Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93117 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Trojan.Agent/Gen-Nullo[Micro]

Started by GWKok , Jan 12 2011 07:01 AM

  • This topic is locked This topic is locked
24 replies to this topic

#16 GWKok

GWKok

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 23 January 2011 - 06:05 AM

I'm running the scan, I'll paste the code logs when it finish scanning :) thank youuuuuuuuu :)

Edited by GWKok, 23 January 2011 - 06:06 AM.

I'm The Legend That Will Live ForEver !

    Advertisements

Register to Remove

#17 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 23 January 2011 - 06:11 AM

:thumbup:

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#18 GWKok

GWKok

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 23 January 2011 - 06:18 AM

OTL logfile created on: 1/23/2011 2:05:03 PM - Run 2
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Kathy\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.26 Gb Total Space | 38.19 Gb Free Space | 55.95% Space Free | Partition Type: NTFS
Drive D: | 80.69 Gb Total Space | 78.57 Gb Free Space | 97.38% Space Free | Partition Type: NTFS

Computer Name: KT | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kathy\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Kathy\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NMSAccess) -- File not found
SRV - (Nero BackItUp Scheduler 4.0) -- File not found
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe ()
SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe (Apache Software Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (.EsetTrialReset) -- C:\Windows\System32\regedt32.exe (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (ASTSRV) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (StarBoardMT) -- C:\Windows\System32\drivers\StarBoardMT.sys (Hitachi Software Engineering Co., Ltd.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (Aspi32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\Windows\System32\drivers\eamon.sys (ESET)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (iscFlash) -- C:\swsetup\sp45138\iscflash.sys (Insyde Software)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/01 23:57:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/13 21:23:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/13 21:23:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/01/12 16:00:35 | 000,000,000 | ---D | M]

[2010/12/28 14:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\mozilla\Extensions
[2011/01/22 15:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\mozilla\Firefox\Profiles\cpripij1.default\extensions
[2011/01/14 00:22:05 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Kathy\AppData\Roaming\mozilla\Firefox\Profiles\cpripij1.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/01/07 15:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\mozilla\Firefox\Profiles\cpripij1.default\extensions\ffxtlbr@Facemoods.com-trash
[2011/01/07 15:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/05 19:07:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/01 23:57:56 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/27 12:03:32 | 000,002,035 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchvsl.xml

O1 HOSTS File: ([2011/01/19 13:36:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} http://www.tapuz.co....in/launcher.cab (LauncherV1 Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-il.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...ivex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)


