Solved trojan dropper gen infection

Have now been able to access add/remove programs and deleted java updates as requested. many thanks

 

Ok. Go ahead and reboot so that the rootkit can be removed.

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color= "blue"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color= "#3333FF"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.

• Once the files are downloaded click on Next
• Click on Scan Settings and configure as follows:
  • Scan using the following Anti-Virus database:
    • [color= "#6666CC"]Extended[/color]
  • Scan Options:
    • [color= "#6666CC"]Scan Archives[/color]
    • [color= "#6666CC"]Scan Mail Bases[/color]
• Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color= "Navy"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.


To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color= "Navy"]Save as [/color]prompt, [color= "navy"]Save in[/color] area, select: Desktop
In the [color= "navy"]File name[/color] area, use KScan, or something similar
In [color= "navy"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color= "Navy"]Kaspersky Online Scanner Report [/color]in your reply.

 

will do asap - thanks again so much for your expertise!

 

No worries .

 

it didnt give me the scan options archives/mail bases went from downloading the extended database to me selecting my computer to scan - hope this is ok

 

KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, April 4, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, April 04, 2010 11:46:02
Records in database: 3913989
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 125835
Threats found: 2
Infected objects found: 3
Suspicious objects found: 1
Scan duration: 04:47:44


File name / Threat / Threats count
C:\Documents and Settings\Deb\Local Settings\Application Data\Identities\{6014D3D0-EF9B-4CC9-831A-CD589A809834}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Deb\Local Settings\temp\Acr4548.tmp Infected: Exploit.JS.Pdfka.bss 1
C:\Documents and Settings\Deb\Local Settings\temp\Acr5581.tmp Infected: Exploit.JS.Pdfka.bss 1
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\REZQZOJC\274rount[1].pdf Infected: Exploit.JS.Pdfka.bss 1

Selected area has been scanned.

 

I hope this was the full scan as I last saw it complete 88% not sure if internet got disconnected or this is full scan?

 

I still need to know about this one; C:\WINDOWS\jknradee.sys
The report you posted was incorrect. Once the scan is finished, you should get either "Nothing Found," or what actually was found.

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :Files
  C:\Documents and Settings\Deb\Local Settings\Application Data\Identities\{6014D3D0-EF9B-4CC9-831A-CD589A809834}\Microsoft\Outlook Express\Deleted Items.dbx
  
  
  :Commands
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

User: Deb
->Temp folder emptied: 341789048 bytes
->Temporary Internet Files folder emptied: 249636241 bytes
->Java cache emptied: 12262337 bytes
->Apple Safari cache emptied: 9168654 bytes
->Flash cache emptied: 44923 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: HelpAssistant
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 279008 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 168388 bytes
%systemroot%\System32 .tmp files removed: 69641722 bytes
%systemroot%\System32\dllcache .tmp files removed: 68607528 bytes
%systemroot%\System32\drivers .tmp files removed: 68224 bytes
Windows Temp folder emptied: 3511729 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 36480814 bytes

Total Files Cleaned = 758.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.0 log created on 04052010_092218

Files\Folders moved on Reboot...
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\RVO3RV7B\L[5].htm moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\PGP4KELB\92260-active-trojan-dropper-gen-infection-2[1].html moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\PGP4KELB\L[9].htm moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\PGP4KELB\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\28Q76TN2\adsCAM40RHI.htm moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\28Q76TN2\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Will now do quickscan as requested! many thanks for all you are doing!

 

No worries and don't forget that other file .

 

running as we speak - can I also ask I seem to have a dr web user file titled %userprofile% left on my desktop - never had one of these left behind from a doctor web scan before i dont think - or am i just being paranoid now? Also I noticed all of the comp users in the results above im sure there should just be deb and administrator so where have all the rest come from?

 

