computer extremely slow and full of trojans

Status
Not open for further replies.
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.14.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Home :: FAMILYPC-0F08F1 [administrator]

14/08/2012 17:21:04
mbam-log-2012-08-14 (17-21-04).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246949
Time elapsed: 2 hour(s), 41 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: b4edf610b03bfba29960106d8a56aee3 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Home\Local Settings\Temp\softonic_ssk_conduit.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Documents and Settings\Home\My Documents\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Information\ib_uninst_383\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Information\ib_uninst_567\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Information\ib_uninst_569\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

(end)
 
# AdwCleaner v2.005 - Logfile created 10/30/2012 at 22:47:40
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Home - FAMILYPC-0F08F1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Home\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\searchplugins\Conduit.xml
Folder Deleted : C:\DOCUME~1\Home\LOCALS~1\Temp\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Home\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\bProtector
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227982
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982 --> hxxp://www.google.com
Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]

-\\ Mozilla Firefox v16.0.2 (en-GB)

Profile name : default
File : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\prefs.js

Deleted : user_pref("CT3227982..clientLogIsEnabled", false);
Deleted : user_pref("CT3227982..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3227982..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3227982.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3227982.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3227982.BrowserCompStateIsOpen_9221552460232570768", true);
Deleted : user_pref("CT3227982.CTID", "CT3227982");
Deleted : user_pref("CT3227982.CurrentServerDate", "13-8-2012");
Deleted : user_pref("CT3227982.DSChangedManually", false);
Deleted : user_pref("CT3227982.DSInstall", true);
Deleted : user_pref("CT3227982.DSProtectChoice", false);
Deleted : user_pref("CT3227982.DSProtectCount", 1);
Deleted : user_pref("CT3227982.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3227982.DialogsGetterLastCheckTime", "Mon Aug 13 2012 20:16:01 GMT+0100 (GMT Daylight T[...]
Deleted : user_pref("CT3227982.DownloadReferralCookieData", "");
Deleted : user_pref("CT3227982.FirstServerDate", "13-8-2012");
Deleted : user_pref("CT3227982.FirstTime", true);
Deleted : user_pref("CT3227982.FirstTimeFF3", true);
Deleted : user_pref("CT3227982.FirstTimeHiddenVer", true);
Deleted : user_pref("CT3227982.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3227982.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3227982.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3227982.HPInstall", true);
Deleted : user_pref("CT3227982.HasUserGlobalKeys", true);
Deleted : user_pref("CT3227982.HomePageProtectorEnabled", true);
Deleted : user_pref("CT3227982.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=[...]
Deleted : user_pref("CT3227982.Initialize", true);
Deleted : user_pref("CT3227982.InitializeCommonPrefs", true);
Deleted : user_pref("CT3227982.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT3227982.InstallationId", "installbrain");
Deleted : user_pref("CT3227982.InstallationType", "ConduitNSISIntegration");
Deleted : user_pref("CT3227982.InstalledDate", "Mon Aug 13 2012 20:16:01 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3227982.InvalidateCache", false);
Deleted : user_pref("CT3227982.IsAlertDBUpdated", true);
Deleted : user_pref("CT3227982.IsGrouping", false);
Deleted : user_pref("CT3227982.IsInitSetupIni", true);
Deleted : user_pref("CT3227982.IsMulticommunity", false);
Deleted : user_pref("CT3227982.IsOpenThankYouPage", false);
Deleted : user_pref("CT3227982.IsOpenUninstallPage", true);
Deleted : user_pref("CT3227982.LanguagePackLastCheckTime", "Mon Aug 13 2012 20:16:07 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT3227982.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3227982.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3227982.LastLogin_3.15.0.0", "Mon Aug 13 2012 21:08:36 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3227982.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3227982.Locale", "en");
Deleted : user_pref("CT3227982.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3227982.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3227982.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3227982.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3227982.OriginalFirstVersion", "3.15.0.0");
Deleted : user_pref("CT3227982.RadioIsPodcast", false);
Deleted : user_pref("CT3227982.RadioLastCheckTime", "Mon Aug 13 2012 21:08:43 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3227982.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3227982.RadioLastUpdateServer", "3");
Deleted : user_pref("CT3227982.RadioMediaID", "9962");
Deleted : user_pref("CT3227982.RadioMediaType", "Media Player");
Deleted : user_pref("CT3227982.RadioMenuSelectedID", "EBRadioMenu_CT32279829962");
