkd2kfNt) Mkd2kfNt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -> [2009/10/13 01:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.)
    (AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.10.0 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\AegisP.sys -> [2009/09/02 15:06:06 | 000,021,275 | ---- | M] (Meetinghouse Data Communications)
    (Mkd2Nadr) Mkd2Nadr [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -> [2009/07/13 01:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.)
    (ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH)
    (avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH)
    (avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
    (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2008/09/02 17:08:28 | 004,812,288 | ---- | M] (Realtek Semiconductor Corp.)
    (WPN111) Wireless USB 2.0 Adapter with RangeMax Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\WPN111.sys -> [2008/04/18 11:28:10 | 000,384,608 | ---- | M] (Atheros Communications, Inc.)
    (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation)
    (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2008/04/13 22:09:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
    (ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\igxpmp32.sys -> [2007/04/16 21:16:26 | 005,760,096 | ---- | M] (Intel Corporation)
    (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\e1e5132.sys -> [2007/04/13 20:33:34 | 000,254,872 | ---- | M] (Intel Corporation)
    (RTL8187B) Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8187B.sys -> [2007/04/06 02:12:02 | 000,223,616 | ---- | M] (Realtek Semiconductor Corporation                           )
    (cercsr6) cercsr6 [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\drivers\cercsr6.sys -> [2004/12/13 14:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.)
    (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 03:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.)
    (DNINDIS5) DNINDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\DNINDIS5.sys -> [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
     
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
    HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
    HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    < FireFox Extensions [User Folders] > -> 
    < HOSTS File > ([2009/09/13 15:16:08 | 000,329,883 | R--- | M] - 11344 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
    First 25 entries...
    Reset Hosts
    127.0.0.1       localhost
    127.0.0.1	www.007guard.com
    127.0.0.1	007guard.com
    127.0.0.1	008i.com
    127.0.0.1	www.008k.com
    127.0.0.1	008k.com
    127.0.0.1	www.00hq.com
    127.0.0.1	00hq.com
    127.0.0.1	010402.com
    127.0.0.1	www.032439.com
    127.0.0.1	032439.com
    127.0.0.1	www.0scan.com
    127.0.0.1	0scan.com
    127.0.0.1	1000gratisproben.com
    127.0.0.1	www.1000gratisproben.com
    127.0.0.1	1001namen.com
    127.0.0.1	www.1001namen.com
    127.0.0.1	www.100888290cs.com
    127.0.0.1	100888290cs.com
    127.0.0.1	100sexlinks.com
    127.0.0.1	www.100sexlinks.com
    127.0.0.1	www.10sek.com
    127.0.0.1	10sek.com
    127.0.0.1	www.1-2005-search.com
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/11/05 22:52:11 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/11/05 22:52:13 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
    "QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2009/09/05 01:54:42 | 000,417,792 | ---- | M] (Apple Inc.)
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WPN111\WPN111.exe -> [2008/08/15 16:21:52 | 000,884,795 | ---- | M] (NETGEAR)
    < Cameron Startup Folder > -> C:\Documents and Settings\Cameron\Start Menu\Programs\Startup -> 
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"HonorAutoRunSetting" ->  [1] -> File not found
    \\"NoDriveAutoRun" ->  [67108863] -> File not found
    \\"NoDriveTypeAutoRun" ->  [323] -> File not found
    \\"NoDrives" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [323] -> File not found
    \\"NoDriveAutoRun" ->  [67108863] -> File not found
    \\"NoDrives" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] ->  [Reg Error: Key error.] -> File not found
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5868 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5867 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
    {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 192.168.1.1 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {6CA900EA-66E2-4B3E-B894-AECECA03E558}\\DhcpNameServer -> 192.168.1.1   (NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111) -> 
    {CEA55DA3-6406-46AA-863D-8C9E160023C1}\\DhcpNameServer -> 192.168.1.2   (Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter) -> 
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
    igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2007/04/16 19:50:30 | 000,204,800 | ---- | M] (Intel Corporation)
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    "C:\Program Files\AIM\aim.exe" -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AIM] -> [2009/10/01 13:20:57 | 003,634,024 | ---- | M] (AOL LLC)
    "C:\Program Files\Curse\CurseClient.exe" -> C:\Program Files\Curse\CurseClient.exe [C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client] -> [2009/06/08 07:51:36 | 001,934,336 | ---- | M] ()
    "C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2009/11/05 22:52:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
    "C:\Program Files\World of Warcraft\BackgroundDownloader.exe" -> C:\Program Files\World of Warcraft\BackgroundDownloader.exe [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> [2009/11/14 05:15:44 | 002,335,304 | ---- | M] (Blizzard Entertainment)
    "C:\Program Files\World of Warcraft\Launcher.exe" -> C:\Program Files\World of Warcraft\Launcher.exe [C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher] -> [2009/11/14 05:15:45 | 004,895,608 | ---- | M] (Blizzard Entertainment)
    "C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/02 17:33:17 | 002,067,232 | ---- | M] (Blizzard Entertainment)
    "C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/23 05:05:50 | 002,069,792 | ---- | M] (Blizzard Entertainment)
    "C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/02 16:51:33 | 002,167,496 | ---- | M] (Blizzard Entertainment)
    "C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/09/25 16:31:32 | 002,067,232 | ---- | M] (Blizzard Entertainment)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > ->  -> 
    C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/09/01 12:37:12 | 000,000,000 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
     