OTL logfile created on: 05/04/2010 09:35:19 - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Deb\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.60 Gb Total Space | 27.21 Gb Free Space | 18.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEBBIE
Current User Name: Deb
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/04 11:25:33 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deb\Desktop\OTL.exe
PRC - [2010/04/03 07:43:07 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/03 07:42:25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/12 10:50:36 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 10:50:34 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/12 10:50:29 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 10:48:45 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/09/15 15:42:28 | 000,319,488 | ---- | M] () -- C:\Program Files\WebView\WebView-Process-Connector.exe
PRC - [2009/02/23 12:20:24 | 000,176,128 | ---- | M] () -- C:\Program Files\WebView\WebView-Updater.exe
PRC - [2009/02/23 12:20:24 | 000,102,400 | ---- | M] () -- C:\Program Files\WebView\WebView-Reporting.exe
PRC - [2008/08/15 10:39:04 | 003,343,688 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\Webshots.scr
PRC - [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/17 14:59:02 | 000,913,408 | ---- | M] (Sitecom Europe BV.) -- C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
PRC - [2004/11/02 00:55:40 | 000,057,344 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe
PRC - [2004/08/10 23:47:38 | 000,331,776 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2003/10/08 10:41:10 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/04 11:25:33 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deb\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/12 10:50:29 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/17 11:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/23 12:20:24 | 000,176,128 | ---- | M] () [Auto | Running] -- C:\Program Files\WebView\WebView-Updater.exe -- (WebView-Update-Service)
SRV - [2009/02/23 12:20:24 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\WebView\WebView-Reporting.exe -- (WebView-Reporting-Service)
SRV - [2004/11/02 00:55:40 | 000,057,344 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2002/03/15 21:37:46 | 000,081,920 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotukdeals.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files\WebView\ [2010/02/04 18:06:48 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/05 09:27:24 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WebView) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (TNS)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [RRT-Auto] C:\Documents and Settings\Deb\Desktop\RRT.exe File not found
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe (http://www.emule-project.net)
O4 - HKCU..\Run: [EPSON SX510W Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE (Sitecom Europe BV.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\Deb\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : About WebView - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (TNS)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: autoregister.net ([autoreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: brainjuicer.com ([secure] https in Trusted sites)
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} http://www.shopandscan.com/TNSClicker.CAB (TNSClicker.Clicker)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {3D0D2821-8011-4B1F-BE9C-27B8E74CFBEF} http://downloads.virginmedia.com/CST/ver1/VM_ActX_2.cab (VM_ActX_2 Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab (InetDownload Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (Reg Error: Key error.)
O16 - DPF: {C92FAE80-87D0-431D-BA75-3E7A64F5069F} https://media.blinkbox.com/Licensing/Blinkbox.Licensing.cab (ComplianceChecker Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandscan.com/TNSClickrc.CAB (TNSClickerc.Clicker)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Deb\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Deb\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/15 02:04:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 14 Days ==========

[2010/04/05 09:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WebView-Reporting-Service-Spool
[2010/04/05 09:22:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/04 11:25:32 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Deb\Desktop\OTL.exe
[2010/04/04 09:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/04/04 09:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\1 Click PC Fix
[2010/04/03 00:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/03 00:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/02 23:22:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\SiS
[2010/04/02 23:22:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\trayres
[2010/04/02 23:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\SiS VGA Utilities V3.61a
[2010/04/02 23:16:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/04/02 23:14:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/02 23:14:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/02 23:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/02 23:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/02 18:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(3)
[2010/04/02 18:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/02 18:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(3)
[2010/04/02 08:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/04/01 18:14:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SIS(2)
[2010/04/01 18:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\SiS VGA Utilities V3(2).90
[2010/04/01 17:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb\Desktop\uvga3_390
[2010/04/01 16:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb\Desktop\R391_logo
[2010/03/31 09:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 17:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb\Local Settings\Application Data\BlinkBox
[2010/03/30 17:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\blinkbox
[2010/03/29 19:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb\Local Settings\Application Data\Deployment
[2007/10/08 13:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ApplicationHistory
[2007/09/16 11:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/09/15 20:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Share-to-Web Upload Folder
[2007/09/15 20:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/09/12 07:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/04/29 17:55:18 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2005/04/29 17:53:27 | 000,653,960 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2005/04/29 17:53:27 | 000,100,176 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2005/04/29 17:53:27 | 000,013,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2005/04/29 17:53:26 | 001,396,048 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2005/04/29 17:53:26 | 000,229,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2005/04/29 17:53:26 | 000,014,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys

========== Files - Modified Within 14 Days ==========

[2010/04/05 09:43:17 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\qowdk.sys
[2010/04/05 09:39:27 | 058,564,804 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/05 09:29:33 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/05 09:29:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/05 09:28:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/05 09:28:53 | 1576,587,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/05 09:27:49 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\Deb\ntuser.dat
[2010/04/05 09:27:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Deb\ntuser.ini
[2010/04/05 09:27:24 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/04/04 23:35:22 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6DECB844-4F4C-4B16-BC41-417044116927}.job
[2010/04/04 19:48:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job
[2010/04/04 16:47:33 | 000,523,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/04 16:47:33 | 000,445,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/04 16:47:33 | 000,072,566 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/04 11:25:33 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deb\Desktop\OTL.exe
[2010/04/04 10:53:57 | 000,016,244 | ---- | M] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/04/04 10:53:57 | 000,007,302 | ---- | M] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/04/04 10:53:57 | 000,007,148 | ---- | M] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/04/04 10:53:57 | 000,006,282 | ---- | M] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/04/04 07:54:28 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Deb\Desktop\dds.scr
[2010/04/03 21:49:39 | 000,012,210 | -HS- | M] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\XORQ
[2010/04/03 21:49:39 | 000,012,210 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\XORQ
[2010/04/03 18:48:38 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/03 17:45:22 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/03 00:32:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/02 22:30:34 | 000,015,906 | -HS- | M] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\LK2mfPE2j
[2010/04/02 22:30:34 | 000,015,906 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\LK2mfPE2j
[2010/04/02 11:59:23 | 000,402,912 | ---- | M] () -- C:\ituneslib.itl
[2010/04/02 00:18:16 | 000,000,070 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2010/04/02 00:18:16 | 000,000,022 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/03/30 17:21:26 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\blinkbox Download Manager.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/04/04 11:02:59 | 1576,587,264 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/04 10:53:57 | 000,016,244 | ---- | C] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/04/04 10:53:57 | 000,007,302 | ---- | C] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/04/04 10:53:57 | 000,007,148 | ---- | C] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/04/04 10:53:57 | 000,006,282 | ---- | C] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/04/04 07:54:02 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Deb\Desktop\dds.scr
[2010/04/03 19:49:21 | 000,012,210 | -HS- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\XORQ
[2010/04/03 19:49:21 | 000,012,210 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\XORQ
[2010/04/03 19:45:39 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\qowdk.sys
[2010/04/03 17:45:21 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/03 00:45:55 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/03 00:32:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/02 22:20:28 | 000,015,906 | -HS- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\LK2mfPE2j
[2010/04/02 22:20:28 | 000,015,906 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\LK2mfPE2j
[2010/04/02 11:53:38 | 000,402,912 | ---- | C] () -- C:\ituneslib.itl
[2010/04/01 17:33:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2010/04/01 17:33:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2010/04/01 17:33:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2010/04/01 11:08:34 | 008,126,464 | ---- | C] () -- C:\Documents and Settings\Deb\ntuser.dat
[2010/03/30 17:21:23 | 000,200,650 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\BlinkBoxDesktopUpdate.log
[2010/03/30 17:20:25 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\blinkbox Download Manager.lnk
[2010/03/30 17:20:11 | 000,435,506 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\blinkboxDesktopInstall.log
[2010/01/14 16:30:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/01/05 20:39:43 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/11/18 08:55:38 | 000,007,168 | -HS- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\Thumbs.db
[2009/06/15 17:21:40 | 000,000,253 | -H-- | C] () -- C:\Documents and Settings\Deb\hpothb07.tif
[2009/06/15 17:21:40 | 000,000,158 | -H-- | C] () -- C:\Documents and Settings\Deb\hpothb07.dat
[2009/05/14 15:27:36 | 000,007,217 | -HS- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\Folder.jpg
[2009/05/14 15:27:36 | 000,002,072 | -HS- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\AlbumArtSmall.jpg
[2009/05/09 17:57:19 | 000,002,625 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\Failed Copy
[2009/05/09 17:29:53 | 012,939,480 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\moving into light (freemasons mix).mp3
[2009/05/09 16:54:29 | 000,014,662 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\.ipc_copyrecord
[2009/05/09 16:41:12 | 000,016,795 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\Skipping
[2009/05/09 15:30:33 | 000,001,232 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\iTunesPrefs
[2009/05/09 15:26:49 | 000,000,056 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\84756-11986-27475-00TC1-94865
[2008/10/06 16:13:49 | 000,001,418 | ---- | C] () -- C:\Documents and Settings\Deb\Application Data\HPCOM_48BitScanUpdate.log
[2008/10/06 16:13:49 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/10/06 07:41:01 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/18 10:35:05 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/01/01 23:49:47 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2007/11/28 20:45:35 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/11/28 20:45:29 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/11/28 20:45:29 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/11/28 20:45:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/28 20:45:24 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/11/28 20:45:24 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/06/11 13:17:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/04/12 08:57:30 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/21 21:58:55 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2006/11/27 09:57:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/03 09:02:11 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/13 12:57:44 | 000,000,115 | ---- | C] () -- C:\WINDOWS\POSTER.INI
[2006/05/09 11:38:17 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/07 07:44:46 | 000,000,004 | ---- | C] () -- C:\WINDOWS\jknradee.sys
[2006/03/15 11:31:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/11/30 02:04:58 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Deb\ntuser.dat.LOG
[2005/11/30 02:04:58 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Deb\ntuser.ini
[2005/11/30 02:04:58 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\fusioncache.dat
[2005/11/29 20:14:58 | 000,003,780 | ---- | C] () -- C:\Documents and Settings\Deb\Application Data\wklnhst.dat
[2005/11/29 19:58:17 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/11/29 19:48:16 | 000,000,014 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2005/11/29 19:38:54 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2005/04/29 18:09:26 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2005/04/29 18:06:32 | 000,106,346 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/04/29 18:06:11 | 000,102,538 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/04/29 18:03:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2005/04/29 17:58:58 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2005/04/29 17:58:58 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2005/04/29 17:55:18 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/04/29 17:55:18 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/04/29 17:55:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2005/04/29 17:53:27 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2005/04/29 17:53:27 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2005/04/29 17:53:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2005/04/29 17:23:31 | 000,000,613 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2005/02/15 10:44:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/15 00:49:30 | 000,004,190 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/07/01 19:38:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2004/07/01 19:38:38 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2004/07/01 19:38:28 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/07/01 19:38:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/02/18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/11/19 19:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/04/02 23:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/05 20:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2005/11/30 18:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2009/11/24 17:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010/02/25 19:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2005/12/01 16:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/01/07 20:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2007/09/22 08:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2008/11/21 19:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/15 21:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tesco Photobook Creator
[2010/03/16 20:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/11/22 11:29:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0A03A701-F883-4052-859E-496FFE1D2945}
[2010/04/02 18:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/13 20:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/14 16:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/10 17:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Amazon
[2009/05/12 09:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\DiskAid
[2010/03/16 20:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Epson
[2006/11/19 19:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Leadertech
[2009/11/24 17:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Nokia
[2007/10/08 16:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Opera
[2009/11/24 17:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\PC Suite
[2009/01/14 11:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Red Kawa
[2005/05/04 00:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\SampleView
[2009/01/07 20:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Sony
[2006/10/07 09:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Teleca
[2006/01/14 10:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Template
[2010/03/16 16:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\uTorrent
[2007/05/13 17:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Webshots
[2010/04/04 19:48:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job
[2010/04/04 23:35:22 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6DECB844-4F4C-4B16-BC41-417044116927}.job

