Malware disabling mcafee, redirecting internet searches and other symptoms

Solved
By funkduck
Aug 4, 2011
Topic Status:
Not open for further replies.
  1. Broni

    Broni Malware Annihilator Posts: 46,339   +252

  2. funkduck

    funkduck Newcomer, in training Topic Starter Posts: 36

    Heres the OTL
    OTL logfile created on: 11/08/2011 09:33:01 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Alex\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.97 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 58.94% Memory free
    5.93 Gb Paging File | 4.67 Gb Available in Paging File | 78.73% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 287.83 Gb Total Space | 142.43 Gb Free Space | 49.48% Space Free | Partition Type: NTFS

    Computer Name: ALEXCURTIS | User Name: Alex | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/08/11 09:32:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/01/20 18:38:20 | 000,174,064 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
    PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/10/09 10:18:00 | 000,016,384 | ---- | M] (thinkbroadband.com) -- C:\Program Files\thinkbroadband.com\tbbMeter\tbbLoaderService.exe
    PRC - [2010/06/08 17:41:48 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/04/23 16:04:12 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2 Assistant\bin\sprtsvc.exe
    PRC - [2010/04/23 16:04:12 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2 Assistant\bin\tgsrvc.exe
    PRC - [2010/04/23 16:04:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2 Assistant\bin\sprtcmd.exe
    PRC - [2010/03/02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2009/08/18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2009/04/13 21:16:31 | 000,180,224 | ---- | M] (ALPS) -- C:\Program Files\Apoint\Apvfb.exe
    PRC - [2009/04/13 21:16:30 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
    PRC - [2009/04/13 21:16:28 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
    PRC - [2009/03/24 03:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2009/03/02 07:21:32 | 002,329,128 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2009/03/02 07:21:32 | 000,789,032 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2009/03/02 07:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2009/02/05 20:41:46 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
    PRC - [2009/02/05 20:41:44 | 000,390,440 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
    PRC - [2009/02/05 20:41:44 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    PRC - [2009/02/05 20:41:44 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
    PRC - [2009/02/05 20:41:44 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
    PRC - [2009/01/20 00:43:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    PRC - [2009/01/19 13:49:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2009/01/06 03:04:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
    PRC - [2008/12/18 18:53:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    PRC - [2008/09/18 18:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/08/11 09:32:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (NMSAccessU)
    SRV - [2011/08/03 11:10:31 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
    SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2010/10/09 10:18:00 | 000,016,384 | ---- | M] (thinkbroadband.com) [Auto | Running] -- C:\Program Files\thinkbroadband.com\tbbMeter\tbbLoaderService.exe -- (tbbLoaderService)
    SRV - [2010/09/24 17:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
    SRV - [2010/06/24 09:28:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/04/23 16:04:12 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\O2 Assistant\bin\sprtsvc.exe -- (sprtsvc_O2DA) SupportSoft Sprocket Service (O2DA)
    SRV - [2010/04/23 16:04:12 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\O2 Assistant\bin\tgsrvc.exe -- (tgsrvc_O2DA) SupportSoft Repair Service (O2DA)
    SRV - [2010/02/01 20:02:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/01/25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/03/02 07:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009/02/05 20:41:46 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
    SRV - [2009/02/05 20:41:44 | 000,390,440 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
    SRV - [2009/02/05 20:41:44 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
    SRV - [2009/02/05 20:41:44 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
    SRV - [2009/02/05 20:41:44 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
    SRV - [2009/01/20 00:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV - [2009/01/19 13:49:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2009/01/17 05:59:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
    SRV - [2009/01/06 03:04:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
    SRV - [2008/09/18 18:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2007/06/07 16:19:40 | 000,202,280 | R--- | M] () [Auto | Stopped] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)
    SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2005/09/30 19:22:50 | 000,098,304 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/08/03 11:25:32 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
    DRV - [2011/08/03 11:12:28 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pssdklbf.sys -- (PSSDKLBF)
    DRV - [2011/08/03 11:11:28 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
    DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/04/14 02:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
    DRV - [2010/03/04 17:36:59 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RapportBuka.sys -- (RapportBuka)
    DRV - [2009/11/11 12:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/11/11 12:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/08/18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2009/07/14 01:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
    DRV - [2009/07/13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2009/04/13 21:16:29 | 000,173,616 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2009/02/23 21:07:18 | 000,155,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
    DRV - [2008/11/25 00:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
    DRV - [2008/11/19 01:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2008/10/23 01:02:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
    DRV - [2008/10/23 01:02:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2008/08/22 12:06:02 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008/06/07 01:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2008/04/24 22:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
    IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/08 17:43:15 | 000,000,000 | ---D | M]