========== Files/Folders - Created Within 30 Days ==========

[2011/01/23 11:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Etiam
[2011/01/23 11:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Etiam
[2011/01/20 14:24:24 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\תרשיחא
[2011/01/19 13:43:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/19 13:43:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/19 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\temp
[2011/01/19 13:18:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/19 13:18:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/19 13:18:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/19 13:17:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/19 13:17:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/19 13:16:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/19 13:16:38 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/01/16 01:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2011/01/16 01:44:00 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\ESET
[2011/01/15 02:00:40 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Registry Mechanic
[2011/01/15 01:55:19 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2011/01/15 01:55:19 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2011/01/15 01:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2011/01/15 01:55:18 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2011/01/15 01:55:18 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2011/01/15 01:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/01/15 01:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/01/15 01:43:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/15 01:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/15 01:43:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/14 00:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/01/13 21:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/01/13 21:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/13 21:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/01/13 21:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/01/13 21:21:22 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Apple
[2011/01/13 21:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/13 21:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/01/12 16:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/01/12 16:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/01/12 13:50:44 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/12 13:50:41 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/01/12 13:50:41 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/01/12 13:50:40 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/01/12 13:50:40 | 000,804,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/01/12 13:50:40 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/01/12 13:50:40 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/01/12 13:50:40 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/01/12 13:50:40 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/01/12 13:50:39 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/01/12 13:50:39 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/01/12 13:50:39 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/01/12 02:40:48 | 000,067,312 | ---- | C] (Just Great Software) -- C:\Windows\UnDeployV.exe
[2011/01/11 18:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer
[2011/01/09 18:46:46 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/09 18:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/01/09 18:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/09 18:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/05 19:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/05 19:07:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/01/05 19:07:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/01/05 19:07:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/01/03 15:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2011/01/03 02:13:32 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Office Genuine Advantage
[2010/12/31 15:56:18 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/29 00:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/12/29 00:28:00 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\uTorrent
[2010/12/28 14:26:05 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Mozilla
[2010/12/28 14:26:05 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Mozilla
[2010/12/28 14:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2010/12/27 22:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/01 09:40:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Kathy\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kathy\Desktop\*.tmp files -> C:\Users\Kathy\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/23 14:03:50 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/23 14:03:50 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/23 13:58:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/23 13:58:29 | 1608,413,184 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/23 11:33:40 | 000,000,261 | ---- | M] () -- C:\Windows\DcmLtBox.ini
[2011/01/23 11:30:22 | 000,001,032 | ---- | M] () -- C:\Users\Kathy\Desktop\DICOM LiteBox.lnk
[2011/01/23 11:11:29 | 004,269,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/23 00:20:28 | 000,058,187 | ---- | M] () -- C:\Users\Kathy\Desktop\Tel-aviv.jpg
[2011/01/22 16:59:46 | 000,925,004 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/01/22 16:59:46 | 000,876,288 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/01/22 16:59:46 | 000,848,044 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011/01/22 16:59:46 | 000,841,942 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2011/01/22 16:59:46 | 000,674,122 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2011/01/22 16:59:46 | 000,660,986 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2011/01/22 16:59:46 | 000,658,766 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2011/01/22 16:59:46 | 000,608,924 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2011/01/22 16:59:46 | 000,581,756 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2011/01/22 16:59:46 | 000,564,654 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2011/01/22 16:59:46 | 000,302,716 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/01/22 16:59:46 | 000,302,206 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/01/22 16:59:46 | 000,294,520 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011/01/22 16:59:46 | 000,274,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/22 16:59:46 | 000,273,906 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2011/01/22 16:59:46 | 000,273,478 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2011/01/22 16:59:46 | 000,268,564 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2011/01/22 16:59:46 | 000,254,556 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2011/01/22 16:59:46 | 000,248,706 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2011/01/22 16:59:46 | 000,248,214 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2011/01/22 16:59:46 | 000,242,746 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2011/01/22 16:59:46 | 000,170,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/21 14:49:34 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKathy.job