Deleted : user_pref("CT3227982.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3227982.RadioStationName", "California%20Rock");
Deleted : user_pref("CT3227982.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT3227982.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT3227980&SearchSource=13");
Deleted : user_pref("CT3227982.SearchCaption", "appbario8 Customized Web Search");
Deleted : user_pref("CT3227982.SearchEngineBeforeUnload", "Secure Search");
Deleted : user_pref("CT3227982.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3227982.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Deleted : user_pref("CT3227982.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3227982.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3227982.SearchInNewTabLastCheckTime", "Mon Aug 13 2012 21:08:40 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT3227982.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3227982.SearchProtectorEnabled", false);
Deleted : user_pref("CT3227982.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3227982.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3227982.ServiceMapLastCheckTime", "Mon Aug 13 2012 20:14:28 GMT+0100 (GMT Daylight Time[...]
Deleted : user_pref("CT3227982.SettingsLastCheckTime", "Mon Aug 13 2012 20:16:00 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT3227982.SettingsLastUpdate", "1344850466");
Deleted : user_pref("CT3227982.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13");
Deleted : user_pref("CT3227982.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3227982.ThirdPartyComponentsLastCheck", "Mon Aug 13 2012 20:14:28 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT3227982.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3227982.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3227982.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3227982");
Deleted : user_pref("CT3227982.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3227982.UserID", "UN49853975388931193");
Deleted : user_pref("CT3227982.ValidationData_Toolbar", 0);
Deleted : user_pref("CT3227982.alertChannelId", "1663751");
Deleted : user_pref("CT3227982.autoDisableScopes", -1);
Deleted : user_pref("CT3227982.backendstorage.bday_installdate", "31332D37");
Deleted : user_pref("CT3227982.backendstorage.bday_installfromtoolbar", "796573");
Deleted : user_pref("CT3227982.backendstorage.ct3227982ads1", "25374225323261647325323225334125354225374225323[...]
Deleted : user_pref("CT3227982.backendstorage.ct3227982current_term", "");
Deleted : user_pref("CT3227982.backendstorage.ct3227982sdate", "2D31");
Deleted : user_pref("CT3227982.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3227982.globalFirstTimeInfoLastCheckTime", "Mon Aug 13 2012 20:14:29 GMT+0100 (GMT Dayl[...]
Deleted : user_pref("CT3227982.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3227982.initDone", true);
Deleted : user_pref("CT3227982.isFirstRadioInstallation", false);
Deleted : user_pref("CT3227982.myStuffEnabled", true);
Deleted : user_pref("CT3227982.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3227982.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3227982.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3227982.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3227982.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3227982.revertSettingsEnabled", true);
Deleted : user_pref("CT3227982.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3227982.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3227982.testingCtid", "");
Deleted : user_pref("CT3227982.toolbarAppMetaDataLastCheckTime", "Mon Aug 13 2012 20:16:00 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT3227982.toolbarContextMenuLastCheckTime", "Mon Aug 13 2012 20:16:07 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT3227982.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3227982&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "appbario8 Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3227982/CT3227982[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3227982", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3227982",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"3ae[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Home\\Application [...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.0.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.asp[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3227982");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3227982");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3227982");
Deleted : user_pref("CommunityToolbar.globalUserId", "06517215-b3e9-41fe-8768-760576433d43");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3227982");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Aug 13 2012 20:14:2[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 13 2012 20:14:28 GMT+0100 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "44423814-4715-44fd-adeb-d6b8323892e9");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3227980&SearchSour[...]
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "appbario8 Customized Web Search");
Deleted : user_pref("browser.search.defaultenginename", "appbario8 Customized Web Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "appbario8 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&Sea[...]
Deleted : user_pref("browser.search.order.1", "appbario8 Customized Web Search");
Deleted : user_pref("extensions.addonfox.addit.remoteInstallItems", "{ \"software\": {\"1\": {\"id\": \"1\",\"[...]

