Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

I think I got a Trojan Please Check HJ LOG

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
Dimigrey
Warrior


Joined: 24 Mar 2010
Last Visit: 29 Mar 2012
Posts: 56

PostPosted: Sat Jan 21, 2012 3:54 am    Post subject: I think I got a Trojan Please Check HJ LOG Reply with quote

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:52:52 AM, on 1/21/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Dimitri\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239968863531
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239968857625
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 6837 bytes
Back to top
View user's profile Send private message
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283

PostPosted: Sat Jan 21, 2012 7:33 am    Post subject: Reply with quote

Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Spyware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.



Hi Dimigrey and welcome to Spyware Warrior Forum :

My name is torreattack, and I will be helping you with your malware problems.

I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer


Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)

Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.


I am currently reviewing your log and will return, as soon as possible, with additional instructions.

By the way, please post an uninstall list of your computer.

Create an Uninstall List
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button
  • Click on the Save list... button and specify where you would like to save this file. When you press the Save button a notepad will open with the contents of that file. Copy and paste the contents of that notepad here in your next reply.



Thank you for your patience.
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Dimigrey
Warrior


Joined: 24 Mar 2010
Last Visit: 29 Mar 2012
Posts: 56

PostPosted: Sat Jan 21, 2012 9:20 am    Post subject: Reply with quote

Acronis True Image
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS2
Adobe Reader X (10.1.1)
Adobe Stock Photos 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Auslogics Disk Defrag
BirdChannel-SS7
Bonjour
CameraHelperMsi
Catalyst Control Center - Branding
CCleaner
Click to Call with Skype
Creative Audio Console
Creative Software AutoUpdate
Docx Reader version 1.0
DVDFab 8.0.9.8 (08/06/2011) Qt
erLT
ERUNT 1.1j
ESET Online Scanner v3
Eudora
Evidence Eliminator
ExtractNow
Facebook Video Calling 1.0.0.8177
Garmin USB Drivers
Garmin WebUpdater
Gigabyte Raid Configurer
GOM Player
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Interlok driver setup x32
iTunes
Java DB 10.6.2.1
Java(TM) 6 Update 26
Kaspersky Anti-Virus 2011
KPG-49D
KPG-56D
KPG-74D
KPG-89D
Logitech Vid HD
Logitech WebCam Driver
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mpg123 and MAD DirectShow Filter (remove only)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH Jukebox
Nero 7 Ultra Edition
neroxml
PCDJ Red Mobile (remove only)
PowerQuest PartitionMagic 8.0
QuickTime
Real Alternative 2.0.2
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Tweak UI
TweakNow PowerPack 2010
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB971029)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip
Yahoo! Messenger
YouTube Downloader 2.6.2
Back to top
View user's profile Send private message
Dimigrey
Warrior


Joined: 24 Mar 2010
Last Visit: 29 Mar 2012
Posts: 56

PostPosted: Sun Jan 22, 2012 5:15 am    Post subject: Reply with quote

How long will it be before we work on my malware?

this could take weeks
Back to top
View user's profile Send private message
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283

PostPosted: Sun Jan 22, 2012 1:39 pm    Post subject: Reply with quote

Hi Dimigrey :

I am sorry for taking so long. As I am an undergraduate, all my reply need to wait for a teacher to double check before I post to you. Sorry.

Let's start.

1. What make you think you got a TROJAN infection?

2. Do you use DEEP FREEZE?
Reference: http://www.faronics.com/en-uk/standard/deep-freeze_en-uk/

3. ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
ERUNT utility program
Download:

  1. Please download ERUNT...by Lars Hederer. Save it to your desktop.
  2. Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
  3. Use the default install settings... say "NO" to the section that asks you to add ERUNT to the Start-Up folder. You can enable this later.
  4. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  5. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
  6. Make sure the first two check boxes -> (Create ERUNT and NTREGOPT desktop icons) are checked.
  7. Click on OK ... then click on "YES" to create the folder.

Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.

  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


4. OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Double click on OTL.exe to run it.
  2. Under Output, ensure that Minimal Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.



5. Checklist
Please post:

  • Answer about Trojan
  • Answer about Deep Freeze
  • OTL.txt and Extra.txt
  • An update on your problems

note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Dimigrey
Warrior


Joined: 24 Mar 2010
Last Visit: 29 Mar 2012
Posts: 56

PostPosted: Sun Jan 22, 2012 4:20 pm    Post subject: Reply with quote

i ran malware bytes And a whole lot of weird things came up

plus the computer is running Dead slow After i found all this stuff on malware
Back to top
View user's profile Send private message
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283

PostPosted: Sun Jan 22, 2012 8:07 pm    Post subject: Reply with quote

Hi Dimigrey:

Thanks for the fast info.

