Solved Problems with virus attack

broni · 2010/10/17

That offending file is still there.
Let's try again...

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\drivers\sjskpvmj.dat

Driver::
sjskpvmj
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Ant S · 2010/10/18

OK. ComboFix log to follow.

I can delete the file by hand no problem, but I'm a bit worried in case its a system file. What do you think?

Ant S · 2010/10/18

ComboFix log

ComboFix 10-10-15.01 - Ant 17/10/2010 23:54:37.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.367.187 [GMT 1:00]
Running from: c:\documents and settings\Ant\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ant\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\windows\system32\drivers\sjskpvmj.dat "
.

((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
.

2010-10-17 16:27 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2BA05361-0BD1-4945-9608-FDEC9FD8FAAA}\mpengine.dll
2010-10-16 15:34 . 2010-10-16 15:34 -------- d-----w- c:\documents and settings\Ant\Application Data\Windows Live Writer
2010-10-16 15:33 . 2010-10-16 15:33 -------- d-----w- c:\documents and settings\Ant\Local Settings\Application Data\Windows Live Writer
2010-10-16 09:58 . 2010-10-16 09:58 -------- d-s---w- c:\documents and settings\Ant\UserData
2010-10-16 07:47 . 2010-10-16 07:47 -------- d-----w- C:\FOUND.002
2010-10-15 19:45 . 2010-10-15 19:45 -------- d-----w- c:\documents and settings\Ant\Application Data\Malwarebytes
2010-10-15 19:37 . 2010-10-15 19:37 -------- d-----w- C:\FOUND.001
2010-10-15 18:29 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-15 18:28 . 2010-10-15 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-15 18:28 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 18:28 . 2010-10-15 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-15 12:43 . 2010-10-15 12:43 -------- d-----w- C:\FOUND.000
2010-10-15 12:10 . 2010-10-15 12:10 -------- d-----w- c:\program files\Speccy
2010-10-15 12:01 . 2010-10-15 12:01 -------- d--h--w- c:\windows\PIF
2010-10-15 11:38 . 2010-10-15 11:38 -------- d-----w- c:\program files\Trend Micro
2010-10-15 11:24 . 2010-10-15 11:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-15 00:06 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 00:06 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 00:06 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 00:01 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-14 23:58 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-14 23:52 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-10-08 19:39 . 2010-10-08 19:39 -------- d-----w- c:\documents and settings\Ant\Local Settings\Application Data\Deployment
2010-10-03 19:20 . 2010-10-03 19:20 360 ----a-w- c:\windows\system32\drivers\sjskpvmj.dat
2010-10-02 23:02 . 2010-10-02 23:02 -------- d-----w- c:\program files\LAME
2010-10-02 22:43 . 2010-10-02 22:43 -------- d-----w- c:\documents and settings\Ant\Application Data\AccurateRip
2010-09-22 22:51 . 2010-09-22 22:51 -------- d-----w- c:\program files\Defraggler
2010-09-18 11:23 . 2010-09-18 11:23 974848 ------w- c:\windows\system32\dllcache\mfc42u.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7C2F0D8-2209-4693-A15D-5A537211D48B}]
2010-08-05 05:08 1498624 ----a-w- c:\program files\Nectar Search Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8020143D-5926-4394-A04D-DD0B649DA121} "= "c:\program files\Nectar Search Toolbar\Toolbar.dll" [2010-08-05 1498624]

[HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8020143D-5926-4394-A04D-DD0B649DA121} "= "c:\program files\Nectar Search Toolbar\Toolbar.dll" [2010-08-05 1498624]

[HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey "= "c:\windows\system32\00THotkey.exe" [2001-11-21 98304]
"Apoint "= "c:\program files\Apoint2K\Apoint.exe" [2001-08-09 118784]
"Tpwrtray "= "TPWRTRAY.EXE" [2001-11-20 188416]
"TFncKy "= "TFncKy.exe" [BU]
"TosHKCW.exe "= "c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2001-07-25 45056]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Ant\Start Menu\Programs\Startup\
Books on Loan.lnk - c:\book\BOOKSU.EXE [1980-1-1 64267]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\MSMSGS.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\System32\\mmc.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Nectar Search Toolbar\\TroubleShooter.exe "=
"c:\\Program Files\\Nectar Search Toolbar\\ToolbarUpdate.exe "=

R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [13/04/2010 22:35 1737464]
R3 tridxp;tridxp;c:\windows\system32\drivers\tridxpm.sys [06/12/2001 11:42 221824]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 HPUATA;HP CD Writer Plus Controller Driver;c:\windows\system32\drivers\HPUATA.sys [24/09/2001 04:36 75776]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07/09/2009 15:55 7680]
.
Contents of the 'Scheduled Tasks' folder

2010-10-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

2010-10-17 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2856520603-3802400216-3657561249-1005Core.job
- c:\documents and settings\Ant\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-08 19:43]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: ebay.co.uk
Trusted Zone: google.co.uk
Trusted Zone: google.com
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: msn.com
Trusted Zone: passport.com
Trusted Zone: three.co.uk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
Completion time: 2010-10-18 00:06:49
ComboFix-quarantined-files.txt 2010-10-17 23:06
ComboFix2.txt 2010-10-17 16:24

Pre-Run: 1,139,589,120 bytes free
Post-Run: 1,147,527,168 bytes free

- - End Of File - - 18D1592DE084E77FB7C49E1A26983474

broni · 2010/10/18

Something keeps recreating that file, so let's try one more time....

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\dllcache\moviemk.exe
c:\windows\system32\drivers\sjskpvmj.dat
c:\windows\system32\DRIVERS\GenericMount.sys

Folder::

Driver::
GenericMount
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Ant S · 2010/10/19

Thanks, broni. ComboFix forced a re-start this time.

I think I can delete the sjskpvmj.dat by hand. Yesterday, I sent it to the Recycle Bin. It stayed there for about 24 hours and didn't reappear. Or is ComboFix telling us the file is fine?

ComboFix log to follow.

Ant S · 2010/10/19

ComboFix log

ComboFix 10-10-15.01 - Ant 19/10/2010 11:04:19.4.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.367.190 [GMT 1:00]
Running from: c:\documents and settings\Ant\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ant\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\windows\system32\dllcache\moviemk.exe "
"c:\windows\system32\DRIVERS\GenericMount.sys "
"c:\windows\system32\drivers\sjskpvmj.dat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GenericMount

((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 )))))))))))))))))))))))))))))))
.