    [2009/12/22 02:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
    [2009/10/18 22:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

    O1 HOSTS File: ([2011/08/10 10:07:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
    O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
    O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\lam\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
    O4 - HKLM..\Run: [O2DA] C:\Program Files\O2 Assistant\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
    O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
    O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll File not found
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/11 09:32:04 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    [2011/08/10 10:55:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/08/10 10:54:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/08/10 09:35:52 | 004,167,902 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
    [2011/08/08 10:59:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/08/08 10:59:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/08/08 10:59:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/08/08 10:58:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/08/08 10:58:44 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/08/07 16:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    [2011/08/06 18:30:13 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
    [2011/08/04 23:28:56 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
    [2011/08/04 23:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lam
    [2011/08/04 23:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\lam
    [2011/08/04 19:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\BabylonUpdater
    [2011/08/04 19:28:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Babylon
    [2011/08/04 19:28:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Babylon
    [2011/08/04 19:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2011/08/04 19:23:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\Adobe Dreamweaver CS5.5
    [2011/08/04 19:09:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2011/08/04 19:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
    [2011/07/31 15:49:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Spotify
    [2011/07/31 15:49:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Spotify
    [2011/07/22 15:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/07/22 15:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/07/22 15:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/07/13 18:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [1 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]
  3. funkduck