*************************

AdwCleaner[R1].txt - [15399 octets] - [26/10/2012 17:23:04]
AdwCleaner[S1].txt - [15237 octets] - [30/10/2012 22:47:40]

########## EOF - C:\AdwCleaner[S1].txt - [15298 octets] ##########
 
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0cc09160-108c-4759-bab1-5c12c216e005} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0cc09160-108c-4759-bab1-5c12c216e005}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb3910b0-97bd-11e1-a032-00012e0b40db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb3910b0-97bd-11e1-a032-00012e0b40db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb3910b0-97bd-11e1-a032-00012e0b40db}\ not found.
File E:\AutoInst.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Home\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Home\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 368993 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Home
->Temp folder emptied: 31981147238 bytes
->Temporary Internet Files folder emptied: 137260411 bytes
->FireFox cache emptied: 496406420 bytes
->Flash cache emptied: 69446 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 219014117 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 61992416 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31,375.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10302012_230049

Files\Folders moved on Reboot...
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


upon reboot, the computer still takes like 5mins to load on desktop, but i guess its because this computer is really really old. as for watching youtube and imb videos, its still the same. i guess thats to do with the age of the pc as well, but streaming the videos are no problem at all since i use a wireless USB stick with a speed of 130.0Mbps. guess i will have to watch youtube videos on my spare laptop instead and use this one for other purposes.
 
Thanks for the information and logs.:D:

COMBOFIX
---------------
Please download ComboFix from one of the following locations:
  • Location #1
  • Location #2
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a Congratulations!!! message.

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

WARNING: ComboFix will disconnect your machine from the Internet as soon as it starts.
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no internet connection after running ComboFix, then restart your computer to restore back your connection.
In your next reply, please provide the following:
  • ComboFix log.



Regards,

Richard:greeting:
 
ComboFix 12-10-31.03 - Home 01/11/2012 19:15:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.768.355 [GMT 0:00]
Running from: c:\documents and settings\Home\My Documents\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000015_.tmp.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-10-30 23:00 . 2012-10-30 23:00 -------- d-----w- C:\_OTL
2012-10-28 16:46 . 2012-10-28 16:46 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 18:14 . 2012-04-02 10:40 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:14 . 2011-07-29 22:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 19:54 . 2011-08-07 21:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 20:29 . 2012-01-10 13:19 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:29 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:29 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-30 19:10 . 2012-09-14 12:58 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-08-28 13:00 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2004-08-04 12:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 12:01 . 2011-07-31 23:58 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01 . 2011-07-31 23:58 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-10-29 12:12 . 2012-10-29 12:11 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-10-26 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"D-Link D-Link Wireless N DWA-140"="c:\program files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2008-04-15 1675264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-5-6 565248]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [28/10/2012 16:46 65848]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [05/10/2011 16:55 36000]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [23/10/2012 16:30 272216]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [28/10/2012 16:46 71480]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [28/10/2012 16:46 166840]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [05/10/2011 16:55 86224]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [29/07/2011 22:01 95232]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/10/2012 16:46 976728]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [06/05/2012 20:55 167936]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [14/09/2012 10:41 96256]
R3 ELNK3;3Com EtherLink III;c:\windows\system32\drivers\elnk3.sys [14/09/2012 10:41 25159]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [06/05/2012 20:55 57440]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [08/06/2012 20:51 21520]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02/04/2012 10:40 250808]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Home\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Home\LOCALS~1\Temp\ALSysIO.sys [?]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [06/05/2012 20:55 1759584]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNDA3200\jswpsapi.exe [06/05/2012 20:55 360529]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [11/06/2012 18:29 115168]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTMGMTSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:15]
.
2012-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s%s
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{DBF607C1-DE27-4DCE-9317-192C135086B0}: NameServer = 85.17.255.198,46.19.33.120
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-01 19:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-11-01 19:38:20
ComboFix-quarantined-files.txt 2012-11-01 19:38
.
Pre-Run: 49,879,822,336 bytes free
Post-Run: 49,839,575,040 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7AE6AE64ACC3D26D2854303B0424D157
 