2010-10-18 16:13 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{708C5217-37A0-40B5-AFDB-290DB6BB1CFE}\mpengine.dll
2010-10-16 15:34 . 2010-10-16 15:34 -------- d-----w- c:\documents and settings\Ant\Application Data\Windows Live Writer
2010-10-16 15:33 . 2010-10-16 15:33 -------- d-----w- c:\documents and settings\Ant\Local Settings\Application Data\Windows Live Writer
2010-10-16 09:58 . 2010-10-16 09:58 -------- d-s---w- c:\documents and settings\Ant\UserData
2010-10-16 07:47 . 2010-10-16 07:47 -------- d-----w- C:\FOUND.002
2010-10-15 19:45 . 2010-10-15 19:45 -------- d-----w- c:\documents and settings\Ant\Application Data\Malwarebytes
2010-10-15 19:37 . 2010-10-15 19:37 -------- d-----w- C:\FOUND.001
2010-10-15 18:29 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-15 18:28 . 2010-10-15 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-15 18:28 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 18:28 . 2010-10-15 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-15 12:43 . 2010-10-15 12:43 -------- d-----w- C:\FOUND.000
2010-10-15 12:10 . 2010-10-15 12:10 -------- d-----w- c:\program files\Speccy
2010-10-15 12:01 . 2010-10-15 12:01 -------- d--h--w- c:\windows\PIF
2010-10-15 11:38 . 2010-10-15 11:38 -------- d-----w- c:\program files\Trend Micro
2010-10-15 11:24 . 2010-10-15 11:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-15 00:06 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 00:06 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 00:06 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 00:01 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-14 23:58 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-14 23:52 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-10-08 19:39 . 2010-10-08 19:39 -------- d-----w- c:\documents and settings\Ant\Local Settings\Application Data\Deployment
2010-10-03 19:20 . 2010-10-03 19:20 360 ----a-w- c:\windows\system32\drivers\sjskpvmj.dat
2010-10-02 23:02 . 2010-10-02 23:02 -------- d-----w- c:\program files\LAME
2010-10-02 22:43 . 2010-10-02 22:43 -------- d-----w- c:\documents and settings\Ant\Application Data\AccurateRip
2010-09-22 22:51 . 2010-09-22 22:51 -------- d-----w- c:\program files\Defraggler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7C2F0D8-2209-4693-A15D-5A537211D48B}]
2010-08-05 05:08 1498624 ----a-w- c:\program files\Nectar Search Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8020143D-5926-4394-A04D-DD0B649DA121} "= "c:\program files\Nectar Search Toolbar\Toolbar.dll" [2010-08-05 1498624]

[HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8020143D-5926-4394-A04D-DD0B649DA121} "= "c:\program files\Nectar Search Toolbar\Toolbar.dll" [2010-08-05 1498624]

[HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey "= "c:\windows\system32\00THotkey.exe" [2001-11-21 98304]
"Apoint "= "c:\program files\Apoint2K\Apoint.exe" [2001-08-09 118784]
"Tpwrtray "= "TPWRTRAY.EXE" [2001-11-20 188416]
"TFncKy "= "TFncKy.exe" [BU]
"TosHKCW.exe "= "c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2001-07-25 45056]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Ant\Start Menu\Programs\Startup\
Books on Loan.lnk - c:\book\BOOKSU.EXE [1980-1-1 64267]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\MSMSGS.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\System32\\mmc.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Nectar Search Toolbar\\TroubleShooter.exe "=
"c:\\Program Files\\Nectar Search Toolbar\\ToolbarUpdate.exe "=

R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [13/04/2010 22:35 1737464]
R3 tridxp;tridxp;c:\windows\system32\drivers\tridxpm.sys [06/12/2001 11:42 221824]
S3 HPUATA;HP CD Writer Plus Controller Driver;c:\windows\system32\drivers\HPUATA.sys [24/09/2001 04:36 75776]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07/09/2009 15:55 7680]
.
Contents of the 'Scheduled Tasks' folder

2010-10-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

2010-10-19 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2856520603-3802400216-3657561249-1005Core.job
- c:\documents and settings\Ant\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-08 19:43]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: ebay.co.uk
Trusted Zone: google.co.uk
Trusted Zone: google.com
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: msn.com
Trusted Zone: passport.com
Trusted Zone: three.co.uk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3384)
c:\program files\Apoint2K\EzAuto.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TPWRTRAY.EXE
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\program files\Apoint2K\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-10-19 11:23:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-19 10:23
ComboFix2.txt 2010-10-17 16:24

Pre-Run: 1,093,541,888 bytes free
Post-Run: 1,039,605,760 bytes free

- - End Of File - - C1D169D77CF4512017D89B3894CD0FED

broni · 2010/10/19

Please, re-run TDSSKiller and post new log.

Ant S · 2010/10/20

OK. Log to follow. Thanks for sticking with this.