========== Purity Check ==========


< End of report >

 

There is also a thumbs.db file left on the desktop too!

 

If you want to disable those accounts try this;

- Right Click on My Computer and click on Manage.

- In the Computer Manager window, double click on Local Users and Groups.

- Double click on the Users folder.

- On the right side of that window, you should see all of the available user accounts on your computer. Right Click on the HelpAssistant user account and select Properties.

- In the HelpAssistant Properties window, you will see an option to disable the account. Place a check mark in the box next to that option.

- Do the same for the rest.

- Click OK twice to close those windows.

- Close the Computer Management window.

- Restart the computer.

====

 

I cant actually find the folder local users and groups - and in user accounts in the control panel its only showing deb and a guest account which is off!

 

Have you done the on-line scan of that file?

Do you not see the same as I can in the screenshot?

OTL is only deleting files from all users, whether they are enabled or otherwise .

 

Jotti's malware scan
Filename: jknradee.sys
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Mon 5 Apr 2010 12:18:13 (CET) Permalink



--------------------------------------------------------------------------------
Additional info
File size: 4 bytes
Filetype: Unknown
MD5: f2f0da36185220843b89ada5effdd58c
SHA1: 7cf32a70d55d541328fab620dd985f62ea67a27f







Scanners
2010-04-04 Found nothing 2010-04-05 Found nothing
2010-04-05 Found nothing 2010-04-05 Found nothing
2010-04-05 Found nothing 2010-04-05 Found nothing
2010-04-05 Found nothing 2010-04-05 Found nothing
2010-04-03 Found nothing 2010-04-04 Found nothing
2010-04-05 Found nothing 2010-04-03 Found nothing
2010-04-05 Found nothing 2010-04-05 Found nothing
2010-04-02 Found nothing 2010-04-05 Found nothing
2010-04-05 Found nothing 2010-04-04 Found nothing
2010-04-05 Found nothing 2010-04-04 Found nothing

And no i cant see what you saw - there is no user or groups there!

take it jknradee was the file in question?

how weird both desktop items i mentioned are gone?

 

How is the pc at the moment?

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color= "blue"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color= "#3333FF"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.

• Once the files are downloaded click on Next
• Click on Scan Settings and configure as follows:
  • Scan using the following Anti-Virus database:
    • [color= "#6666CC"]Extended[/color]
  • Scan Options:
    • [color= "#6666CC"]Scan Archives[/color]
    • [color= "#6666CC"]Scan Mail Bases[/color]
• Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color= "Navy"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.


To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color= "Navy"]Save as [/color]prompt, [color= "navy"]Save in[/color] area, select: Desktop
In the [color= "navy"]File name[/color] area, use KScan, or something similar
In [color= "navy"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color= "Navy"]Kaspersky Online Scanner Report [/color]in your reply.

 

hi there - yes computer is much better thanks to you - still a little fearful there is more lurking somewhere though! will do the above scan again now - took 4 and half hours before so will post as soon as i can!

 

Also the kapersky online scanner link doesnt allow me to chose extended or give me scan options apart from location to scan - is this a different version - also error message on clicking on accept license about digital signature?