Thanks for providing the log.:bigthumb:

How is the PC running now?:)

Please move ComboFix.exe to the Desktop. It is currently in the location below:
c:\documents and settings\Home\My Documents\Downloads\ComboFix.exe

In your next reply, please provide the following:
  • Update on how your PC is running.



Regards,

Richard:greeting:
 
but the internet seems to be running at the normal speed, it usually does. so i dont have any trouble opening and loading pages.
 
:2thumb:

Please run OTL.exe.
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code: 
:OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBF607C1-DE27-4DCE-9317-192C135086B0}: NameServer = 85.17.255.198,46.19.33.120

:Commands
[purity]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot when it is done.
  • Then post the results of the log it produces.
In your next reply, please provide the following:
  • OTL log.
  • Update on how your PC is running.



Regards,

Richard:greeting:
 
No problem :)

A copy of the OTL fix log can be found by navigating to C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.:bigthumb:

In your next reply, please provide the following:
  • OTL log.
  • Update on how your PC is running.



Regards,

Richard:greeting:
 
Last edited:
here is the log, but still no difference at all. I dont think it could be fixed.

========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DBF607C1-DE27-4DCE-9317-192C135086B0}\\NameServer| /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 11022012_184906
 
Nice work:police:

MALWAREBYTES' ANTI-MALWARE
-------------------------------------------
I see that you have Malwarebytes' Anti-Malware installed.
  • Open Malwarebytes' Anti-Malware.
  • Click on the Update tab and check for updates. If an update is found, it will download and install the latest version.
  • Once that is done, click on the Scanner tab, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Next

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the green ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps):
    • Click on Download to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.exe icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Scan archives.
  • Ensure that the option "Remove found threats" is Unchecked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats.
  • Push Export to text file..., and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  • Push the Back button.
  • Push Finish.
Next

Please post a fresh OTL scan log so I can review it.

In your next reply, please provide the following:
  • MBAM log.
  • ESET log.
  • OTL scan log.
  • Update on how your PC is running.



Regards,

Richard:greeting:
 
here is the malwarebytes log. will do the rest tomorrow.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.03.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Home :: FAMILYPC-0F08F1 [administrator]

03/11/2012 00:06:27
mbam-log-2012-11-03 (00-06-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209006
Time elapsed: 20 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
D:\WINNT\npptools.dll probably a variant of Win32/Agent.NWDIEZZ trojan
D:\WINNT\WanPacket.dll probably a variant of Win32/Agent.IATKQJC trojan
 
OTL logfile created on: 04/11/2012 10:37:40 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.54 Mb Total Physical Memory | 380.35 Mb Available Physical Memory | 49.55% Memory free
2.12 Gb Paging File | 1.67 Gb Available in Paging File | 78.97% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 45.97 Gb Free Space | 61.67% Space Free | Partition Type: NTFS
Drive D: | 9.54 Gb Total Space | 5.85 Gb Free Space | 61.31% Space Free | Partition Type: NTFS