I asked those questions because your log looked quiet ok. Sometime MALWARE can hide from certain scanner, this is why I want you to run a few tools so that I can get more info about the TROJAN.

Please provide me others info that I requested in last post.

Happy Chinese New Year,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Dimigrey
Warrior


Joined: 24 Mar 2010
Last Visit: 29 Mar 2012
Posts: 56

PostPosted: Mon Jan 23, 2012 4:33 am    Post subject: Reply with quote

OTL logfile created on: 1/23/2012 7:29:07 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dimitri\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 84.84% Memory free
5.08 Gb Paging File | 4.65 Gb Available in Paging File | 91.40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 425.70 Gb Total Space | 379.13 Gb Free Space | 89.06% Space Free | Partition Type: NTFS

Computer Name: COMPANY-45E5EF3 | User Name: Dimitri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dimitri\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\TweakNow PowerPack 2010\CDAuto.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avzkrnl.dll ()
MOD - C:\Program Files\TweakNow PowerPack 2010\CDAuto.exe ()
MOD - C:\WINDOWS\system32\LogonDll.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (DFServ) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe (Faronics Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)


========== Driver Services (SafeList) ==========

DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (LVUVC) Logitech HD Pro Webcam C910(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\WINDOWS\system32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (DeepFrz) -- C:\WINDOWS\System32\drivers\DeepFrz.sys (Faronics Corporation)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctgame) -- C:\WINDOWS\system32\drivers\ctgame.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTERFXFX.SYS) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS (Creative Technology Ltd)
DRV - (CTERFXFX) -- C:\WINDOWS\system32\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV - (CTSBLFX.SYS) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd)
DRV - (CTSBLFX) -- C:\WINDOWS\system32\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV - (CTAUDFX.SYS) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd)
DRV - (CTAUDFX) -- C:\WINDOWS\system32\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV - (COMMONFX.SYS) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS (Creative Technology Ltd)
DRV - (COMMONFX) -- C:\WINDOWS\system32\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (TPkd) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (SWWDM_multi) Samson Audio (WDM) -- C:\WINDOWS\system32\drivers\SWAudWDM.sys (Samson)
DRV - (SamsonLLDriver) -- C:\WINDOWS\system32\drivers\SamsonLLDriver.sys (Samson)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (Icam4USB) -- C:\WINDOWS\system32\drivers\Icam4USB.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-2025429265-115176313-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2025429265-115176313-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2025429265-115176313-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2025429265-115176313-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 01 D3 2B FD 16 CC 01 [binary data]
IE - HKU\S-1-5-21-2025429265-115176313-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025429265-115176313-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = dynhost.inetcam.com;register.inetcam.com;

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Dimitri\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files\LivingPlay Games\nplplaypop.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Dimitri\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Dimitri\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F7BF7ACF-FDC4-48CD-B827-E89BF6B77733}: C:\Documents and Settings\Dimitri\Local Settings\Application Data\{F7BF7ACF-FDC4-48CD-B827-E89BF6B77733} [2011/04/13 10:44:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 09:57:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 09:57:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Dimitri\Application Data\Move Networks [2009/10/13 11:55:18 | 000,000,000 | ---D | M]