     
    [Files/Folders - Created Within 30 Days]
     ComboFix -> C:\ComboFix -> [2010/02/28 14:20:14 | 000,000,000 | --SD | C]
     _OTS -> C:\_OTS -> [2010/02/28 14:11:50 | 000,000,000 | ---D | C]
     OTS.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:42:59 | 000,632,832 | ---- | C] (OldTimer Tools)
     rsit -> C:\rsit -> [2010/02/27 08:14:50 | 000,000,000 | ---D | C]
     Veoh Networks -> C:\Program Files\Veoh Networks -> [2010/02/17 02:28:10 | 000,000,000 | ---D | C]
     Sun -> C:\Documents and Settings\NetworkService\Application Data\Sun -> [2010/02/14 11:28:31 | 000,000,000 | ---D | M]
     Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2010/02/13 20:55:16 | 000,000,000 | ---D | M]
     Apple Computer -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer -> [2010/02/13 20:54:56 | 000,000,000 | ---D | M]
     Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2010/02/13 10:54:51 | 000,000,000 | ---D | M]
     Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2010/02/13 10:54:51 | 000,000,000 | ---D | M]
     TrendMicro -> C:\Program Files\TrendMicro -> [2010/02/08 23:24:29 | 000,000,000 | ---D | C]
     AhnLab -> C:\Program Files\AhnLab -> [2010/02/08 15:56:02 | 000,000,000 | ---D | C]
     Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/11/13 07:26:51 | 000,000,000 | ---D | M]
     Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/11/13 07:26:50 | 000,000,000 | ---D | M]
     Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2009/10/16 18:28:00 | 000,000,000 | ---D | M]
     Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/09/04 02:43:50 | 000,000,000 | --SD | M]
     Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/09/01 12:39:06 | 000,000,000 | ---D | M]
     Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/09/01 12:37:10 | 000,000,000 | --SD | M]
     
    [Files/Folders - Modified Within 30 Days]
     SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/02/28 14:17:26 | 000,000,006 | -H-- | M] ()
     bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/02/28 14:17:25 | 000,002,048 | --S- | M] ()
     ntuser.dat -> C:\Documents and Settings\Cameron\ntuser.dat -> [2010/02/28 14:16:43 | 006,553,600 | -H-- | M] ()
     ntuser.ini -> C:\Documents and Settings\Cameron\ntuser.ini -> [2010/02/28 14:16:40 | 000,000,178 | -HS- | M] ()
     IconCache.db -> C:\Documents and Settings\Cameron\Local Settings\Application Data\IconCache.db -> [2010/02/28 01:45:25 | 001,578,754 | -H-- | M] ()
     OTS.exe -> C:\Documents and Settings\Cameron\Desktop\OTS.exe -> [2010/02/27 17:43:03 | 000,632,832 | ---- | M] (OldTimer Tools)
     World of Warcraft.lnk -> C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk -> [2010/02/27 08:52:42 | 000,000,799 | ---- | M] ()
     DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Cameron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/02/27 07:46:09 | 000,248,832 | ---- | M] ()
     HiJackThis.lnk -> C:\Documents and Settings\Cameron\Desktop\HiJackThis.lnk -> [2010/02/20 22:15:44 | 000,002,445 | ---- | M] ()
     AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/02/19 18:28:00 | 000,000,284 | ---- | M] ()
     d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/02/13 20:54:58 | 000,000,664 | ---- | M] ()
     wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/02/08 15:57:12 | 000,002,206 | ---- | M] ()
     GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Cameron\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/02/05 23:31:59 | 000,013,104 | ---- | M] ()
     