    funkduck Newcomer, in training Topic Starter Posts: 36

    ========== Files - Modified Within 30 Days ==========

    [2011/08/11 09:32:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    [2011/08/11 09:29:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/08/11 09:29:32 | 000,044,560 | -HS- | M] () -- C:\Windows\System32\c_18145.nl_
    [2011/08/11 09:29:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/08/10 10:49:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/08/10 10:07:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/08/10 09:35:53 | 004,167,902 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
    [2011/08/10 09:34:18 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/08/09 12:02:30 | 000,230,619 | ---- | M] () -- C:\Users\Alex\Documents\Capture.PNG
    [2011/08/09 11:50:16 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/08/09 11:50:16 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/08/09 11:42:54 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011/08/09 11:41:47 | 2389,987,328 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/06 18:42:43 | 000,631,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/08/06 18:42:43 | 000,111,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/08/06 18:30:14 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
    [2011/08/05 08:36:08 | 000,139,264 | ---- | M] () -- C:\Users\Alex\Desktop\RKUnhookerLE.EXE
    [2011/08/05 00:07:31 | 000,294,216 | ---- | M] () -- C:\Users\Alex\Desktop\gmer.zip
    [2011/08/04 23:29:00 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
    [2011/08/04 23:26:45 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\28sz8j2d.exe
    [2011/08/04 23:10:17 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/08/04 19:09:28 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
    [2011/08/03 11:12:28 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdklbf.sys
    [2011/08/03 11:11:28 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdk42.sys
    [2011/08/01 20:23:01 | 000,006,555 | ---- | M] () -- C:\Users\Alex\.recently-used.xbel
    [2011/07/31 15:49:45 | 000,000,949 | ---- | M] () -- C:\Users\Alex\Desktop\Spotify.lnk
    [2011/07/23 19:06:40 | 000,328,059 | ---- | M] () -- C:\Users\Alex\Documents\Lars Purring.caf
    [2011/07/23 19:06:36 | 000,767,937 | ---- | M] () -- C:\Users\Alex\Documents\Looking Through The Window.caf
    [2011/07/23 19:06:32 | 000,643,107 | ---- | M] () -- C:\Users\Alex\Documents\Cold November.caf
    [2011/07/23 19:06:30 | 001,222,677 | ---- | M] () -- C:\Users\Alex\Documents\MyRecording.caf
    [2011/07/23 19:06:24 | 000,467,751 | ---- | M] () -- C:\Users\Alex\Documents\Long Way Acoustic.caf
    [2011/07/23 19:06:23 | 001,564,476 | ---- | M] () -- C:\Users\Alex\Documents\Long Way.caf
    [2011/07/23 19:06:18 | 001,103,791 | ---- | M] () -- C:\Users\Alex\Documents\Time Delay.caf
    [2011/07/22 15:36:40 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/07/14 17:48:16 | 002,339,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [1 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/08/10 10:49:00 | 000,044,560 | -HS- | C] () -- C:\Windows\System32\c_18145.nl_
    [2011/08/09 12:02:30 | 000,230,619 | ---- | C] () -- C:\Users\Alex\Documents\Capture.PNG
    [2011/08/08 10:59:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/08/08 10:59:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/08/08 10:59:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/08/08 10:59:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/08/08 10:59:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/08/05 08:36:07 | 000,139,264 | ---- | C] () -- C:\Users\Alex\Desktop\RKUnhookerLE.EXE
    [2011/08/05 00:07:28 | 000,294,216 | ---- | C] () -- C:\Users\Alex\Desktop\gmer.zip
    [2011/08/04 23:26:45 | 000,302,592 | ---- | C] () -- C:\Users\Alex\Desktop\28sz8j2d.exe
    [2011/08/04 19:09:28 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
    [2011/08/04 19:09:28 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
    [2011/08/01 20:23:01 | 000,006,555 | ---- | C] () -- C:\Users\Alex\.recently-used.xbel
    [2011/07/31 15:49:45 | 000,000,949 | ---- | C] () -- C:\Users\Alex\Desktop\Spotify.lnk
    [2011/07/31 15:49:44 | 000,000,979 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    [2011/07/23 19:06:39 | 000,328,059 | ---- | C] () -- C:\Users\Alex\Documents\Lars Purring.caf
    [2011/07/23 19:06:35 | 000,767,937 | ---- | C] () -- C:\Users\Alex\Documents\Looking Through The Window.caf
    [2011/07/23 19:06:32 | 000,643,107 | ---- | C] () -- C:\Users\Alex\Documents\Cold November.caf
    [2011/07/23 19:06:27 | 001,222,677 | ---- | C] () -- C:\Users\Alex\Documents\MyRecording.caf
    [2011/07/23 19:06:24 | 000,467,751 | ---- | C] () -- C:\Users\Alex\Documents\Long Way Acoustic.caf
    [2011/07/23 19:06:21 | 001,564,476 | ---- | C] () -- C:\Users\Alex\Documents\Long Way.caf
    [2011/07/23 19:06:16 | 001,103,791 | ---- | C] () -- C:\Users\Alex\Documents\Time Delay.caf
    [2011/07/22 15:36:40 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/04/28 10:44:53 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2011/04/28 10:44:53 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
    [2011/04/28 10:44:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2011/04/28 10:44:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2011/04/28 10:44:53 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2011/04/28 10:44:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2011/04/28 10:44:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2011/04/28 10:44:53 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
    [2011/04/28 10:44:53 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
    [2011/04/28 10:44:53 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2011/04/28 10:44:53 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2011/04/28 10:44:52 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2011/04/28 10:44:52 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2011/04/28 10:44:52 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2011/04/28 10:44:52 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2011/04/28 10:44:52 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2011/04/28 10:44:52 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2011/04/28 10:44:52 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2011/04/28 10:44:52 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2011/04/22 12:01:12 | 000,007,617 | ---- | C] () -- C:\Users\Alex\AppData\Local\resmon.resmoncfg
    [2010/12/22 12:38:13 | 000,020,459 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\UserTile.png
    [2010/09/03 09:12:42 | 000,166,272 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2010/09/02 11:38:53 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2010/08/25 21:14:56 | 002,654,262 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\ZBWallpaper.bmp
    [2010/01/17 18:46:42 | 000,005,632 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/12/27 19:09:49 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2009/12/27 19:09:49 | 000,000,088 | RHS- | C] () -- C:\ProgramData\47B7AA6C58.sys
    [2009/12/22 02:30:55 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
    [2009/12/22 01:44:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2009/12/21 23:53:32 | 000,000,062 | ---- | C] () -- C:\Windows\WININIT.INI
    [2009/10/02 19:23:08 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
    [2009/09/24 20:21:00 | 000,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 05:33:53 | 002,339,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/14 03:05:48 | 000,631,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/14 03:05:48 | 000,111,456 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2009/06/17 17:52:40 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
    [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/05/15 19:54:35 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2009/05/15 19:34:34 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
    [2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