[2011/06/13 05:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitri\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2010/03/23 10:23:53 | 000,000,894 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2025429265-115176313-839522115-1003\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-2025429265-115176313-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CD Autorun] C:\Program Files\TweakNow PowerPack 2010\CDAuto.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-115176313-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025429265-115176313-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2025429265-115176313-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2025429265-115176313-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2025429265-115176313-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239968863531 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239968857625 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.222.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76229EF5-DB32-4ED1-A979-47D666070370}: DhcpNameServer = 208.67.222.222 208.67.222.220
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) - C:\WINDOWS\System32\LogonDll.dll ()
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Dimitri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dimitri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/26 15:35:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/26 14:14:41 | 000,000,046 | ---- | M] () - C:\AUTOEXEC.SOL -- [ NTFS ]
O32 - AutoRun File - [2011/08/26 17:35:11 | 000,000,000 | ---D | M] - C:\Automatic -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 07:26:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dimitri\Desktop\OTL.exe
[2012/01/21 06:51:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dimitri\Desktop\HijackThis.exe
[2012/01/06 18:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitri\My Documents\Play_Instinct.avi
[2011/12/25 11:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/25 11:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/25 11:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/25 10:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/18 18:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2010/03/18 17:59:50 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2012/01/23 06:35:54 | 000,173,776 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/01/22 21:45:34 | 000,031,812 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000009-00000000-00000000-00001102-00000004-10021102}.rfx
[2012/01/22 21:45:34 | 000,031,812 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000009-00000000-00000000-00001102-00000004-10021102}.rfx
[2012/01/22 21:45:34 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000009-00000000-00000000-00001102-00000004-10021102}.rfx
[2012/01/22 21:45:34 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000009-00000000-00000000-00001102-00000004-10021102}.rfx
[2012/01/22 21:45:34 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000009-00000000-00000000-00001102-00000004-10021102}.rfx
[2012/01/22 19:25:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dimitri\Desktop\OTL.exe
[2012/01/22 19:22:32 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dimitri\Desktop\NTREGOPT.lnk
[2012/01/22 19:22:32 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dimitri\Desktop\ERUNT.lnk
[2012/01/22 12:05:47 | 485,804,560 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\GiannaMichaels-Tied_Up.avi
[2012/01/22 11:38:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/22 11:14:48 | 745,893,296 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\Beh.Mod-Gra.Art-Tom.Rop.McG.avi
[2012/01/22 11:13:13 | 503,653,650 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\Back.For.More-Gra.Art-Tom.Rop.McG.avi
[2012/01/22 10:29:26 | 564,857,562 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\GiannaMichaels-LiveNaughtyNurse_HQ.avi
[2012/01/21 19:34:45 | 000,069,759 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\speburl-358.jpg
[2012/01/21 19:34:45 | 000,068,398 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\speburl-346.jpg
[2012/01/21 12:52:33 | 223,478,977 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\Chubby_Plumpers.wmv
[2012/01/21 08:18:11 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012/01/19 12:15:30 | 000,099,021 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\388665_335039503179100_100000191588700_1665349_1001507106_n.jpg
[2012/01/17 16:44:10 | 000,068,264 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\ATT00004.jpg
[2012/01/17 16:44:10 | 000,050,752 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\ATT00012.jpg
[2012/01/17 16:44:10 | 000,041,419 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\ATT00014.jpg
[2012/01/16 08:10:32 | 000,000,153 | ---- | M] () -- C:\Documents and Settings\Dimitri\default.pls
[2012/01/12 11:07:55 | 000,077,080 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\10d12d2.jpg
[2012/01/11 05:36:55 | 000,077,080 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\2012-01-10_16-58-17_814.jpg
[2012/01/09 18:22:47 | 000,200,169 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\1280pxkoreanwolvesmatin.jpg
[2012/01/09 05:27:02 | 000,153,967 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\P1080021.jpg
[2012/01/09 05:27:02 | 000,135,515 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\P1080017.jpg
[2012/01/09 05:27:02 | 000,133,199 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\P1080006.jpg
[2012/01/09 05:27:02 | 000,131,449 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\P1080025.jpg
[2012/01/07 06:31:17 | 004,018,688 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\Cougars.pps
[2012/01/07 06:25:25 | 003,029,920 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\TheWoodSpider.wmv
[2012/01/07 06:22:33 | 000,338,141 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\charlie-as-a-too.jpg
[2012/01/04 13:20:29 | 000,063,845 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\408692_360289223987891_100000204488975_1685113_607405914_n.jpg
[2012/01/04 05:36:08 | 000,074,483 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\ibbhbicj.jpg
[2012/01/02 12:34:42 | 000,057,597 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\Picture 116.jpg
[2012/01/01 12:00:13 | 000,003,582 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\mashdietFinalversion.rtf
[2012/01/01 06:13:19 | 000,081,761 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\tommy_met_oliebol1.jpg
[2011/12/31 15:27:16 | 000,032,019 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\bird kindle.jpg
[2011/12/29 18:01:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 12:48:27 | 000,207,814 | ---- | M] () -- C:\Documents and Settings\Dimitri\My Documents\tinnadwalpaper41.jpg
[2011/12/27 09:37:51 | 000,002,324 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/27 09:37:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/25 10:45:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/25 10:39:54 | 000,028,276 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys

========== Files Created - No Company Name ==========

[2012/01/22 19:22:32 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dimitri\Desktop\NTREGOPT.lnk
[2012/01/22 19:22:32 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dimitri\Desktop\ERUNT.lnk
[2012/01/22 12:05:48 | 485,804,560 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\GiannaMichaels-Tied_Up.avi
[2012/01/22 11:13:21 | 745,893,296 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\Beh.Mod-Gra.Art-Tom.Rop.McG.avi
[2012/01/22 11:12:45 | 503,653,650 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\Back.For.More-Gra.Art-Tom.Rop.McG.avi
[2012/01/22 10:29:26 | 564,857,562 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\GiannaMichaels-LiveNaughtyNurse_HQ.avi
[2012/01/21 19:34:45 | 000,069,759 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\speburl-358.jpg
[2012/01/21 19:34:45 | 000,068,398 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\speburl-346.jpg
[2012/01/21 12:52:33 | 223,478,977 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\Chubby_Plumpers.wmv
[2012/01/19 18:17:55 | 000,038,420 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\statement1.jpg
[2012/01/19 12:15:51 | 000,099,021 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\388665_335039503179100_100000191588700_1665349_1001507106_n.jpg
[2012/01/17 16:44:10 | 000,068,264 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\ATT00004.jpg
[2012/01/17 16:44:10 | 000,050,752 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\ATT00012.jpg
[2012/01/17 16:44:10 | 000,041,419 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\ATT00014.jpg
[2012/01/12 11:07:55 | 000,077,080 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\10d12d2.jpg
[2012/01/11 05:37:26 | 000,077,080 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\2012-01-10_16-58-17_814.jpg
[2012/01/09 18:23:25 | 000,200,169 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\1280pxkoreanwolvesmatin.jpg
[2012/01/09 05:27:02 | 000,153,967 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\P1080021.jpg
[2012/01/09 05:27:02 | 000,135,515 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\P1080017.jpg
[2012/01/09 05:27:02 | 000,133,199 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\P1080006.jpg
[2012/01/09 05:27:02 | 000,131,449 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\P1080025.jpg
[2012/01/07 06:31:17 | 004,018,688 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\Cougars.pps
[2012/01/07 06:25:25 | 003,029,920 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\TheWoodSpider.wmv
[2012/01/07 06:22:33 | 000,338,141 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\charlie-as-a-too.jpg
[2012/01/04 13:14:26 | 000,063,845 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\408692_360289223987891_100000204488975_1685113_607405914_n.jpg
[2012/01/04 05:36:08 | 000,074,483 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\ibbhbicj.jpg
[2012/01/02 12:32:23 | 000,057,597 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\Picture 116.jpg
[2012/01/01 07:03:01 | 000,032,019 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\bird kindle.jpg
[2012/01/01 06:13:19 | 000,081,761 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\tommy_met_oliebol1.jpg
[2011/12/30 19:25:19 | 000,003,582 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\mashdietFinalversion.rtf
[2011/12/29 18:01:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 12:48:27 | 000,207,814 | ---- | C] () -- C:\Documents and Settings\Dimitri\My Documents\tinnadwalpaper41.jpg
[2011/12/27 09:37:51 | 000,002,324 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/12/25 10:45:09 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/13 10:44:28 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hmifimovuma.dat
[2011/04/13 10:44:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Gyucefifi.bin
[2011/04/04 10:58:58 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/04/04 10:58:58 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/04/01 00:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 00:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 00:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/03/31 23:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/22 22:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/09/25 14:17:58 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xlink.sys
[2010/09/25 14:17:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ntUsrrIP_1_0.dll
[2010/08/07 05:25:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/16 11:13:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\LogonDll.dll
[2010/03/18 18:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/03/18 18:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/03/18 18:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/03/18 18:17:50 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2010/03/18 18:07:54 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2010/03/18 18:07:54 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/03/18 18:03:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2010/03/18 18:02:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/03/18 18:00:42 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/03/18 18:00:28 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/03/18 18:00:28 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/03/18 17:59:56 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/03/18 17:59:56 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/03/18 17:59:54 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2010/01/23 17:48:36 | 000,000,078 | ---- | C] () -- C:\WINDOWS\coolacm.ini
[2010/01/23 17:43:10 | 000,002,144 | ---- | C] () -- C:\WINDOWS\COOL.INI
[2010/01/23 14:23:58 | 000,000,005 | ---- | C] () -- C:\Program Files\thumb_files60.dat
[2010/01/23 14:23:39 | 000,569,450 | ---- | C] () -- C:\WINDOWS\System32\steveshoutcast.dll
[2010/01/23 14:23:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AspiShim.dll
[2010/01/22 18:05:38 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/01/22 18:05:38 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/01/22 18:05:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/01/22 18:05:38 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/01/21 08:11:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
[2009/12/19 16:03:33 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/12/19 15:32:47 | 000,000,928 | ---- | C] () -- C:\WINDOWS\System32\hpsj1695.dll
[2009/12/19 15:32:47 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\hpwnscsi.ini
[2009/11/01 16:09:09 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2009/09/30 17:57:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\ORCHPLUS.INI
[2009/09/30 16:20:23 | 000,001,004 | ---- | C] () -- C:\WINDOWS\DOP.INI
[2009/09/09 17:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/07/08 14:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2009/04/17 21:01:52 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/04/17 18:53:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/15 21:15:53 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009/04/15 20:31:24 | 000,093,184 | ---- | C] () -- C:\Documents and Settings\Dimitri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/15 20:16:58 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2009/04/15 20:12:31 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2009/04/15 20:12:22 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2009/04/15 20:10:42 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\InetIPLA6.dll
[2009/04/15 20:10:42 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\InetIPLM6.dll
[2009/04/15 20:10:42 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\InetIPLP6.dll
[2009/04/15 20:10:42 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\InetIPLPX.dll
[2009/04/15 20:10:42 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\InetIPLM5.dll
[2009/04/15 20:10:42 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\InetIPLP5.dll
[2009/04/15 20:10:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\InetIPL.dll
[2009/04/15 20:10:42 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2009/04/15 20:03:29 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/04/15 19:31:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/04/15 19:30:04 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/04/15 18:15:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstet.dat
[2009/04/15 18:10:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/15 14:06:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/15 14:05:05 | 000,119,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/16 14:53:10 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/03/16 14:53:10 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/02/23 16:39:30 | 000,184,394 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/02/18 12:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 15:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/08/13 19:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2004/08/03 19:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,433,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,067,952 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_1VPTV1VTMVFBFLVHKV6FYJ6VDVPMF7LBWK96HUTVVVVVVVVVVVVV
@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 1298 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:nmd32j1mTbgDKZ1NPCLrqM3Fy9e
@Alternate Data Stream - 1185 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:OVr10KYhYNe1FEjEAVs7FUxw
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
Back to top
View user's profile Send private message
Dimigrey
Warrior