[2011/01/21 14:49:34 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKT$.job
[2011/01/20 19:05:38 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2011/01/19 13:36:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/18 22:49:50 | 000,000,132 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/17 21:02:42 | 000,000,132 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/01/17 02:08:40 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1016414663-577106104-567651172-1000.job
[2011/01/14 15:19:40 | 000,000,162 | -H-- | M] () -- C:\Users\Kathy\Desktop\~$L Custom Scan.docx
[2011/01/13 01:22:15 | 000,001,456 | ---- | M] () -- C:\Users\Kathy\AppData\Local\Adobe Save for Web 12.0 Prefs ME
[2011/01/06 19:17:03 | 000,001,849 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\GhostObjGAFix.xml
[2011/01/04 01:52:20 | 000,007,605 | ---- | M] () -- C:\Users\Kathy\AppData\Local\resmon.resmoncfg
[2010/12/28 14:25:51 | 000,001,909 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/27 23:32:36 | 000,000,251 | ---- | M] () -- C:\Windows\xUninstall.bat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kathy\Desktop\*.tmp files -> C:\Users\Kathy\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/23 11:30:24 | 000,000,261 | ---- | C] () -- C:\Windows\DcmLtBox.ini
[2011/01/23 11:30:22 | 000,001,032 | ---- | C] () -- C:\Users\Kathy\Desktop\DICOM LiteBox.lnk
[2011/01/23 00:20:27 | 000,058,187 | ---- | C] () -- C:\Users\Kathy\Desktop\Tel-aviv.jpg
[2011/01/20 19:21:35 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForKT$.job
[2011/01/19 13:18:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/19 13:18:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/19 13:18:13 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/19 13:18:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/19 13:18:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/17 02:08:40 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1016414663-577106104-567651172-1000.job
[2011/01/15 02:20:16 | 000,000,254 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job
[2011/01/15 02:10:39 | 000,000,000 | -HS- | C] () -- C:\Users\Kathy\S-1-5-21-1016414663-577106104-567651172-1000.rrr.LOG2
[2011/01/15 02:10:39 | 000,000,000 | -HS- | C] () -- C:\Users\Kathy\S-1-5-21-1016414663-577106104-567651172-1000.rrr.LOG1
[2011/01/15 01:55:19 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2011/01/14 15:19:40 | 000,000,162 | -H-- | C] () -- C:\Users\Kathy\Desktop\~$L Custom Scan.docx
[2011/01/13 21:21:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/01/13 01:22:15 | 000,001,456 | ---- | C] () -- C:\Users\Kathy\AppData\Local\Adobe Save for Web 12.0 Prefs ME
[2011/01/12 02:36:49 | 000,049,152 | ---- | C] () -- C:\Windows\System32\OctaneARM.dll
[2011/01/03 02:11:00 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011/01/03 02:09:53 | 000,001,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/01/03 02:09:06 | 000,001,220 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/01/03 02:06:52 | 000,001,311 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/01/03 02:06:38 | 000,001,477 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/01/02 16:51:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2010/12/28 14:25:51 | 000,001,909 | ---- | C] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/27 23:31:52 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_xd.ico
[2010/12/27 23:31:52 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_ms.ico
[2010/12/27 23:31:52 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_mmc.ico
[2010/12/23 19:43:53 | 000,001,849 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\GhostObjGAFix.xml
[2010/12/09 15:06:12 | 000,000,132 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/10/18 00:23:02 | 000,000,132 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/24 17:48:03 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/08/28 13:21:02 | 000,004,608 | ---- | C] () -- C:\Users\Kathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/28 13:21:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/08/05 11:20:12 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2010/08/05 11:20:00 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/07/23 23:08:58 | 000,000,330 | ---- | C] () -- C:\Windows\pdf2word.INI
[2010/07/15 20:53:54 | 000,007,605 | ---- | C] () -- C:\Users\Kathy\AppData\Local\resmon.resmoncfg
[2010/07/02 16:49:16 | 000,000,156 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\default.rss
[2010/06/19 15:17:28 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/06/19 15:16:02 | 000,000,025 | ---- | C] () -- C:\Windows\CDE CX3700ER.ini
[2010/06/16 00:23:41 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/06/03 18:43:04 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/06/03 18:43:04 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/06/01 09:41:10 | 000,000,033 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\pcouffin.log
[2010/06/01 09:40:35 | 000,007,887 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\pcouffin.cat
[2010/06/01 09:40:35 | 000,001,144 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\pcouffin.inf
[2010/06/01 09:39:58 | 000,000,110 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\burnaware.ini
[2010/05/31 23:16:02 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/05 22:15:42 | 000,076,407 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\Smiley.ico
[2010/04/21 20:04:59 | 000,027,623 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\UserTile.png
[2010/04/05 12:06:27 | 000,000,525 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/31 23:01:09 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/03/29 18:20:18 | 000,000,491 | ---- | C] () -- C:\Windows\System32\skqntbxs.dll
[2010/03/29 17:33:38 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/03/29 15:56:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/28 18:20:57 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/04 00:07:42 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/13 17:39:12 | 000,020,480 | ---- | C] () -- C:\Windows\System32\wbvfsinst.dll
[2008/10/04 01:07:10 | 003,754,896 | ---- | C] () -- C:\Windows\System32\erdmpg-6.dll
[2008/09/28 19:33:01 | 000,253,952 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2008/08/28 13:20:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\comLyricGetter.dll
[2008/08/28 13:17:22 | 000,097,280 | ---- | C] () -- C:\Windows\System32\Uncommon.dll
[2008/08/28 13:17:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\NormalizeDSP.dll
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2006/11/06 21:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2006/03/10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2000/01/07 02:00:00 | 000,024,448 | ---- | C] () -- C:\Windows\sysgtime.dll
[2000/01/07 02:00:00 | 000,024,448 | ---- | C] () -- C:\Windows\System32\proclsvr.drv
[1998/04/23 23:00:00 | 000,000,218 | ---- | C] () -- C:\Windows\FRONTPG.INI