    ========== LOP Check ==========

    [2011/03/28 16:15:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Amazon
    [2011/08/04 19:28:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Babylon
    [2011/03/30 22:36:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Canon
    [2011/08/04 19:09:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2010/03/01 17:14:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Facebook
    [2010/08/19 23:00:25 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\fltk.org
    [2011/07/29 23:36:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\gtk-2.0
    [2010/10/24 16:23:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\inkscape
    [2009/12/22 02:15:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\InterVideo
    [2009/12/22 02:15:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Jasc
    [2009/12/22 02:15:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\NASA
    [2011/03/30 11:13:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
    [2011/03/30 10:49:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Smart PDF Converter Pro
    [2011/07/31 17:19:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify
    [2010/08/31 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Tatara Systems
    [2010/03/04 17:11:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Trusteer
    [2010/04/15 12:25:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
    [2010/04/15 12:25:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
    [2011/05/28 19:52:56 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2010/11/20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2009/12/22 09:37:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/08/10 10:54:03 | 000,019,121 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2009/12/22 10:49:09 | 000,049,072 | ---- | M] () -- C:\Entries.lst
    [2011/08/09 11:41:47 | 2389,987,328 | -HS- | M] () -- C:\hiberfil.sys
    [2009/06/17 17:21:53 | 000,000,187 | ---- | M] () -- C:\Installer_Setup.log
    [2010/03/06 18:01:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/06/17 17:25:36 | 000,737,308 | ---- | M] () -- C:\lv.log
    [2010/03/06 18:01:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/08/09 11:41:51 | 3186,651,136 | -HS- | M] () -- C:\pagefile.sys
    [2010/03/04 00:06:11 | 000,000,714 | ---- | M] () -- C:\qhdebug.log
    [2009/05/15 19:58:56 | 000,002,420 | ---- | M] () -- C:\RHDSetup.log
    [2009/06/17 17:25:08 | 000,000,073 | -H-- | M] () -- C:\splash.idx
    [2011/08/06 18:32:03 | 000,075,122 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_06.08.2011_18.30.45_log.txt
    [2009/06/17 17:53:30 | 000,385,952 | ---- | M] () -- C:\vcredist_x86.log
    [2009/05/12 19:38:16 | 000,003,632 | -H-- | M] () -- C:\version

    < %systemroot%\Fonts\*.com >
    [2009/07/14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/09/12 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD7L.DLL
    [2010/04/24 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD9X.DLL
    [2010/08/25 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPDAE.DLL
    [2006/09/12 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP7L.DLL
    [2010/04/24 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP9X.DLL
    [2010/08/25 05:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPPAE.DLL
    [2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/27 03:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2010/11/20 13:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
    [2009/10/02 19:23:08 | 000,000,604 | -H-- | M] () -- C:\Program Files\STLL Notifier

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/10/01 12:11:10 | 000,000,444 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2011/04/14 12:40:10 | 000,000,221 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/10/26 21:11:21 | 000,000,260 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hotmail.url

    < %USERPROFILE%\Desktop\*.exe >
    [2011/08/04 23:26:45 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\28sz8j2d.exe
    [2011/08/10 09:35:53 | 004,167,902 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
    [2011/08/11 09:32:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    [2011/08/05 08:36:08 | 000,139,264 | ---- | M] () -- C:\Users\Alex\Desktop\RKUnhookerLE.EXE
    [2011/08/06 18:30:14 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
    [1 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/02/25 13:29:18 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/02/25 13:29:18 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2009/12/25 11:14:05 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2009/12/25 11:14:06 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/02/25 13:29:18 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/02/25 13:31:54 | 000,000,402 | -HS- | M] () -- C:\Users\Alex\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/09/10 18:46:03 | 000,000,088 | RHS- | M] () -- C:\ProgramData\47B7AA6C58.sys
    [2010/09/10 18:46:22 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB42752$] -> Error: Cannot create file handle -> Unknown point type

    < End of report >
  4. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
      O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
      O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Ranges: GD ([http] in Local intranet)
      [1 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ] 
      [2009/12/27 19:09:49 | 000,000,088 | RHS- | C] () -- C:\ProgramData\47B7AA6C58.sys
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  5. funkduck

    funkduck Newcomer, in training Topic Starter Posts: 36

    Do you think my laptop will get better soon?! : (
  6. funkduck

    funkduck Newcomer, in training Topic Starter Posts: 36

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\o2.co.uk\*.broadband\ deleted successfully.
    Invalid CLSID key: *.broadband
    Registry key HKEY_USERS\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\o2.co.uk\*.broadband\ not found.
    Invalid CLSID key: *.broadband
    Registry value HKEY_USERS\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
    C:\Users\Alex\Desktop\~WRL0005.tmp deleted successfully.
    C:\ProgramData\47B7AA6C58.sys moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Alex
    ->Temp folder emptied: 286726476 bytes
    ->Temporary Internet Files folder emptied: 907725143 bytes
    ->Java cache emptied: 26005133 bytes
    ->Google Chrome cache emptied: 420480679 bytes
    ->Apple Safari cache emptied: 8725504 bytes
    ->Flash cache emptied: 74512 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2432 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 18932416 bytes