Joined: 24 Mar 2010
Last Visit: 29 Mar 2012
Posts: 56

PostPosted: Mon Jan 23, 2012 4:34 am    Post subject: Reply with quote

OTL Extras logfile created on: 1/23/2012 7:29:07 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dimitri\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 84.84% Memory free
5.08 Gb Paging File | 4.65 Gb Available in Paging File | 91.40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 425.70 Gb Total Space | 379.13 Gb Free Space | 89.06% Space Free | Partition Type: NTFS

Computer Name: COMPANY-45E5EF3 | User Name: Dimitri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" %*
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Qualcomm\Eudora\Eudora.exe" = C:\Program Files\Qualcomm\Eudora\Eudora.exe:*:Enabled:Eudora -- (QUALCOMM Incorporated)
"C:\Program Files\Evidence Eliminator\Ee.exe" = C:\Program Files\Evidence Eliminator\Ee.exe:*:Enabled:Evidence Eliminator -- (Robin Hood Software Ltd.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Dimitri\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Dimitri\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe:*:Enabled:Kaspersky Anti-Virus -- (Kaspersky Lab ZAO)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Documents and Settings\Dimitri\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Dimitri\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{055F11CE-CA33-41AE-9580-C73985941C9D}_is1" = Docx Reader version 1.0
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17D60B8C-927A-06CE-9AC5-B1949964EF15}" = Catalyst Control Center Core Implementation
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{27107EAA-34E0-43BF-B537-7F8EF6880F5A}" = Facebook Video Calling 1.0.0.8177
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{674FD2DC-B87D-D5B4-AF07-73AE91974301}" = Catalyst Control Center HydraVision Full
"{6A3C1BCB-DF39-46A7-AA0C-9DB62B7D0C0D}" = KPG-56D
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{721A642C-4769-11D8-8F88-0050DA8F812F}" = KPG-89D
"{73BB2230-838E-4BA5-AE60-16E325C0DFE8}" = KPG-74D
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ADFF9AF-B9D8-FC53-0377-AFDDCBE8929E}" = Catalyst Control Center Graphics Full New
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7D979C05-1742-1AE1-E61A-25A33449AF44}" = Catalyst Control Center Graphics Previews Common
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8396DF41-E71D-7170-A03A-A0A2D8633B57}" = Catalyst Control Center Graphics Full Existing
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6F9C01-FE98-90B4-36BD-5CCC4A8A1AA8}" = ccc-core-preinstall
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Ultra Edition
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BF605A48-663D-AA9A-F128-95ED7F2C6413}" = Skins
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C28FC5E5-86EE-B4B5-044A-E484E78F9C7B}" = CCC Help English
"{C6752201-DC16-C30F-478C-36EC595BEFDB}" = ccc-core-static
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A85D80-425F-CBB2-B35A-69EFD283DF39}" = ccc-utility
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DD07A1A4-70DE-42BE-8853-88E86E79604D}" = KPG-49D
"{DD7209ED-570A-498A-A920-05FC5A306A7A}" = Eudora
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{FE6FD041-F8D2-1323-178C-7C71C1980C51}" = Catalyst Control Center Graphics Light
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AudioCS" = Creative Audio Console
"BirdChannel-SS7.scr" = BirdChannel-SS7
"CCleaner" = CCleaner
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DVDFab 8 Qt_is1" = DVDFab 8.0.9.8 (08/06/2011) Qt
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Evidence Eliminator" = Evidence Eliminator
"ExtractNow_is1" = ExtractNow
"GOM Player" = GOM Player
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Logitech Vid" = Logitech Vid HD
"Logitech WebCam Driver" = Logitech WebCam Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mpg123dsf" = mpg123 and MAD DirectShow Filter (remove only)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCDJRedMobile" = PCDJ Red Mobile (remove only)
"RealAlt_is1" = Real Alternative 2.0.2