Computer Name: FAMILYPC-0F08F1 | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Documents and Settings\Home\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)
PRC - C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\NETGEAR\WNDA3200\WPSLib.dll ()
MOD - C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\WINDOWS\system32\nvapi.dll ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WDCS_WNDA3200) -- C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe ()
SRV - (jswpsapi) -- C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe (Atheros Communications, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Home\LOCALS~1\Temp\catchme.sys File not found
DRV - (ALSysIO) -- C:\DOCUME~1\Home\LOCALS~1\Temp\ALSysIO.sys File not found
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportCerberus_43926) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (ctlsb16) -- C:\WINDOWS\system32\drivers\ctlsb16.sys (Copyright (C) Creative Technology Ltd. 1994-2001)
DRV - (ELNK3) -- C:\WINDOWS\system32\drivers\elnk3.sys (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{398B7CF9-BCF9-46EA-8A8D-E0B4C5AAB69E}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.2.1
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/09/30 16:28:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/13 21:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/29 12:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/29 12:11:40 | 000,000,000 | ---D | M]

[2011/07/29 20:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions
[2012/11/02 18:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions
[2012/10/03 07:05:59 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/11/02 18:57:37 | 000,530,388 | ---- | M] () (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/01/12 07:59:35 | 000,292,116 | ---- | M] () (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi
[2012/10/29 12:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/30 16:28:27 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/10/29 12:12:31 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/11 18:29:30 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/30 17:04:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/11 18:29:30 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/11 18:29:30 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/13 20:12:22 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/10/13 13:31:00 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/11 18:29:30 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/11/01 19:32:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Program Files\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3200 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{178F3F01-59E9-4B64-A167-017FBD2D3F6C}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/29 19:08:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/01/01 00:45:54 | 000,000,000 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/03 12:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/01 19:31:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/11/01 19:11:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/01 19:09:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/01 19:09:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/01 19:09:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/01 19:09:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/11/01 19:08:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/01 19:08:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/30 23:00:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/30 11:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\My Documents\My Received Files
[2012/10/29 12:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/28 16:46:34 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2012/10/21 17:49:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home\Start Menu\Programs\Administrative Tools

========== Files - Modified Within 30 Days ==========

[2012/11/04 10:31:28 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/11/04 10:30:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/04 10:30:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/04 00:11:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/03 12:32:10 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Shortcut to esetsmartinstaller_enu.exe.lnk
[2012/11/01 23:08:45 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Shortcut to ComboFix.lnk
[2012/11/01 19:32:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/01 19:11:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/10/30 22:08:05 | 000,009,873 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\AVSCAN-20121002-191354-06007368.zip
[2012/10/30 18:37:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/29 11:52:32 | 000,013,836 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/29 10:17:17 | 000,433,780 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/29 10:17:17 | 000,068,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/28 16:46:34 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2012/10/21 17:55:22 | 000,003,309 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\attach.zip
[2012/10/21 17:54:11 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\MBR.dat
[2012/10/10 22:25:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/09 18:14:57 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/09 18:14:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/11/03 12:32:09 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Shortcut to esetsmartinstaller_enu.exe.lnk
[2012/11/01 23:08:44 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Shortcut to ComboFix.lnk
[2012/11/01 19:11:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/11/01 19:11:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/01 19:09:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/01 19:09:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/01 19:09:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/01 19:09:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/01 19:09:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/30 22:08:04 | 000,009,873 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\AVSCAN-20121002-191354-06007368.zip
[2012/10/29 11:52:32 | 000,013,836 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/21 17:55:22 | 000,003,309 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\attach.zip
[2012/10/21 17:54:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\MBR.dat
[2012/04/14 23:46:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/16 11:06:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/21 22:20:01 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/29 21:51:53 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/07/29 21:51:31 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/07/29 20:40:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/29 19:53:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/29 19:52:09 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/29 19:10:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/29 19:05:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2011/07/29 22:52:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 20:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 
Please go to VirusTotal.
  • Click Choose File and browse to the file listed below in bold and click Scan it!.