Ant S · 2010/10/20

TDSSKiller log

2010/10/21 00:51:52.0046 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/21 00:51:52.0046 ================================================================================
2010/10/21 00:51:52.0046 SystemInfo:
2010/10/21 00:51:52.0046
2010/10/21 00:51:52.0046 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/21 00:51:52.0046 Product type: Workstation
2010/10/21 00:51:52.0046 ComputerName: SATELLITE1800
2010/10/21 00:51:52.0046 UserName: Ant
2010/10/21 00:51:52.0046 Windows directory: C:\WINDOWS
2010/10/21 00:51:52.0046 System windows directory: C:\WINDOWS
2010/10/21 00:51:52.0046 Processor architecture: Intel x86
2010/10/21 00:51:52.0046 Number of processors: 1
2010/10/21 00:51:52.0046 Page size: 0x1000
2010/10/21 00:51:52.0046 Boot type: Normal boot
2010/10/21 00:51:52.0046 ================================================================================
2010/10/21 00:51:53.0388 Initialize success
2010/10/21 00:52:04.0364 ================================================================================
2010/10/21 00:52:04.0364 Scan started
2010/10/21 00:52:04.0364 Mode: Manual;
2010/10/21 00:52:04.0364 ================================================================================
2010/10/21 00:52:11.0745 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/21 00:52:12.0436 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/21 00:52:13.0647 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/21 00:52:14.0128 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/21 00:52:17.0152 ALiADWDM (065a6d38a79216592de03f3525d6296e) C:\WINDOWS\system32\drivers\ac97ali.sys
2010/10/21 00:52:17.0573 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/21 00:52:18.0244 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/21 00:52:19.0235 ApfiltrService (58cf0ef8b5c8ccbad8973695a1622cf3) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/10/21 00:52:21.0579 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/21 00:52:22.0019 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/21 00:52:22.0961 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/21 00:52:23.0492 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/21 00:52:23.0922 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/21 00:52:24.0824 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/21 00:52:25.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/21 00:52:26.0125 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/21 00:52:26.0686 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/21 00:52:27.0427 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/21 00:52:28.0268 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/21 00:52:30.0642 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/21 00:52:31.0453 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/21 00:52:32.0184 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/21 00:52:32.0615 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/21 00:52:33.0286 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/21 00:52:34.0267 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/21 00:52:34.0798 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/21 00:52:35.0469 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/21 00:52:35.0929 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/21 00:52:36.0460 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/21 00:52:36.0991 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/21 00:52:38.0483 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/21 00:52:44.0081 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/10/21 00:52:44.0972 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/21 00:52:45.0583 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/21 00:52:47.0706 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/21 00:52:53.0745 HPUATA (04462676036659eac991d84214785026) C:\WINDOWS\system32\DRIVERS\HPUATA.sys
2010/10/21 00:52:54.0236 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/21 00:52:55.0718 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/21 00:52:58.0081 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/21 00:53:14.0906 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/21 00:53:15.0416 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/21 00:53:15.0847 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/21 00:53:16.0508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/21 00:53:17.0049 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/21 00:53:17.0619 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/10/21 00:53:18.0140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/21 00:53:18.0731 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/21 00:53:19.0722 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/21 00:53:20.0213 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/21 00:53:20.0904 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/21 00:53:21.0735 massfilter (59f57b06d1e3c7a3f22d62c7c5b4c3c3) C:\WINDOWS\system32\drivers\massfilter.sys
2010/10/21 00:53:22.0196 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys
2010/10/21 00:53:22.0597 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/21 00:53:23.0037 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/21 00:53:23.0358 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/21 00:53:23.0848 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/21 00:53:24.0589 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/10/21 00:53:25.0781 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/21 00:53:26.0552 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/21 00:53:27.0273 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/21 00:53:27.0904 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/21 00:53:28.0365 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/21 00:53:28.0675 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/21 00:53:29.0206 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/21 00:53:29.0677 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/21 00:53:30.0077 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/21 00:53:30.0598 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/21 00:53:30.0929 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/21 00:53:31.0409 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/21 00:53:31.0990 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/21 00:53:32.0531 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/21 00:53:33.0132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/21 00:53:34.0263 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/21 00:53:34.0864 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/21 00:53:35.0555 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/21 00:53:35.0916 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/21 00:53:36.0436 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/21 00:53:37.0057 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/10/21 00:53:37.0598 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/21 00:53:38.0069 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/21 00:53:38.0519 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/21 00:53:38.0960 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/21 00:53:40.0462 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/21 00:53:42.0565 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/21 00:53:42.0966 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/21 00:53:43.0647 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/21 00:53:44.0067 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/21 00:53:44.0498 PxHelp20 (cdead57b9944c7cfa52e30a69455a51e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/10/21 00:53:47.0733 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/21 00:53:48.0444 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/10/21 00:53:48.0944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/21 00:53:49.0505 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/21 00:53:50.0016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/21 00:53:50.0617 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/21 00:53:51.0098 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/21 00:53:51.0799 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/21 00:53:52.0309 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/21 00:53:53.0311 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/21 00:53:56.0295 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/21 00:54:02.0925 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/21 00:54:04.0517 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/21 00:54:07.0812 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2010/10/21 00:54:08.0773 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/21 00:54:09.0484 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/21 00:54:10.0075 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/21 00:54:10.0656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/21 00:54:12.0869 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/21 00:54:35.0962 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/21 00:54:36.0753 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/21 00:54:37.0304 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/21 00:54:37.0655 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/21 00:54:38.0165 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/21 00:54:41.0770 TOSHIBASoftModem (fb978ef3d4f53382ee4ee7c2293ae1c5) C:\WINDOWS\system32\DRIVERS\LTSM.sys
2010/10/21 00:54:43.0052 tridxp (f17c59ec51b649077eb7c44079a8f449) C:\WINDOWS\system32\DRIVERS\tridxpm.sys
2010/10/21 00:54:43.0663 TVALD (20b6be2a69c7547a09f67c3e67a2bdd5) C:\WINDOWS\system32\DRIVERS\TVALD.SYS
2010/10/21 00:54:44.0094 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/21 00:54:45.0285 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/21 00:54:46.0037 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/21 00:54:46.0718 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/21 00:54:47.0298 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/21 00:54:48.0130 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/21 00:54:48.0710 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/21 00:54:49.0802 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/21 00:54:50.0743 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/21 00:54:51.0735 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/10/21 00:54:52.0596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/21 00:54:53.0547 wlluc48 (dca17912a1926ae427537648fc0e74d5) C:\WINDOWS\system32\DRIVERS\wlluc48.sys
2010/10/21 00:54:54.0709 ZTEusbmdm6k (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
2010/10/21 00:54:55.0350 ZTEusbnmea (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
2010/10/21 00:54:55.0941 ZTEusbser6k (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
2010/10/21 00:54:56.0552 ================================================================================
2010/10/21 00:54:56.0552 Scan finished
2010/10/21 00:54:56.0552 ================================================================================

broni · 2010/10/20

Please download [color= "#CC0000"]The Avenger[/color] by Swandog46 to your Desktop.
- Right click on the Avenger.zip folder and select Extract All...
- Follow the prompts and extract the avenger folder to your desktop

Double click on avenger.exe.
Click OK in pop-up window.

Avenger window will open.

Click on Execute button.
Click OK in two consecutive pop-up windows.

Your computer will re-boot now.

Upon re-boot, Notepad window will open.
Select all text, copy it, and paste it into next reply.

NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.

Ant S · 2010/10/22

Hi, Broni! Avenger log below.

Ant S · 2010/10/22

Avenger log

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

broni · 2010/10/22

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Code:
Begin copying here:
Files to delete:
c:\windows\system32\dllcache\moviemk.exe
c:\windows\system32\DRIVERS\GenericMount.sys
c:\windows\system32\drivers\sjskpvmj.dat
2. Now, open the Avenger folder and start The Avenger program by clicking on its icon.