"TrueImage" = Acronis True Image
"Tweak UI 2.10" = Tweak UI
"TweakNow PowerPack 2010_is1" = TweakNow PowerPack 2010
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2025429265-115176313-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/23/2011 5:43:22 PM | Computer Name = COMPANY-45E5EF3 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office Word Viewer 2003 -- Error 1327. Invalid
Drive: D:\

Error - 12/23/2011 5:43:40 PM | Computer Name = COMPANY-45E5EF3 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office Word Viewer 2003 -- Error 1327. Invalid
Drive: D:\

Error - 12/23/2011 5:45:28 PM | Computer Name = COMPANY-45E5EF3 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office Word Viewer 2003 -- Error 1327. Invalid
Drive: D:\

Error - 12/23/2011 5:50:35 PM | Computer Name = COMPANY-45E5EF3 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office Word Viewer 2003 -- Error 1327. Invalid
Drive: D:\

Error - 12/27/2011 10:37:51 AM | Computer Name = COMPANY-45E5EF3 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 12/27/2011 10:37:51 AM | Computer Name = COMPANY-45E5EF3 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 12/29/2011 4:30:17 PM | Computer Name = COMPANY-45E5EF3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/14/2012 5:40:02 PM | Computer Name = COMPANY-45E5EF3 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.1.33, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2012 5:40:03 PM | Computer Name = COMPANY-45E5EF3 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.1.33, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2012 11:07:26 AM | Computer Name = COMPANY-45E5EF3 | Source = Application Hang | ID = 1002
Description = Hanging application Audition.exe, version 1.5.4124.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/30/2011 6:58:21 AM | Computer Name = COMPANY-45E5EF3 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001FD0DA77ED has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/31/2011 7:10:18 AM | Computer Name = COMPANY-45E5EF3 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001FD0DA77ED has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/1/2012 7:09:49 AM | Computer Name = COMPANY-45E5EF3 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001FD0DA77ED has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/2/2012 7:26:54 AM | Computer Name = COMPANY-45E5EF3 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001FD0DA77ED has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/3/2012 6:57:02 AM | Computer Name = COMPANY-45E5EF3 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001FD0DA77ED has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/4/2012 6:34:16 AM | Computer Name = COMPANY-45E5EF3 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001FD0DA77ED has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/4/2012 11:19:51 AM | Computer Name = COMPANY-45E5EF3 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001FD0DA77ED has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/4/2012 9:01:06 PM | Computer Name = COMPANY-45E5EF3 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/5/2012 7:12:29 AM | Computer Name = COMPANY-45E5EF3 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001FD0DA77ED has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/6/2012 7:07:59 AM | Computer Name = COMPANY-45E5EF3 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001FD0DA77ED has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
Back to top
View user's profile Send private message
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283

PostPosted: Mon Jan 23, 2012 4:27 pm    Post subject: Reply with quote

Hi Dimigrey :

1. Please tell me, is this computer used for business or connected to a business network?
If no, please continue... otherwise <STOP> ... post back and let me know.
Note: Many of these type systems may have specific modifications made..which could be removed or damaged by the tools we use.
These altered systems may also hinder our tools, possibly reducing their effectiveness in removing the malware.