========== LOP Check ==========

[2010/11/22 22:59:54 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Artisteer
[2010/10/25 02:05:18 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/31 15:56:18 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/02 00:15:16 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\DMCache
[2010/11/13 19:18:30 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\EPSON
[2010/08/13 13:48:28 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\GetRightToGo
[2010/08/16 17:38:42 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Notepad++
[2010/07/10 16:46:22 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Publish Providers
[2010/06/15 19:27:32 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\RayV
[2011/01/16 19:11:13 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Registry Mechanic
[2010/12/03 21:29:45 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\SmartDraw
[2010/06/16 14:12:39 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/01/16 01:44:33 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\uTorrent
[2010/06/01 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Vso
[2010/05/31 17:25:49 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\WinBatch
[2011/01/20 19:05:38 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2010/12/09 11:28:56 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/08 18:03:10 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/04/03 14:08:04 | 000,348,661 | RHS- | M] () -- C:\BSEMA
[2011/01/19 13:43:03 | 000,016,241 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/23 13:58:29 | 1608,413,184 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/18 00:01:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/18 00:01:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/23 13:58:35 | 2144,555,008 | -HS- | M] () -- C:\pagefile.sys
[2010/06/16 00:25:51 | 000,000,083 | ---- | M] () -- C:\SYNTPAD.LOG
[2010/05/31 23:21:53 | 000,000,216 | ---- | M] () -- C:\temp.txt
[2010/03/28 23:44:06 | 000,171,136 | RHS- | M] () -- C:\w7ldr
[2010/04/03 14:08:04 | 000,000,020 | RHS- | M] () -- C:\winx.ld

< %systemroot%\Fonts\*.com >
[2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/12/18 14:09:45 | 000,000,221 | -HS- | M] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-21 12:56:11

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 143 bytes -> C:\Users\Kathy\AppData\Roaming\default.rss:OECustomProperty
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B6AC352B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:456A69E6
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:89EAFAFC
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C

< End of report >
I'm The Legend That Will Live ForEver !

#19 GWKok

GWKok

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 23 January 2011 - 06:25 AM

There is no Extras.txt Log ... This is all that appeared.
I'm The Legend That Will Live ForEver !

#20 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 25 January 2011 - 03:08 AM

Hi GWKok

I’m pleased to say that there is nothing bad in your log, just a few bits that need tidied up. We’ll also run an online scan just to be sure.

Run OTL
  • Double click on the icon to run it.
  • Copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services

:OTL
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2010/12/29 00:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/12/29 00:28:00 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\uTorrent
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 143 bytes -> C:\Users\Kathy\AppData\Roaming\default.rss:OECustomProperty
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B6AC352B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:456A69E6
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:89EAFAFC
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)

Run ESET Online Scan

I realise that you have Eset installed on your computer but an online version ensures that it has not been corrupted by infections hiding somewhere inside Windows files.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan 1. Click the Eset online Scanner button.
2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
• Double click on the Eset installer icon on your desktop.

3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Accept any security warnings from your browser.
6. Check Scan archives
7. Push the Start button.
8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
9. When the scan completes, push List of found threats
10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - when ESET doesn't find any threats, no report will be created.
11. Push the back button.
12. Push Finish
If a log has been produced post it in your next reply.