* Right click on the window under Input script here:, and select Paste.
* You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
* Click on Execute
* Answer "Yes" twice when prompted.

3. The Avenger will automatically do the following:

* It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete ", The Avenger will actually restart your system twice.)
* On reboot, it will briefly open a black command window on your desktop, this is normal.
* After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
* The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply

Ant S · 2010/10/22

OK. Avenger log to follow.

Ant S · 2010/10/22

Avenger log

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\dllcache\moviemk.exe" deleted successfully.

Error: file "c:\windows\system32\DRIVERS\GenericMount.sys" not found!
Deletion of file "c:\windows\system32\DRIVERS\GenericMount.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\drivers\sjskpvmj.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

broni · 2010/10/22

Finally!

What are the current computer issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Ant S · 2010/10/23

Thanks, Broni. I don't know what you're doing, but it looks impressive!

There are no (observable) issues with the PC right now. OTL logs to follow.

Ant S · 2010/10/23

OTL.Txt log (part 1)

OTL logfile created on: 23/10/2010 15:35:53 - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Ant\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

367.00 Mb Total Physical Memory | 172.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 700 1104 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.35 Gb Total Space | 0.57 Gb Free Space | 6.15% Space Free | Partition Type: FAT32
Drive F: | 3.73 Gb Total Space | 1.82 Gb Free Space | 48.76% Space Free | Partition Type: FAT32
Drive G: | 21.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SATELLITE1800 | User Name: Ant | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/23 15:28:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ant\Desktop\OTL.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2008/04/14 05:42:32 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/11/21 10:16:48 | 000,098,304 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2001/11/20 15:03:14 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPWRTRAY.EXE
PRC - [2001/09/26 10:14:48 | 000,102,400 | ---- | M] (Toshiba Corporation) -- C:\Program Files\Toshiba\Toshiba Controls\TFncKy.exe
PRC - [2001/07/25 21:45:02 | 000,045,056 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe

========== Modules (SafeList) ==========

MOD - [2010/10/23 15:28:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ant\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2000/07/31 14:52:18 | 000,049,152 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\EzAuto.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ant\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/01/28 13:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2009/09/07 15:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/09/07 15:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/09/07 15:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/09/07 15:55:58 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2004/08/03 22:32:22 | 000,231,552 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (ALiADWDM)
DRV - [2004/08/03 22:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2001/09/26 21:34:00 | 000,799,816 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (TOSHIBASoftModem)
DRV - [2001/09/26 19:42:44 | 000,221,824 | ---- | M] (Trident Microsystems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tridxpm.sys -- (tridxp)
DRV - [2001/09/24 04:36:28 | 000,075,776 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPUATA.sys -- (HPUATA)
DRV - [2001/09/11 10:54:32 | 000,038,425 | R--- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/18 14:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:23:58 | 000,005,264 | ---- | M] (Toshiba Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS -- (TVALD)
DRV - [2001/08/08 18:54:40 | 000,049,585 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