    D:\WINNT\npptools.dll

  • There might be a short wait.
  • Select Reanalyse file and post back with the results of the scan.
  • Do the same for:

    D:\WINNT\WanPacket.dll
Next

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
In your next reply, please provide the following:
  • VirusTotal results.
  • Security Check log.
  • Update on how your PC is running.



Regards,

Richard:greeting:
 
ssdeep
768:f2oR2jzVgu1E2ekCIHnbF0p2pxrtjpg7d8W0kxk:OoR2jBgu1E2fCqyp2Lrtjpg7d8Wr2
TrID
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
F-Prot packer identifier
NSPack
Command packer identifier
NSPack
PEiD packer identifier
NsPacK V3.7 -> LiuXingPing
ExifTool

MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
MachineType..............: Intel 386 or later, and compatibles
TimeStamp................: 2004:08:17 01:38:33+02:00
FileType.................: Win32 DLL
PEType...................: PE32
CodeSize.................: 0
LinkerVersion............: 7.1
EntryPoint...............: 0x127da
InitializedDataSize......: 28672
SubsystemVersion.........: 4.0
ImageVersion.............: 1.0
OSVersion................: 5.1
UninitializedDataSize....: 69632

Sigcheck

publisher................: Microsoft Corporation
product..................: Microsoft(R) Windows(R) Operating System
internal name............: NPPTools.DLL
copyright................: (C) Microsoft Corporation. All rights reserved.
original name............: NPPTools.DLL
file version.............: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
description..............: NPP Tools Helper DLL

Portable Executable structural information

Compilation timedatestamp.....: 2004-08-16 23:38:33
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x000127DA

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.nsp0 4096 69632 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.nsp1 73728 28672 27477 7.80 aaf05c5d15829dd226e2ba24ac6b513a
.nsp2 102400 6481 0 0.00 d41d8cd98f00b204e9800998ecf8427e

PE Imports....................:

[[KERNEL32.DLL]]
VirtualFree, ExitProcess, VirtualProtect, LoadLibraryA, VirtualAlloc, GetProcAddress

[[MSVCRT.DLL]]
strpbrk

[[OLEAUT32.DLL]]
Ord(2)

[[MFC42U.DLL]]
Ord(823)

[[ADVAPI32.DLL]]
RegQueryValueExA

[[OLE32.DLL]]
CoCreateInstance

[[USER32.DLL]]
GetDlgItem


PE Exports....................:

ClearEventData, CreateBlob, CreateNPPInterface, DestroyBlob, DestroyNPPBlobTable, DuplicateBlob, FilterNPPBlob, FindOneOf, FindUnknownBlobCategories, FindUnknownBlobTags, GetBoolFromBlob, GetClassIDFromBlob, GetDwordFromBlob, GetMacAddressFromBlob, GetNPPAddressFilterFromBlob, GetNPPBlobFromUI, GetNPPBlobTable, GetNPPEtypeSapFilter, GetNPPMacTypeAsNumber, GetNPPPatternFilterFromBlob, GetNPPTriggerFromBlob, GetNetworkInfoFromBlob, GetStringFromBlob, GetStringsFromBlob, IsRemoteNPP, LockBlob, MarshalBlob, MergeBlob, NmAddUsedEntry, NmHeapAllocate, NmHeapFree, NmHeapReallocate, NmHeapSetMaxSize, NmHeapSize, NmRemoveUsedEntry, RaiseNMEvent, ReadBlobFromFile, RegCreateBlobKey, RegOpenBlobKey, ReleaseEventSystem, RemoveFromBlob, SelectNPPBlobFromTable, SendEvent, SetBoolInBlob, SetClassIDInBlob, SetDwordInBlob, SetMacAddressInBlob, SetNPPAddressFilterInBlob, SetNPPEtypeSapFilter, SetNPPPatternFilterInBlob, SetNPPTriggerInBlob, SetNetworkInfoInBlob, SetStringInBlob, SubkeyExists, UnMarshalBlob, UnlockBlob, WriteBlobToFile, WriteCrackedBlobToFile, recursiveDeleteKey, setKeyAndValue