Please send with your next post:

OTL fix log
Eset scan result

Please let me know how your computer is running and if there are any problems

Thanks

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#21 GWKok

GWKok

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 25 January 2011 - 06:59 AM

All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. C:\Program Files\uTorrent folder moved successfully. C:\Users\Kathy\AppData\Roaming\uTorrent\dlimagecache folder moved successfully. C:\Users\Kathy\AppData\Roaming\uTorrent\apps folder moved successfully. C:\Users\Kathy\AppData\Roaming\uTorrent folder moved successfully. ADS C:\ProgramData\TEMP:0CE7F3C9 deleted successfully. ADS C:\Users\Kathy\AppData\Roaming\default.rss:OECustomProperty deleted successfully. ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully. ADS C:\ProgramData\TEMP:B6AC352B deleted successfully. ADS C:\ProgramData\TEMP:456A69E6 deleted successfully. ADS C:\ProgramData\TEMP:63238B95 deleted successfully. ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully. ADS C:\ProgramData\TEMP:89EAFAFC deleted successfully. ADS C:\ProgramData\TEMP:888AFB86 deleted successfully. ADS C:\ProgramData\TEMP:010ADD2C deleted successfully. ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 89441860 bytes ->FireFox cache emptied: 16131496 bytes ->Flash cache emptied: 43110 bytes User: Kathy ->Temp folder emptied: 2110874 bytes ->Temporary Internet Files folder emptied: 104976495 bytes ->Java cache emptied: 1304498 bytes ->FireFox cache emptied: 46606949 bytes ->Flash cache emptied: 67336 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 665007078 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 883.00 mb OTL by OldTimer - Version 3.2.20.5 log created on 01252011_142619 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

Attached Thumbnails

  • ESET.png

Edited by GWKok, 25 January 2011 - 07:00 AM.

I'm The Legend That Will Live ForEver !

#22 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 27 January 2011 - 01:27 AM

Hi GWKok

OTL got rid of the stragglers and the Eset scan coming up clear confirmed what I thought, that your computer seems to be clean.

We need to tidy up by removing the tools that have been used.

Uninstall Combofix

Follow these steps to uninstall Combofix• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK.
Note the space between the X and the /, it needs to be there.
Posted Image • Please follow the prompts to uninstall Combofix.
• Once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.
===================================================

Uninstall OTL
  • Double-click OTL.exe
  • Click the CleanUp! button.
  • Select Yes when the Begin cleanup Process? prompt appears.
  • If you are prompted to reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

===================================================

RECOMMENDATIONS


Make your Internet Explorer more secure 1 From within Internet Explorer click on the Tools menu and then click on Internet Options.
2 Click on the Security tab
3 Click the Internet icon so it becomes highlighted.
4 Click on Default Level and click Ok
5 Click on the Custom Level button. Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.

6 Next press the Apply button and then the OK to exit the Internet Properties page.
[/list]
SUPERAntiSpyware and Malwarebytes’ AntiMalware

You should run these programs on a regular basis, probably weekly.


Registry Cleaners

I suggest that you uninstall Registry Mechanic. Registry cleaners cause more problems that they cure, and are not recommended by this or any other respected forum. Unfortunately, they are often recommended as a quick cure for problems, which simply isn't the case.

Please see: Prevention

Please have a look at the following links:• So how did I get infected in the first place?
Miekies' prevention suggestions
Hardening Windows Security - Part 1 & Part 2.
• Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a multitude of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The large majority of infection arises through Peer to Peer file-sharing and/or programs that are not updated regularly with the latest security patches.

You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Follow the above guidelines and your potential for being infected again will be reduced dramatically.

If you have no more questions or problems, please let me know and we will close this topic.

Safe computing

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#23 GWKok

GWKok

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 27 January 2011 - 05:27 AM

I would say Thank you about everything you did for supporting me :)
You're Excellent :)
I'm The Legend That Will Live ForEver !

#24 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 27 January 2011 - 05:33 AM

You're very welcome.

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#25 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 27 January 2011 - 05:45 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

    Advertisements

Register to Remove

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·