O1 HOSTS File: ([2010/10/21 00:42:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Nectar Search Toolbar BHO) - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Ant\Start Menu\Programs\Startup\Books on Loan.lnk = C:\BOOK\BOOKSU.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ebay.co.uk ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: google.co.uk ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hotmail.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: passport.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: three.co.uk ([]* in Trusted sites)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/E/1/F/E1F6B9B3-49AA-42BB-9115-D9FB57768CC2/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ant\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ant\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/12/05 15:51:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/11/25 15:45:52 | 000,000,510 | R--- | M] () - G:\AUTORUN.DAT -- [ CDFS ]
O32 - AutoRun File - [2008/02/18 14:48:26 | 000,027,750 | R--- | M] () - G:\AUTORUN.ICO -- [ CDFS ]
O32 - AutoRun File - [2008/09/24 17:09:06 | 000,000,054 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/23 15:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\Desktop\[Active] Problems with virus attack - Page 3_files
[2010/10/23 15:27:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ant\Desktop\OTL.exe
[2010/10/23 11:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\Local Settings\Application Data\WMTools Downloaded Files
[2010/10/23 11:41:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/10/23 11:41:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ant\My Documents\My Videos
[2010/10/22 21:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\usrusmt2.tmp
[2010/10/22 20:48:36 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/10/22 13:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\My Documents\USMT2.UNC
[2010/10/21 01:02:40 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/10/21 00:50:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/17 23:52:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/17 23:52:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/17 23:52:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/17 23:52:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/16 16:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\Application Data\Windows Live Writer
[2010/10/16 16:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\Local Settings\Application Data\Windows Live Writer
[2010/10/16 10:58:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Ant\UserData
[2010/10/16 09:19:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/16 09:07:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/16 09:06:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/15 21:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\Desktop\AV Done
[2010/10/15 20:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\Application Data\Malwarebytes
[2010/10/15 19:29:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/15 19:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/15 19:28:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/15 19:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/15 13:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/10/15 13:01:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/10/15 12:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/10 18:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\My Documents\Checkout - Thank you for your order - Tesco Groceries_files
[2010/10/08 20:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\My Documents\Downloads
[2010/10/08 20:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\Local Settings\Application Data\Deployment
[2010/10/03 00:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\LAME
[2010/10/02 23:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\Application Data\AccurateRip
[2010/09/22 23:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/09/10 10:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\My Documents\FOI papers
[2010/09/07 17:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\ExamDiff
[2010/08/24 20:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\Console
[2010/08/24 11:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\Application Data\Symantec
[2010/08/20 16:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2010/08/17 09:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\Desktop\Junk
[2010/08/16 07:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\Local Settings\Application Data\Symantec_Corporation
[2010/08/15 20:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/08/15 20:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2010/08/12 20:50:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/10 10:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\Application Data\Trusteer
[2010/08/10 10:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/08/05 06:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ant\Application Data\FCTB000061465
[2010/08/05 06:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Nectar Search Toolbar
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ant\*.tmp files -> C:\Documents and Settings\Ant\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/23 15:36:02 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/10/23 15:33:08 | 000,093,976 | ---- | M] () -- C:\Documents and Settings\Ant\Desktop\[Active] Problems with virus attack - Page 3.htm
[2010/10/23 15:28:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ant\Desktop\OTL.exe
[2010/10/23 15:19:08 | 000,001,796 | ---- | M] () -- C:\WINDOWS\WINWORD6.INI
[2010/10/23 15:17:18 | 000,001,607 | ---- | M] () -- C:\WINDOWS\EXCEL5.INI
[2010/10/23 11:42:44 | 000,000,067 | ---- | M] () -- C:\WINDOWS\PPTVIEW.INI
[2010/10/23 11:40:42 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/23 11:34:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/23 09:50:24 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Ant\Desktop\Do.xls
[2010/10/23 09:39:42 | 000,014,088 | ---- | M] () -- C:\Documents and Settings\Ant\Desktop\To Do.xls
[2010/10/22 21:40:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Ant\Local Settings\Application Data\FASTWiz.html
[2010/10/22 21:37:58 | 000,156,008 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Checkout confirmation - Tesco_com.mht
[2010/10/22 20:59:16 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Ant\Desktop\[Active] Problems with virus attack - Page 3.url
[2010/10/22 20:40:02 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\avenger.zip
[2010/10/22 13:52:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/20 15:51:24 | 000,049,263 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\101020 Letter to FFHE.rtf
[2010/10/20 08:25:52 | 000,222,720 | ---- | M] () -- C:\Documents and Settings\Ant\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/19 21:06:06 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\TODO2.XLS
[2010/10/19 20:18:12 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\ICO to C _ letter (19_10_10) (2).doc
[2010/10/19 20:14:36 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\ICO to C _ letter (19_10_10) (1).doc
[2010/10/19 20:09:20 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\ICO to C _ letter (19_10_10).doc
[2010/10/19 19:27:14 | 002,061,824 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\T2 General Regulatory Chamber Appeal Leaflet Information Tribunal 17Dec09.doc
[2010/10/19 19:26:54 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\T2 GRC UT11 Guidance Note All Jurisdictions 17Dec09.doc
[2010/10/19 19:25:06 | 000,331,264 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\GRC Application Form UT11.doc
[2010/10/16 22:07:40 | 000,035,203 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Experian - How do I cancel my CreditExpert membership.htm
[2010/10/16 22:06:34 | 000,293,933 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\CreditExpert_co_uk - My credit report.mht
[2010/10/16 22:05:46 | 000,209,809 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\CreditExpert_co_uk - Your Credit Report Summary.mht
[2010/10/16 22:05:24 | 000,197,536 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\CreditExpert_co_uk - View my credit report.mht
[2010/10/16 22:01:02 | 000,338,619 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - CIFAS, UK Fraud Prevention Service Registered Alerts.mht
[2010/10/16 22:00:18 | 000,333,725 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Gone Away Records.mht
[2010/10/16 21:59:40 | 000,332,041 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Property Valuation and the Registers of Scotland (ROS).mht
[2010/10/16 21:58:50 | 000,339,561 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Previous Searches.mht
[2010/10/16 21:58:06 | 000,010,646 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Equifax Online Help - How do I cancel, amend or upgrade my Equifax subscription.htm
[2010/10/16 21:58:00 | 000,080,625 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Equifax Online Help - How do I cancel, amend or upgrade my Equifax subscription.mht
[2010/10/16 21:57:36 | 000,333,304 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Notice of Correction.mht
[2010/10/16 21:56:56 | 000,343,948 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Court Information and other public records.mht
[2010/10/16 21:55:38 | 000,518,952 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Credit Agreements.mht
[2010/10/16 21:54:50 | 000,336,586 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Electoral Roll.mht
[2010/10/16 21:54:14 | 000,330,780 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Financial Associates.mht
[2010/10/16 21:53:14 | 000,332,943 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Personal Information.mht
[2010/10/16 21:42:16 | 000,473,713 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Wilmslow South - Cheshire Constabulary.mht
[2010/10/16 20:07:20 | 000,002,404 | ---- | M] () -- C:\WINDOWS\EXCEL5.XLB
[2010/10/16 16:25:38 | 001,361,756 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Peppered salmon Recipes Good Food Channel.mht
[2010/10/16 09:20:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/16 00:32:16 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/15 10:33:16 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 09:50:38 | 000,000,081 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Virtool- Win32-obfuscator!mal.url
[2010/10/15 00:49:30 | 000,000,340 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Generic host process for win32 services has encountered a problem and needs to close. - Page 3.url
[2010/10/12 18:34:06 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\GEN.XLS
[2010/10/12 18:02:40 | 000,667,727 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Checkout - Thank you for your order - Tesco Groceries.mht
[2010/10/10 19:10:04 | 000,000,161 | ---- | M] () -- C:\WINDOWS\msffile.ini
[2010/10/10 18:20:04 | 000,041,844 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Checkout - Thank you for your order - Tesco Groceries.htm
[2010/10/10 15:07:40 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2856520603-3802400216-3657561249-1005Core.job
[2010/10/06 16:21:00 | 000,049,373 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Choose and Book.mht
[2010/10/05 18:50:00 | 000,344,746 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Maple Leaf Macro Volatility Master Fund & Anor v Rouvroy & Anor [2009] EWHC 257 (Comm) (19 February 2009).htm
[2010/10/05 18:44:56 | 000,013,161 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Maitland Chambers Khodari v Al Tamimi summary.htm
[2010/10/03 22:01:36 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Ant\Desktop\Prepare TEMP1.lnk
[2010/10/03 13:09:32 | 000,002,260 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\2010 pic6.jpg
[2010/10/03 12:48:00 | 000,002,714 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\2009-3 Me.jpg
[2010/10/03 09:38:04 | 000,044,348 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\LAME - Hydrogenaudio Knowledgebase.htm
[2010/09/28 13:05:08 | 000,010,832 | -H-- | M] () -- C:\WINDOWS\System32\TDisPLUS.GID
[2010/09/15 22:40:04 | 000,242,868 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\The Education (Mandatory Awards) Regulations 1990 No_ 1628.htm
[2010/09/15 12:42:54 | 000,344,220 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\BBC - Food - Recipes Jerk chicken with rice and red 'slaw.mht
[2010/09/14 21:09:30 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\Ant\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2010/09/13 08:20:42 | 000,110,626 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Essex girls the cheapest dates - *Your Cash - MSN Money UK.htm
[2010/09/10 23:13:08 | 000,012,380 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\XLPharmacy_com My Account.htm
[2010/09/10 22:53:44 | 000,078,966 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\XLPharmacy_com - Confirmation.mht
[2010/09/06 22:09:04 | 000,000,124 | ---- | M] () -- C:\WINDOWS\fileman.ini
[2010/09/05 09:59:02 | 000,123,538 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\EA-2006-0011 guardiannews_HBrooke_v_infocomm [section 58 - the word 'or'].pdf
[2010/08/28 20:37:48 | 000,778,116 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Hulme 1993 (large scale).jpg
[2010/08/28 20:37:14 | 000,645,998 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Hulme 1993.jpg
[2010/08/27 10:10:42 | 000,137,863 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\demi moore.jpg
[2010/08/26 14:29:36 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Ant\Desktop\Retrieve TEMP1 from USB.lnk
[2010/08/23 19:27:42 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\Ant\Desktop\Quintiles.url
[2010/08/05 06:26:58 | 000,887,101 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Argos - www_argos_co_uk.mht
[2010/08/02 17:43:48 | 000,106,015 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\Bullworker1.jpg
[2010/07/29 08:25:12 | 000,406,618 | ---- | M] () -- C:\Documents and Settings\Ant\My Documents\BBC - BBC Radio 3 Programmes - Late Junction, Wednesday - Fiona Talkington.mht
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ant\*.tmp files -> C:\Documents and Settings\Ant\*.tmp -> ]