PE Resources..................:

Resource type Number of resources
RT_STRING 3
RT_DIALOG 1
RT_MESSAGETABLE 1
RT_VERSION 1

Resource language Number of resources
CHINESE SIMPLIFIED 6

ClamAV PUA Engine
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/support/faq/pua.
First seen by VirusTotal
2008-03-23 16:25:25 UTC ( 4 years, 7 months ago )
Last seen by VirusTotal
2012-09-18 03:35:33 UTC ( 1 month, 2 weeks ago )
File names (max. 25)

NPPTools.DLL
npptools.dll
fa95d1ea9290482f28ca739461034842
FA95D1EA9290482F28CA739461034842
D4293C6FACB8201BB3417F944AB349A0330682FE
 
ssdeep
384:VN+2vD6X10xOl1dCrUexOLTgd1lStyBg+Rt99kTIYJLWD5RZbxF6jm17K:VA2gxl5exOLEdqtyBjRtbmdLKLbDmw7K
TrID
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
F-Prot packer identifier
NSPack, PE_Patch
Command packer identifier
NSPack, PE_Patch
PEiD packer identifier
NsPacK V3.7 -> LiuXingPing
ExifTool

MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
MachineType..............: Intel 386 or later, and compatibles
TimeStamp................: 2007:11:06 20:13:46+00:00
FileType.................: Win32 DLL
PEType...................: PE32
CodeSize.................: 0
LinkerVersion............: 6.0
EntryPoint...............: 0x10641
InitializedDataSize......: 24576
SubsystemVersion.........: 4.0
ImageVersion.............: 0.0
OSVersion................: 4.0
UninitializedDataSize....: 61440

Sigcheck

publisher................: CACE Technologies
product..................: WinPcap
internal name............: WanPacket.dll
file version.............: 4.0.0.1040
original name............: WanPacket.dll
copyright................: Copyright (c) 2005-2007 CACE Technologies. Copyright (c) 2003-2005 NetGroup, Politecnico di Torino.
description..............: WinPcap low level NetMon wrapper library

Portable Executable structural information

Compilation timedatestamp.....: 2007-11-06 20:13:46
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x00010641

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.nsp0 4096 61440 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.nsp1 65536 24576 23012 7.85 d3b910657e6644ae302dcacd511a22ed
.nsp2 90112 6340 0 0.00 d41d8cd98f00b204e9800998ecf8427e

PE Imports....................:

[[NPPTOOLS.DLL]]
CreateNPPInterface

[[KERNEL32.DLL]]
VirtualFree, ExitProcess, VirtualProtect, LoadLibraryA, VirtualAlloc, GetProcAddress

[[OLE32.DLL]]
CoInitializeEx


PE Exports....................:

WanPacketCloseAdapter, WanPacketGetReadEvent, WanPacketGetStats, WanPacketOpenAdapter, WanPacketReceivePacket, WanPacketSetBpfFilter, WanPacketSetBufferSize, WanPacketSetMinToCopy, WanPacketSetMode, WanPacketSetReadTimeout, WanPacketTestAdapter

PE Resources..................:

Resource type Number of resources
RT_VERSION 1

Resource language Number of resources
NEUTRAL 1

Prevx
http://info.prevx.com/aboutprogramtext.asp?PX5=F820B098F8717D4577E800924EDB0C00A24EDB95
ClamAV PUA Engine
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/support/faq/pua.
First seen by VirusTotal
2008-03-28 11:34:34 UTC ( 4 years, 7 months ago )
Last seen by VirusTotal
2012-11-06 00:03:03 UTC ( 18 minutes ago )
File names (max. 25)

WanPacket.dll
7BA91D85248C8A404418D58303FFE993
C19F9BA21CB5DC1C0DC6425902FFE7979961A48C
 
Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Free Antivirus
ESET Online Scanner v3
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Status
Not open for further replies.
Back
Top