    [Files - No Company Name]
     d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/02/13 20:54:58 | 000,000,664 | ---- | C] ()
     Irremote.ini -> C:\WINDOWS\Irremote.ini -> [2009/09/14 06:01:21 | 000,000,000 | ---- | C] ()
     NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/09/04 04:40:55 | 000,000,069 | ---- | C] ()
     libeay32.dll -> C:\WINDOWS\System32\libeay32.dll -> [2009/09/02 15:06:05 | 000,651,264 | ---- | C] ()
     ssleay32.dll -> C:\WINDOWS\System32\ssleay32.dll -> [2009/09/02 15:06:05 | 000,147,456 | ---- | C] ()
     igfxCoIn_v4820.dll -> C:\WINDOWS\System32\igfxCoIn_v4820.dll -> [2009/09/01 12:45:56 | 000,204,800 | ---- | C] ()
     GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
     GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
     GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
     GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
    < End of report >

    MBAM Log:

    Malwarebytes' Anti-Malware 1.44
    Database version: 3808
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/28/2010 2:09:54 PM
    mbam-log-2010-02-28 (14-09-54).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 195656
    Time elapsed: 31 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    No, I don't have a ComboFix log file. I kept that program from a previous infection just in case, but I really don't know how to use it.

    I'm rarely on this pc due to work so I won't know how well it's running until later in the week. So I'll have to wait and see later on.

  8. #8
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    There's no sign of infection, but let's have one last scan to make sure.

    Active Scan
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
    Please go to this site Link >> ActiveScan << LINK
    • Click the Scan Now button
    • Follow the prompts to install the Active X if necessary
    • Go and make a cup of tea/coffee/beverage of your choice and watch some TV
    • When the scan is finished, a report will be generated
    • Next to Scan Details click the small export to notepad button and save the report to your desktop.
    • Please post the report in your reply.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  9. #9
    Member
    Join Date
    Jul 2008
    Posts
    48

    Default

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2010-03-01 04:14:08
    PROTECTIONS: 1
    MALWARE: 25
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    AntiVir Desktop 9.0.1.32 Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@trafficmp[1].txt
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@trafficmp[3].txt
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@trafficmp[2].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@247realmedia[2].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@247realmedia[1].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@tribalfusion[1].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@tribalfusion[1].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@7search[2].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@com[1].txt
    00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@yadro[2].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@azjmp[1].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@toplist[2].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@toplist[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@ad.yieldmanager[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\networkservice\cookies\system@ad.yieldmanager[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@ad.yieldmanager[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\cookies\system@ad.yieldmanager[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\networkservice\cookies\system@ad.yieldmanager[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@ad.yieldmanager[3].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\networkservice\cookies\system@ad.yieldmanager[3].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\networkservice\cookies\system@ad.yieldmanager[4].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@ad.yieldmanager[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@ad.yieldmanager[4].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@serving-sys[1].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@serving-sys[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@serving-sys[4].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@serving-sys[3].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@bs.serving-sys[1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@bs.serving-sys[2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@bs.serving-sys[1].txt
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@www.burstbeacon[1].txt
    00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@server.iad.liveperson[2].txt
    00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@server.iad.liveperson[1].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@ads.pointroll[2].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@ads.pointroll[2].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@overture[2].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@overture[1].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@realmedia[1].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@realmedia[1].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@questionmarket[1].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@questionmarket[3].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@questionmarket[1].txt
    00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@xxxcounter[1].txt
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@adultfriendfinder[2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@go[2].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@target[1].txt
    00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@ads.addynamix[2].txt
    00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@ads.addynamix[1].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@citi.bridgetrack[1].txt
    00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No c:\documents and settings\ellen\cookies\ellen@registrydefender[2].txt
    00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No c:\documents and settings\cameron\cookies\cameron@registrydefender[1].txt
    01048936 Generic Malware Virus/Trojan No 0 Yes No c:\program files\gamespy arcade\services\_common\portraitloader.dll
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    217842 HIGH MS10-015
    217839 HIGH MS10-012
    217838 HIGH MS10-011
    217834 HIGH MS10-008
    217833 HIGH MS10-007
    217832 HIGH MS10-006
    217831 HIGH MS10-005
    ;===================================================================================================================================================================================

  10. #10
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Apart from some cookies, and a gamespy arcade file which is safe enough if you use the software your log looks good


    Congratulations your logs look clean

    Let's see if I can help you keep it that way

    First lets tidy up



    Uninstall OTScanIt (OTS.exe)
    • Open OTScanIt Click Cleanup,
    • When a box pops up click YES.