Ant S · 2010/10/23

OTL.Txt log (part 2)

========== Files Created - No Company Name ==========

[2010/10/23 15:33:10 | 000,093,976 | ---- | C] () -- C:\Documents and Settings\Ant\Desktop\[Active] Problems with virus attack - Page 3.htm
[2010/10/23 11:42:38 | 000,000,067 | ---- | C] () -- C:\WINDOWS\PPTVIEW.INI
[2010/10/22 21:37:52 | 000,156,008 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Checkout confirmation - Tesco_com.mht
[2010/10/22 20:59:14 | 000,000,276 | ---- | C] () -- C:\Documents and Settings\Ant\Desktop\[Active] Problems with virus attack - Page 3.url
[2010/10/22 20:38:59 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\avenger.zip
[2010/10/22 20:02:53 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/10/22 13:44:04 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Ant\Local Settings\Application Data\FASTWiz.html
[2010/10/22 13:39:42 | 000,068,759 | ---- | C] () -- C:\Documents and Settings\Ant\Local Settings\Application Data\FASTWiz.log
[2010/10/20 15:51:27 | 000,049,263 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\101020 Letter to FFHE.rtf
[2010/10/19 20:18:01 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\ICO to C _ letter (19_10_10) (2).doc
[2010/10/19 20:14:29 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\ICO to C _ letter (19_10_10) (1).doc
[2010/10/19 20:09:17 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\ICO to C _ letter (19_10_10).doc
[2010/10/19 19:26:59 | 002,061,824 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\T2 General Regulatory Chamber Appeal Leaflet Information Tribunal 17Dec09.doc
[2010/10/19 19:26:51 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\T2 GRC UT11 Guidance Note All Jurisdictions 17Dec09.doc
[2010/10/19 19:25:01 | 000,331,264 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\GRC Application Form UT11.doc
[2010/10/17 23:52:20 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/17 23:52:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/17 23:52:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/17 23:52:20 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/17 23:52:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/17 10:16:07 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Ant\Desktop\Do.xls
[2010/10/16 22:07:38 | 000,035,203 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Experian - How do I cancel my CreditExpert membership.htm
[2010/10/16 22:06:31 | 000,293,933 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\CreditExpert_co_uk - My credit report.mht
[2010/10/16 22:05:37 | 000,209,809 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\CreditExpert_co_uk - Your Credit Report Summary.mht
[2010/10/16 22:05:15 | 000,197,536 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\CreditExpert_co_uk - View my credit report.mht
[2010/10/16 22:00:58 | 000,338,619 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - CIFAS, UK Fraud Prevention Service Registered Alerts.mht
[2010/10/16 22:00:16 | 000,333,725 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Gone Away Records.mht
[2010/10/16 21:59:38 | 000,332,041 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Property Valuation and the Registers of Scotland (ROS).mht
[2010/10/16 21:58:47 | 000,339,561 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Previous Searches.mht
[2010/10/16 21:58:03 | 000,010,646 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Equifax Online Help - How do I cancel, amend or upgrade my Equifax subscription.htm
[2010/10/16 21:57:55 | 000,080,625 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Equifax Online Help - How do I cancel, amend or upgrade my Equifax subscription.mht
[2010/10/16 21:57:32 | 000,333,304 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Notice of Correction.mht
[2010/10/16 21:56:54 | 000,343,948 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Court Information and other public records.mht
[2010/10/16 21:55:35 | 000,518,952 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Credit Agreements.mht
[2010/10/16 21:54:49 | 000,336,586 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Electoral Roll.mht
[2010/10/16 21:54:12 | 000,330,780 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Financial Associates.mht
[2010/10/16 21:53:10 | 000,332,943 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Equifax Personal Solutions - Personal Information.mht
[2010/10/16 21:42:06 | 000,473,713 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Wilmslow South - Cheshire Constabulary.mht
[2010/10/16 16:25:33 | 001,361,756 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Peppered salmon Recipes Good Food Channel.mht
[2010/10/16 09:20:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/16 09:19:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/15 09:50:36 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Virtool- Win32-obfuscator!mal.url
[2010/10/15 00:49:28 | 000,000,340 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Generic host process for win32 services has encountered a problem and needs to close. - Page 3.url
[2010/10/12 18:02:37 | 000,667,727 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Checkout - Thank you for your order - Tesco Groceries.mht
[2010/10/10 19:10:00 | 000,000,161 | ---- | C] () -- C:\WINDOWS\msffile.ini
[2010/10/10 18:19:53 | 000,041,844 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Checkout - Thank you for your order - Tesco Groceries.htm
[2010/10/08 20:44:13 | 000,000,916 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2856520603-3802400216-3657561249-1005Core.job
[2010/10/06 16:20:50 | 000,049,373 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Choose and Book.mht
[2010/10/05 18:49:57 | 000,344,746 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Maple Leaf Macro Volatility Master Fund & Anor v Rouvroy & Anor [2009] EWHC 257 (Comm) (19 February 2009).htm
[2010/10/05 18:44:53 | 000,013,161 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Maitland Chambers Khodari v Al Tamimi summary.htm
[2010/10/03 13:11:04 | 000,002,260 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\2010 pic6.jpg
[2010/10/03 13:05:15 | 000,002,714 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\2009-3 Me.jpg
[2010/10/03 09:37:59 | 000,044,348 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\LAME - Hydrogenaudio Knowledgebase.htm
[2010/09/15 22:40:03 | 000,242,868 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\The Education (Mandatory Awards) Regulations 1990 No_ 1628.htm
[2010/09/15 12:42:44 | 000,344,220 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\BBC - Food - Recipes Jerk chicken with rice and red 'slaw.mht
[2010/09/14 21:09:28 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Ant\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2010/09/13 08:20:39 | 000,110,626 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Essex girls the cheapest dates - *Your Cash - MSN Money UK.htm
[2010/09/10 23:13:06 | 000,012,380 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\XLPharmacy_com My Account.htm
[2010/09/10 22:53:31 | 000,078,966 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\XLPharmacy_com - Confirmation.mht
[2010/09/10 10:03:51 | 000,014,088 | ---- | C] () -- C:\Documents and Settings\Ant\Desktop\To Do.xls
[2010/09/06 19:40:50 | 000,000,124 | ---- | C] () -- C:\WINDOWS\fileman.ini
[2010/09/05 09:58:59 | 000,123,538 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\EA-2006-0011 guardiannews_HBrooke_v_infocomm [section 58 - the word 'or'].pdf
[2010/08/31 10:07:14 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\GEN.XLS
[2010/08/30 08:22:38 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Ant\Desktop\Prepare TEMP1.lnk
[2010/08/28 20:37:38 | 000,778,116 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Hulme 1993 (large scale).jpg
[2010/08/28 20:37:04 | 000,645,998 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Hulme 1993.jpg
[2010/08/27 10:10:40 | 000,137,863 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\demi moore.jpg
[2010/08/26 09:57:20 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Ant\Desktop\Retrieve TEMP1 from USB.lnk
[2010/08/23 19:27:40 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\Ant\Desktop\Quintiles.url
[2010/08/05 06:26:55 | 000,887,101 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Argos - www_argos_co_uk.mht
[2010/08/02 17:43:45 | 000,106,015 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\Bullworker1.jpg
[2010/07/29 08:25:04 | 000,406,618 | ---- | C] () -- C:\Documents and Settings\Ant\My Documents\BBC - BBC Radio 3 Programmes - Late Junction, Wednesday - Fiona Talkington.mht
[2010/06/05 15:32:52 | 000,000,031 | ---- | C] () -- C:\WINDOWS\VBA.INI
[2010/06/05 14:39:53 | 000,000,009 | ---- | C] () -- C:\WINDOWS\WINHLP32.INI
[2010/05/06 17:52:30 | 000,000,261 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/05/03 11:28:27 | 000,004,263 | -HS- | C] () -- C:\WINDOWS\windllreg1c.sys
[2010/04/29 11:49:37 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/13 22:33:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2010/03/30 12:00:31 | 000,000,151 | ---- | C] () -- C:\WINDOWS\CALCONV.INI
[2010/03/24 07:32:17 | 000,003,634 | ---- | C] () -- C:\WINDOWS\SETUPWIZ.INI
[2010/03/19 02:38:38 | 000,222,720 | ---- | C] () -- C:\Documents and Settings\Ant\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/17 14:53:14 | 000,001,796 | ---- | C] () -- C:\WINDOWS\WINWORD6.INI
[2010/03/17 14:51:43 | 000,002,746 | ---- | C] () -- C:\WINDOWS\ARTGALRY.INI
[2010/03/17 14:43:26 | 000,000,124 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2010/03/17 14:42:56 | 000,001,768 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2010/03/17 14:40:41 | 000,000,412 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2010/03/17 14:40:36 | 000,001,607 | ---- | C] () -- C:\WINDOWS\EXCEL5.INI
[2010/03/17 14:23:16 | 000,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI
[2010/03/17 14:23:01 | 000,000,535 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[2010/03/17 14:22:48 | 000,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[2009/07/13 10:35:56 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2009/07/13 10:35:56 | 000,466,944 | ---- | C] () -- C:\WINDOWS\RemoveDevice.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2001/12/06 14:33:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/12/06 14:25:10 | 000,004,577 | ---- | C] () -- C:\WINDOWS\Tcds.ini
[2001/12/06 13:25:29 | 000,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2001/12/06 13:25:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2001/12/06 13:25:29 | 000,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2001/12/06 13:25:29 | 000,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2001/12/06 11:42:29 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TVCtrl.dll
[2001/12/06 11:42:27 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GenCtrl.dll
[2001/12/06 11:42:27 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\LCDCtrl.dll
[2001/12/06 11:42:27 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\Multview.dll
[2001/12/06 11:42:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CRTCtrl.dll
[2001/12/06 11:42:25 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ColorCtr.dll
[2001/12/05 16:01:57 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/12/05 15:40:16 | 000,004,349 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/11/30 17:13:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/08/31 15:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[1996/11/14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 00:00:00 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1980/01/01 00:00:00 | 000,000,082 | ---- | C] () -- C:\WINDOWS\CLOCK.INI