2. Spyware Warrior - Policy Notification

P2P Warning!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
FrostWire
Please note whenever you use any form of P2P networking to download files you can anticipate infestations of malware to occur.
P2P file sharing used to be fairly safe. This is no longer true...continue to use P2P sharing ...at your own risk! Keep in mind that this practice may be the source of your current malware infestation.

As long as you have the P2P program(s) installed, per Spyware Removal Forum Policy: Use of P2P (Person to Person) File Sharing Programmes, I can offer you no further assistance.


3. CKScanner
Please download CKScanner ... Save it to your desktop.
Make sure that CKScanner.exe is on your desktop before running the application!
  • Double click on the CKScanner.exe icon ... then click the Search For Files button.
  • When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  • Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  • Please copy/paste the contents of ckfiles.txt in your next reply.



4. WVCheck
Please download WVCheck from Artellos.com. Save it to your Desktop.
  • Double click WVCheck.exe to run the program. (If you downloaded the zipped version you will need to extract it.)
  • Read the comments on the screen... then press Enter.
    The scan can take a while depending on the size of your hard drive.
  • Once the program is done, Notepad will open with the scan report.
  • Please copy and paste the contents of the Notepad file in your next reply.



5. Retrieve Malwarebytes Anti-Malware (MBAM) Log(s)
There is a need to see a scan log from a previous run of MBAM, please do the following:
  • Start MBAM... click the Logs tab at the top.
    The log will be named by the date & time of scan in the following format: mbam-log-yyyy-mm-dd (time).txt
    If you have had multiple runs of MBAM, there may be several logs showing in the list.
  • Click on the last (most recent) log name to highlight it... then click the Open button, at bottom left. The log should open in Notepad as a text file.
  • Please copy and paste the entire mbam-log-yyyy-mm-dd (time).txt file in your next reply.
    Be sure to post the complete log... including the top portion showing MBAM's database version and your operating system.
  • Exit MBAM when done.



6. Checklist
Please post:

  • Answer about Business Use computer
  • CKScanner log
  • WVCheck log
  • mbam-log-date (time).txt



Thanks,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Dimigrey
Warrior


Joined: 24 Mar 2010
Last Visit: 29 Mar 2012
Posts: 56

PostPosted: Tue Jan 24, 2012 10:22 am    Post subject: Reply with quote

NO this a Personal COmputer!

ALso I havnt Used Frost wire in in over a year
! I dont know where you saw a conection to it But I will look again and remove it
Back to top
View user's profile Send private message
Dimigrey
Warrior


Joined: 24 Mar 2010
Last Visit: 29 Mar 2012
Posts: 56

PostPosted: Tue Jan 24, 2012 11:30 am    Post subject: Reply with quote

reWindows Validation Check
Version: 1.9.12.5
Log Created On: 1426_24-01-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates automatically, but ask me when I want to install them.
-----------------------
Last Success Time for Update Detection: 2011-12-27 10:43:19
Last Success Time for Update Download: 2011-12-15 10:24:42
Last Success Time for Update Installation: 2011-12-15 10:56:19


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
Back to top
View user's profile Send private message
Dimigrey
Warrior