    Total Files Cleaned = 1,591.00 mb


    [EMPTYFLASH]

    User: Alex
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.26.1 log created on 08122011_003808

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Alex\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe not found!

    Registry entries deleted on Reboot...
  7. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    The only thing I can guarantee is your computer being clean.
    Then we'll see.
    Did you try my advice regarding McAfee?
  8. funkduck

    funkduck Newcomer, in training Topic Starter Posts: 36

    Results of screen317's Security Check version 0.99.7
    Windows 7 Service Pack 1 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    McAfee AntiVirus Plus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 26
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.53.64
    Adobe Reader X (10.1.0)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
  9. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Uninstall Java(TM) 6 Update 22 .

    What about McAfee?
  10. funkduck

    funkduck Newcomer, in training Topic Starter Posts: 36

    Uninstalled Java(TM) 6 Update 22.

    I have removed McAfee, but not yet reinstalled.
  11. funkduck

    funkduck Newcomer, in training Topic Starter Posts: 36

    Should I continue with Temp File Cleaner and then ESET?
     
  12. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Did you use the tool I suggested to uninstall McAfee?
  13. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Yes go ahead with TFC and Eset.
  14. funkduck

    funkduck Newcomer, in training Topic Starter Posts: 36

    Yes I used the tool you suggested.
    Mcafee is reinstalled but it is warning about infection W32/Katusha virus still.
  15. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    I suspect false positive.
    This is a part of your online banking security.

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
  16. funkduck

    funkduck Newcomer, in training Topic Starter Posts: 36

    File name:
    RapportMgmtService.exe

    Submission date:
    2011-08-12 00:57:50 (UTC)

    Current status:
    finished




    Result:
    36/ 43 (83.7%)


    VT Community

    not reviewed
    Safety score: -



    Compact

    Print results




    Antivirus

    Version

    Last Update

    Result



    AhnLab-V3

    2011.08.11.01

    2011.08.11

    Win-Trojan/Patched.DD



    AntiVir

    7.11.13.26

    2011.08.11

    W32/PatchLoad.A



    Antiy-AVL

    2.0.3.7

    2011.08.11

    -



    Avast

    4.8.1351.0

    2011.08.11

    Win32:patched-WQ [Trj]



    Avast5

    5.0.677.0

    2011.08.11

    Win32:patched-WQ [Trj]