========== LOP Check ==========

[2010/03/14 18:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/03/14 20:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2010/08/10 10:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/08/15 20:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2001/12/06 13:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ant\Application Data\InterTrust
[2010/03/23 16:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ant\Application Data\VERITAS
[2010/03/25 21:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ant\Application Data\WordWeb
[2010/04/13 22:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ant\Application Data\Birdstep Technology
[2010/08/05 06:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ant\Application Data\FCTB000061465
[2010/08/10 10:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ant\Application Data\Trusteer
[2010/10/16 16:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ant\Application Data\Windows Live Writer
[2010/10/23 11:40:42 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/10/23 15:36:02 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2001/12/05 15:23:48 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2010/03/20 18:40:16 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/03/14 19:46:14 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/10/16 09:20:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2001/12/05 15:51:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2001/12/05 15:51:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2001/12/05 15:51:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2001/12/05 15:51:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/21 00:50:06 | 000,011,084 | ---- | M] () -- C:\ComboFix.txt
[2010/10/23 11:34:12 | 734,003,200 | -HS- | M] () -- C:\pagefile.sys
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/03/14 19:59:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/21 00:51:16 | 000,001,972 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_21.10.2010_00.51.09_log.txt
[2010/10/21 00:56:22 | 000,033,272 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_21.10.2010_00.51.52_log.txt
[2010/07/20 17:15:50 | 000,055,225 | ---- | M] () -- C:\tv3d_debug.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2001/12/05 15:50:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2001/12/05 15:38:54 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2001/12/05 15:38:54 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2001/12/05 15:38:54 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/03/20 19:04:54 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/20 21:15:02 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Ant\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/03/14 20:10:14 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Ant\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/23 15:28:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ant\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/03/23 19:29:12 | 000,020,480 | ---- | M] (Itneccas) -- C:\Documents and Settings\Ant\My Documents\randomnumber.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/03/20 21:15:02 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Ant\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
Copy of msiexec.exe