Joined: 24 Mar 2010
Last Visit: 29 Mar 2012
Posts: 56

PostPosted: Tue Jan 24, 2012 11:37 am    Post subject: Reply with quote

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\dimitri\favorites\cracked teeth.url
c:\documents and settings\dimitri\favorites\hackers home page-computer hacking, phone phreaking, gambling hacking, smart card cracking, cre.url
c:\documents and settings\dimitri\favorites\pz crack team homepage.url
c:\documents and settings\dimitri\my documents\avg pc tuneup 2011 v10.0.0.20 final\avg pc tuneup 2011 v10.0.0.20 final\crack\aushelper.dll
c:\documents and settings\dimitri\my documents\avg pc tuneup 2011 v10.0.0.20 final\avg pc tuneup 2011 v10.0.0.20 final\crack\boostspeed.exe
c:\documents and settings\dimitri\my documents\avg pc tuneup 2011 v10.0.0.20 final\avg pc tuneup 2011 v10.0.0.20 final\crack\commonforms.dll
c:\documents and settings\dimitri\my documents\avg pc tuneup 2011 v10.0.0.20 final\avg pc tuneup 2011 v10.0.0.20 final\crack\tweakmanager.exe
c:\fileboy\adobe audition v1.5 + keygen (full, virus-free, and is actually version 1.5!).zip
c:\fileboy\again keygen.exe
c:\fileboy\boilsoft[1].rm.converter.v2.01.winall.cracked-lucid.zip
c:\fileboy\crack.exe
c:\fileboy\crackoem.txt
c:\fileboy\easy cd 5 keygen (1).exe
c:\fileboy\eudoracrack.txt
c:\fileboy\keygen.exe
c:\fileboy\keygen1.exe
c:\fileboy\musicmatch jukebox keygen (1).exe
c:\fileboy\quicktime 6 keygen (works no problem).exe
c:\fileboy\quicktime 6 keygen (works no problem).rb0
c:\fileboy\quicktime 6 pro keygen.exe
c:\fileboy\quicktime 6 pro keygen.rb0
c:\fileboy\nero_burning_rom_v6.6.0.13_+_vision_express_v3.1.0.7_+_codecpack_+_key_+_ace\keygen.exe
c:\fileboy\new folder\keygen.exe
c:\fileboy\plyers\keygen_for_nero_v7.rar
c:\fileboy\plyers\dvdxcopy_platinum\dvdxcopy platinum\cracked exe's\platinum.exe
c:\fileboy\plyers\dvdxcopy_platinum\dvdxcopy platinum\cracked exe's\xpress.exe
c:\fileboy\rapidshare_download_direct\rapidshare download direct\download direct\crack\dld.exe
c:\software\absolute[1].video.converter.v2.9.3.winall.incl.keygen-crd.rar
c:\software\az[1].realplayer.video.converter.v3.32.incl.keygen-cff.rar
c:\software\chess3d[1].v2.5.incl.keygen-heritage.rar
c:\software\ease[1].audio.converter.v4.20.winall.incl.keygen-virility.rar
c:\software\giant[1].disk.cleaner.v1.9.6.cracked-f4cg.rar
c:\software\h264[1].webcam.pro.v2.32.cracked-explosion.rar
c:\software\nidesoft[1].video.converter.v2.0.50.winall.incl.keygen-neox.rar
c:\software\passwordzilla[1].v1.05.cracked-maze.rar
c:\software\photo[1].frame.genius.v2.3.cracked-invisible.rar
c:\software\speed[1].video.splitter.v2.4.43.winall.incl.keygen-crd.rar
c:\software\super[1].video.converter.4.70.winall.cracked-nope.rar
c:\software\witcobber[1].super.video.converter.v4.7.winall.keygen.only-crd.rar
c:\software\witcobber[1].super.video.joiner.v4.7.winall.keygen.only-crd.rar
c:\software\witcobber[1].super.video.splitter.v4.3.incl.keygen.and.patch-cff.rar
c:\software\wondershare[1].photo.collage.studio.pro.2.6.5.winall.cracked-nope.rar
scanner sequence 3.ZZ.11.CXNAQR
----- EOF -----
Back to top
View user's profile Send private message
Dimigrey
Warrior


Joined: 24 Mar 2010
Last Visit: 29 Mar 2012
Posts: 56

PostPosted: Tue Jan 24, 2012 11:41 am    Post subject: Reply with quote

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.22.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dimitri :: COMPANY-45E5EF3 [administrator]

Protection: Disabled

1/22/2012 1:59:22 PM
mbam-log-2012-01-22 (13-59-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178113
Time elapsed: 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 21 Oct 2014
Posts: 4680
Location: Land Of The Leprechauns

PostPosted: Wed Jan 25, 2012 2:32 am    Post subject: Reply with quote

This computer appears to have illegal/Cracked software installed, It is not the policy of this forum to aid and abet in its use.
Quote:
This forum does not support the use of Pirated or otherwise illegal software. If such software is found on your computer we reserve the right to refuse our help.

http://spywarewarrior.com/viewtopic.php?t=32672

My recommendation is you reformat your hard drive, and re-install Windows.

This Topic is Now Closed
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group