    AVG

    10.0.0.1190

    2011.08.11

    Win32/Katusha.A



    BitDefender

    7.2

    2011.08.11

    Trojan.Patched.HE



    CAT-QuickHeal

    11.00

    2011.08.11

    W32.Patchload.O



    ClamAV

    0.97.0.0

    2011.08.12

    Trojan.Patched-167



    Commtouch

    5.3.2.6

    2011.08.11

    W32/Patched.G



    Comodo

    9712

    2011.08.12

    TrojWare.Win32.Patched.HN



    DrWeb

    5.0.2.03300

    2011.08.12

    Trojan.Starter.1695



    Emsisoft

    5.1.0.8

    2011.08.12

    Trojan-Spy.Win32.Zbot!IK



    eSafe

    7.0.17.0

    2011.08.10

    -



    eTrust-Vet

    36.1.8497

    2011.08.11

    Win32/Patchload.U



    F-Prot

    4.6.2.117

    2011.08.11

    W32/Patched.G



    F-Secure

    9.0.16440.0

    2011.08.12

    Trojan.Patched.HE



    Fortinet

    4.2.257.0

    2011.08.12

    -



    GData

    22

    2011.08.11

    Trojan.Patched.HE



    Ikarus

    T3.1.1.107.0

    2011.08.12

    Trojan-Spy.Win32.Zbot



    Jiangmin

    13.0.900

    2011.08.11

    TrojanSpy.Zbot.adxr



    K7AntiVirus

    9.109.5003

    2011.08.10

    Trojan



    Kaspersky

    9.0.0.837

    2011.08.12

    Trojan.Win32.Patched.mf



    McAfee

    5.400.0.1158

    2011.08.12

    W32/Katusha



    McAfee-GW-Edition

    2010.1D

    2011.08.12

    W32/Katusha



    Microsoft

    1.7104

    2011.08.11

    Virus:Win32/Patchload.O



    NOD32

    6370

    2011.08.12

    Win32/Patched.HN



    Norman

    6.07.10

    2011.08.11

    W32/Patched.BH



    nProtect

    2011-08-11.01

    2011.08.11

    -



    Panda

    10.0.3.5

    2011.08.11

    W32/Katusha.BN



    PCTools

    8.0.0.5

    2011.08.12

    Trojan.Paccyn



    Prevx

    3.0

    2011.08.12

    -



    Rising

    23.70.03.03

    2011.08.11

    Win32.Loader.li



    Sophos

    4.67.0

    2011.08.12

    W32/Patched-AK



    SUPERAntiSpyware

    4.40.0.1006

    2011.08.12

    -



    Symantec

    20111.2.0.82

    2011.08.12

    Trojan.Paccyn!inf



    TheHacker

    6.7.0.1.276

    2011.08.11

    -



    TrendMicro

    9.500.0.1008

    2011.08.11

    PTCH_KATUSHA.W



    TrendMicro-HouseCall

    9.500.0.1008

    2011.08.12

    PTCH_KATUSHA.W



    VBA32

    3.12.16.4

    2011.08.10

    Trojan-Spy.Zbot.gen



    VIPRE

    10143

    2011.08.12

    Virus.Win32.Agent.mpq (v)



    ViRobot

    2011.8.11.4617

    2011.08.11

    Win32.Patched.BE



    VirusBuster

    14.0.164.0

    2011.08.11

    Win32.Katusha.Gen





    Additional information

    Show all



    MD5 : 1ac0335744ee811c8494443ce1bbe7f2



    SHA1 : 5cec7e24351a1baef64bb33e9a4e48a6b91fb276



    SHA256: 6f65280dd321700473211fac74356ade83941a4408a0aa066086935c7341befd
  17. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Go ahead with TFC and Eset.
  18. funkduck

    funkduck Newcomer, in training Topic Starter Posts: 36

    TFC Done.
    ESET running. 56% done and 6 threats found so far.
  19. funkduck

    funkduck Newcomer, in training Topic Starter Posts: 36

    C:\Program Files\Bonjour\mDNSResponder.exe Win32/Patched.HN trojan
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojan
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe Win32/Patched.HN trojan
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe Win32/Patched.HN trojan
    C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe Win32/Patched.HN trojan
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe Win32/Patched.HN trojan
    C:\Qoobox\Quarantine\C\Windows\System32\c_18145.nl_.vir probably a variant of Win32/Rootkit.KHEBOKS trojan
    C:\Windows\System32\c_18145.nl_ probably a variant of Win32/Rootkit.KHEBOKS trojan
  20. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Were those files removed, or they're still there?

    Did you reinstall McAfee?
  21. funkduck

    funkduck Newcomer, in training Topic Starter Posts: 36

    Files are still there. Do I need to check "Remove files" and redo the scan ?

    McAfee is reinstalled.
  22. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Yes.
  23. funkduck

    funkduck Newcomer, in training Topic Starter Posts: 36

    C:\Program Files\Bonjour\mDNSResponder.exe Win32/Patched.HN trojan cleaned - quarantined
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojan cleaned - quarantined
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe Win32/Patched.HN trojan cleaned - quarantined
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe Win32/Patched.HN trojan cleaned - quarantined
    C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe Win32/Patched.HN trojan cleaned - quarantined
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe Win32/Patched.HN trojan error while cleaning
    C:\Qoobox\Quarantine\C\Windows\System32\c_18145.nl_.vir probably a variant of Win32/Rootkit.KHEBOKS trojan cleaned by deleting - quarantined
    C:\Windows\System32\c_18145.nl_ probably a variant of Win32/Rootkit.KHEBOKS trojan cleaned by deleting - quarantined
  24. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    How is computer doing?
  25. funkduck

    funkduck Newcomer, in training Topic Starter Posts: 36

    Mcafee is persistently complaining about this still.

    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

    And restarting as it suggests does not fix the problem.

    How do I get rid of this ?

    Attached Files:

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.