< dir /b "%systemroot%\*.exe" | find /i " " /c >
File List Viewer Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/23 15:34:24 | 001,179,648 | ---- | M] () -- C:\Documents and Settings\Ant\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 05:42:40 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2000/12/05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2001/08/01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2001/05/22 13:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2001/03/07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2004/07/17 11:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
[2004/07/17 11:41:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/07/17 11:41:10 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/07/17 11:41:10 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/07/17 11:41:10 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/05/02 14:01:50 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Ant S · 2010/10/23

Extras.Txt log

OTL Extras logfile created on: 23/10/2010 15:35:53 - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Ant\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

367.00 Mb Total Physical Memory | 172.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 700 1104 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.35 Gb Total Space | 0.57 Gb Free Space | 6.15% Space Free | Partition Type: FAT32
Drive F: | 3.73 Gb Total Space | 1.82 Gb Free Space | 48.76% Space Free | Partition Type: FAT32
Drive G: | 21.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SATELLITE1800 | User Name: Ant | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nectar Search Toolbar\ToolbarUpdate.exe" = C:\Program Files\Nectar Search Toolbar\ToolbarUpdate.exe:*:Enabled:Nectar Search Toolbar (Update) -- (FreeCause Inc.)
"C:\Program Files\Nectar Search Toolbar\TroubleShooter.exe" = C:\Program Files\Nectar Search Toolbar\TroubleShooter.exe:*:Enabled:Nectar Search Toolbar (Helper) -- (FreeCause Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\WINDOWS\System32\mmc.exe" = C:\WINDOWS\System32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0C7D85B0-8569-11D4-91EA-00003914300F}" = Network Device Switch
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{700C359B-A0A6-4851-8D66-23375EA7647A}" = Toshiba Manuals
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8214CC02-6271-4DC8-B8DD-779933450264}" = HP RecordNow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A01D570A-B7B8-4E11-8B5F-6A1043B95C5B}" = TOSHIBA Controls
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ALi Audio Accelerator WDM Driver" = ALi Audio Accelerator WDM Driver
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ExamDiff_is1" = ExamDiff 1.8 (Build 1.8.0.5)
"File List Viewer" = File List Viewer
"HijackThis" = HijackThis 2.0.2
"IrfanView" = IrfanView (remove only)
"LHTTSENG" = L&H TTS3000 British English
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Nectar Search Toolbar" = Nectar Search Toolbar
"ReadPlease 2003_is1" = ReadPlease 2003/ReadPlease PLUS 2003
"Recuva" = Recuva
"Speccy" = Speccy
"STARWARS: The Battle of Endor v2.1_is1" = STARWARS: The Battle of Endor version 2.1
"STARWARS: The Battle of Yavin v1.1_is1" = STARWARS: The Battle of Yavin version 1.1
"Toshiba Power Saver" = TOSHIBA Power Saver
"Toshiba Soft Modem" = Toshiba Soft Modem AMR
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Utilities" = Toshiba Utilities
"Tweak UI 2.10" = Tweak UI
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"WordWeb" = WordWeb
"ZTE_MF627_LEGACY_DRIVER_1.2059.0.4" = ZTE_MF627_USB_MODEM_1.2059.0.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/07/2010 06:37:04 | Computer Name = SATELLITE1800 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 02/07/2010 14:26:29 | Computer Name = SATELLITE1800 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 03/07/2010 09:36:13 | Computer Name = SATELLITE1800 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 03/07/2010 09:36:16 | Computer Name = SATELLITE1800 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 03/07/2010 09:43:26 | Computer Name = SATELLITE1800 | Source = Application Error | ID = 1000
Description = Faulting application sprint.exe, version 4.0.2.47, faulting module
image.dll, version 4.0.0.0, fault address 0x00033a15.

Error - 03/07/2010 09:44:16 | Computer Name = SATELLITE1800 | Source = Application Error | ID = 1000
Description = Faulting application sprint.exe, version 4.0.2.47, faulting module
image.dll, version 4.0.0.0, fault address 0x00033a15.

Error - 03/07/2010 09:45:42 | Computer Name = SATELLITE1800 | Source = Application Error | ID = 1000
Description = Faulting application sprint.exe, version 4.0.2.47, faulting module
image.dll, version 4.0.0.0, fault address 0x00033a15.

Error - 03/07/2010 13:25:07 | Computer Name = SATELLITE1800 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/07/2010 13:26:04 | Computer Name = SATELLITE1800 | Source = Application Hang | ID = 1001
Description = Fault bucket 724398357.

Error - 04/07/2010 14:41:52 | Computer Name = SATELLITE1800 | Source = MSSecurityEssentials | ID = 5000
Description =

[ System Events ]
Error - 22/10/2010 15:51:56 | Computer Name = SATELLITE1800 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 22/10/2010 16:43:30 | Computer Name = SATELLITE1800 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 22/10/2010 18:12:53 | Computer Name = SATELLITE1800 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 22/10/2010 18:49:54 | Computer Name = SATELLITE1800 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 22/10/2010 19:21:13 | Computer Name = SATELLITE1800 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 22/10/2010 20:11:40 | Computer Name = SATELLITE1800 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 22/10/2010 20:13:15 | Computer Name = SATELLITE1800 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 23/10/2010 05:55:47 | Computer Name = SATELLITE1800 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Kingston DataTraveler
G2 USB Device.

Error - 23/10/2010 05:55:50 | Computer Name = SATELLITE1800 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Kingston DataTraveler
G2 USB Device.

Error - 23/10/2010 10:20:25 | Computer Name = SATELLITE1800 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

< End of report >

Log in or Sign up

Solved Problems with virus attack

broni Moderator Malware Analyst

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

broni Moderator Malware Analyst

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

broni Moderator Malware Analyst

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

broni Moderator Malware Analyst

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

broni Moderator Malware Analyst

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

broni Moderator Malware Analyst

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Problems with virus attack

broni Moderator Malware Analyst

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

broni Moderator Malware Analyst

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

broni Moderator Malware Analyst

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

broni Moderator Malware Analyst

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

broni Moderator Malware Analyst

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

broni Moderator Malware Analyst

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

Ant S Inactive Thread Starter

Share This Page

Useful Searches