    You can also delete any logs we have produced and any other tools we have downloaded.

    ----------------------------------------------------------- -----------------------------------------------------------

    The following is some info to help you stay safe and clean.


    You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
    ( Vista users must ensure that any programs are Vista compatible BEFORE installing )

    Online Scanners
    I would recommend a scan at one or more of the following sites at least once a month.

    http://www.pandasecurity.com/activescan
    http://www.kaspersky.com/kos/eng/par...avwebscan.html

    !!! Make sure that all your programs are updated !!!
    Secunia Software Inspector does all the work for you, .... see HERE for details

    AntiSpyware
    • AntiSpyware is not the same thing as Antivirus.
      Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
      You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
      Most of the programs in this list have a free (for Home Users ) and paid versions,
      it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
    • Spybot - Search & Destroy <<< A must have program
      • It includes host protection and registry protection
      • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    • MalwareBytes Anti-malware <<< A New and effective program
    • a-squared Free <<< A good "realtime" or "on demand" scanner
    • superantispyware <<< A good "realtime" or "on demand" scanner


    Prevention
    • These programs don't detect malware, they help stop it getting on your machine in the first place.
      Each does a different job, so you can have more than one
    • Winpatrol
      • An excellent startup manager and then some !!
      • Notifies you if programs are added to startup
      • Allows delayed startup
      • A must have addition
    • SpywareBlaster 4.0
      • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    • SpywareGuard 2.2
      • SpywareGuard provides real-time protection against spyware.
      • Not required if you have other "realtime" antispyware or Winpatrol
    • ZonedOut
      • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
    • MVPS HOSTS
      • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
      • For information on how to download and install, please read this tutorial by WinHelp2002.
      • Not required if you are using other host file protections


    Internet Browsers
    • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
      Using a different web browser can help stop malware getting on your machine.
      • Make your Internet Explorer more secure - This can be done by following these simple instructions:
        1. From within Internet Explorer click on the Tools menu and then click on Options.
        2. Click once on the Security tab
        3. Click once on the Internet icon so it becomes highlighted.
        4. Click once on the Custom Level button.
          • Change the Download signed ActiveX controls to Prompt
          • Change the Download unsigned ActiveX controls to Disable
          • Change the Initialise and script ActiveX controls not marked as safe to Disable
          • Change the Installation of desktop items to Prompt
          • Change the Launching programs and files in an IFRAME to Prompt
          • Change the Navigate sub-frames across different domains to Prompt
          • When all these settings have been made, click on the OK button.
          • If it prompts you as to whether or not you want to save the settings, press the Yes button.
        5. Next press the Apply button and then the OK to exit the Internet Properties page.

      If you are still using IE6 then either update, or get one of the following.
      • FireFox
        • With many addons available that make customization easy this is a very popular choice
        • NoScript and AdBlockPlus addons are essential
      • Opera
        • Another popular alternative
      • Netscape
        • Another popular alternative
        • Also has Addons available


    Cleaning Temporary Internet Files and Tracking Cookies
    • Temporary Internet Files are mainly the files that are downloaded when you open a web page.
      Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
      It is a good idea to empty the Temporary Internet Files folder on a regular basis.

      Tracking Cookies are files that websites use to monitor which sites you visit and how often.
      A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
      CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

      Both of these can be cleaned manually, but a quicker option is to use a program
    • ATF Cleaner
      • Free and very simple to use
    • CCleaner
      • Free and very flexible, you can chose which cookies to keep


    Also PLEASE read this article.....So How Did I Get Infected In The First Place

    The last and most important thing I can tell you is UPDATE.
    If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
    Malware changes on a day to day basis. You should update every week at the very least.

    If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


    If you could post back one more time to let me know everything is OK, then I can have this thread archived.

    Happy surfing K'
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •