Inactive Win32.Bamital-X infection + possible keylogger

Status
Not open for further replies.
[2010-09-03 10:54:48 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\HijackThis.lnk
[2010-09-03 09:42:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-09-02 10:39:24 | 000,670,661 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Moviedubbelmark1sep2010.wmv
[2010-09-01 19:16:21 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2010-08-31 22:31:35 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010-08-30 13:07:25 | 000,131,712 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\7519d94e-6e38-4fad-a48e-aa115f1131df.jpg
[2010-08-27 13:22:16 | 000,131,249 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\My Documents\pokerhanbd.JPG
[2010-08-24 21:36:22 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\borisp.xls
[2010-08-24 17:54:27 | 000,426,288 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\stronglifts-5x5.pdf
[2010-08-23 16:24:10 | 000,205,718 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\prototype.jpg
[2010-08-22 17:39:36 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Shortcut to steam.lnk
[2010-08-22 14:54:40 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Texas Holdem Poker 3D Deluxe Edition DeLEGiON.lnk
[2010-08-22 14:01:27 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2010-08-22 14:01:27 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk
[2010-08-19 20:06:33 | 000,340,634 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\bikeflame.jpg
[2010-08-19 17:40:17 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Shortcut to SOTE.EXE.lnk
[2010-08-19 15:10:33 | 000,000,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010-08-18 21:09:33 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Shortcut to FalloutLauncher.exe.lnk
[2010-08-17 16:03:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\prvlcl.dat
[2010-08-16 21:47:13 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010-08-15 14:44:44 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\13a9038c-6a2c-4536-98d6-5e7e075f0d66.jpg
[2010-08-13 16:52:14 | 000,135,752 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\44 What Really Happened to Mario_thumb.jpg
[2010-08-13 09:32:27 | 002,112,768 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\129157546596021572.gif
[2010-08-13 09:32:25 | 002,058,357 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\gifki_07.gif
[2010-08-11 22:39:14 | 000,062,020 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Program(1).jpg
[2010-08-06 14:15:47 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-08-06 14:15:47 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-08-06 14:15:47 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-08-06 14:13:55 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Telia mobile broadband.lnk
[2010-07-31 00:53:58 | 001,631,881 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\MoviemarkusPKB30jul10.wmv
[2010-07-29 15:09:25 | 009,373,615 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\EhrlingsArmträningsprogram.pdf
[2010-07-26 17:08:07 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal.lnk
[2010-07-19 13:19:44 | 001,490,463 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Moviedenkeml14jul2010.wmv
[2010-07-19 13:19:10 | 007,731,541 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Film JSK 28 oktober 2006.wmv
[2010-07-11 21:38:03 | 001,061,159 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Moviemariekb10512feb10.wmv
[2010-06-26 18:28:12 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sniper Ghost Warrior.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Mathias Svensson\*.tmp files -> C:\Documents and Settings\Mathias Svensson\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-09-11 23:43:27 | 000,480,213 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\AENfD.jpg
[2010-09-11 22:14:43 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\SystemLook.exe
[2010-09-11 13:39:28 | 001,380,015 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\My Documents\Virtual_Piano_Musicsheet_Aug_Sep.pdf
[2010-09-11 10:05:33 | 003,842,655 | R--- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\ComboFix.exe
[2010-09-09 20:55:10 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2010-09-09 18:32:17 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-09-09 18:32:17 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010-09-09 18:30:44 | 000,163,226 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\bookmarks-2010-09-09.json
[2010-09-07 20:47:27 | 000,054,154 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\2ep7jty.jpg
[2010-09-06 13:02:15 | 003,345,031 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\IMG_1777.JPG
[2010-09-05 14:28:49 | 000,161,432 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\bookmarks-2010-09-05.json
[2010-09-04 15:09:38 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Spotify.lnk
[2010-09-04 14:56:52 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-09-03 10:54:48 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\HijackThis.lnk
[2010-09-02 10:39:23 | 000,670,661 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Moviedubbelmark1sep2010.wmv
[2010-09-01 19:16:21 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010-09-01 19:16:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010-08-31 23:12:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-08-31 23:12:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-08-31 23:12:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-08-31 23:12:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-08-31 23:12:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-08-31 22:31:35 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010-08-30 13:07:24 | 000,131,712 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\7519d94e-6e38-4fad-a48e-aa115f1131df.jpg
[2010-08-27 13:22:16 | 000,131,249 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\My Documents\pokerhanbd.JPG
[2010-08-24 21:42:23 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\borisp.xls
[2010-08-23 16:24:09 | 000,205,718 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\prototype.jpg
[2010-08-22 17:39:36 | 000,000,436 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Shortcut to steam.lnk
[2010-08-22 14:54:40 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Texas Holdem Poker 3D Deluxe Edition DeLEGiON.lnk
[2010-08-22 14:01:27 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2010-08-22 14:01:27 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk
[2010-08-19 20:06:32 | 000,340,634 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\bikeflame.jpg
[2010-08-19 17:40:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Shortcut to SOTE.EXE.lnk
[2010-08-19 14:22:37 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010-08-18 21:09:33 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Shortcut to FalloutLauncher.exe.lnk
[2010-08-16 21:47:13 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010-08-16 21:46:26 | 000,000,906 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-08-16 21:46:26 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-08-15 14:44:43 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\13a9038c-6a2c-4536-98d6-5e7e075f0d66.jpg
[2010-08-13 16:52:14 | 000,135,752 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\44 What Really Happened to Mario_thumb.jpg
[2010-08-13 09:32:27 | 002,112,768 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\129157546596021572.gif
[2010-08-13 09:32:24 | 002,058,357 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\gifki_07.gif
[2010-08-11 22:39:13 | 000,062,020 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Program(1).jpg
[2010-08-06 14:13:55 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Telia mobile broadband.lnk
[2010-07-31 00:53:53 | 001,631,881 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\MoviemarkusPKB30jul10.wmv
[2010-07-29 15:08:51 | 009,373,615 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\EhrlingsArmträningsprogram.pdf
[2010-07-26 17:08:07 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal.lnk
[2010-07-19 13:19:35 | 001,490,463 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Moviedenkeml14jul2010.wmv
[2010-07-19 13:18:24 | 007,731,541 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Film JSK 28 oktober 2006.wmv
[2010-07-12 21:55:45 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-07-11 21:37:50 | 001,061,159 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\Moviemariekb10512feb10.wmv
[2010-06-29 17:33:28 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Desktop\4 split.doc
[2010-06-26 18:28:12 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sniper Ghost Warrior.lnk
[2010-04-10 00:19:31 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-04-06 23:12:57 | 000,215,552 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-06 22:57:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mathias Svensson\Local Settings\Application Data\prvlcl.dat
[2009-11-06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008-06-19 22:39:45 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008-04-14 14:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
 
========== LOP Check ==========

[2010-09-09 20:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010-05-19 15:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010-08-22 16:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boss Media
[2010-06-02 20:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2010-04-15 10:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-08-18 20:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2010-09-11 22:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-07-23 23:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\.minecraft
[2010-06-04 14:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\AnvSoft
[2010-04-15 19:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\DAEMON Tools Lite
[2010-04-14 14:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010-05-21 22:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\Moyea
[2010-05-24 18:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\OpenOffice.org
[2010-07-26 17:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\Personal
[2010-06-10 20:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\Registry Mechanic
[2010-09-12 16:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\Spotify
[2010-04-06 22:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\Styler
[2010-09-12 15:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\Synthesia
[2010-05-31 15:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\Tilted Mill
[2010-04-29 20:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\TS3Client
[2010-09-12 22:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\uTorrent
[2010-06-04 15:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathias Svensson\Application Data\WinAVI

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010-04-06 22:19:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-04-06 22:58:16 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010-09-01 19:16:21 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2004-08-03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010-09-11 23:01:11 | 000,061,400 | ---- | M] () -- C:\ComboFix.txt
[2010-04-06 22:19:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-04-06 22:57:02 | 000,000,086 | ---- | M] () -- C:\csb.log
[2010-04-06 22:19:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-04-06 22:19:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-14 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-14 14:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010-09-12 12:31:53 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010-04-06 22:54:15 | 000,000,522 | ---- | M] () -- C:\RHDSetup.log
[2010-09-09 18:58:16 | 000,033,490 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_09.09.2010_18.58.00_log.txt
[2010-08-31 22:31:35 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010-04-06 22:19:30 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008-07-06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010-09-07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010-04-06 23:58:10 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010-04-06 23:58:10 | 001,081,344 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010-04-06 23:58:10 | 000,835,584 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010-04-06 22:20:00 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[3 C:\WINDOWS\system32\config\systemprofile\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\*.tmp -> ]

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010-04-06 22:32:49 | 000,000,141 | -HS- | M] () -- C:\Documents and Settings\Mathias Svensson\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010-04-06 22:32:34 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010-09-11 22:33:30 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\ComboFix.exe
[2010-09-11 22:14:43 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Mathias Svensson\Desktop\SystemLook.exe
[2010-09-10 12:58:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mathias Svensson\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010-04-06 22:32:50 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Mathias Svensson\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010-09-12 22:32:21 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Mathias Svensson\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2006-11-01 18:31:34 | 000,315,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< MD5 for: EXPLORER.EXE >
[2008-04-14 14:00:00 | 001,033,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\explorer.exe

< MD5 for: WINLOGON.EXE >
[2008-04-14 14:00:00 | 000,507,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
 
OTL Extras logfile created on: 2010-09-12 22:38:30 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Mathias Svensson\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 0,27 Gb Free Space | 1,39% Space Free | Partition Type: NTFS
Drive D: | 54,99 Gb Total Space | 0,73 Gb Free Space | 1,33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232,88 Gb Total Space | 1,83 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
Drive G: | 298,09 Gb Total Space | 14,49 Gb Free Space | 4,86% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 1,62 Gb Free Space | 0,35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: MUSTARD
Current User Name: Mathias Svensson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L ()
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L ()
Drive [find] -- %SystemRoot%\Explorer.exe ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Beat Hazard\BeatHazard.exe" = C:\Program Files\Beat Hazard\BeatHazard.exe:*:Disabled:BeatHazard -- ()
"H:\Spel\Dragon Age\bin_ship\daorigins.exe" = H:\Spel\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"H:\Spel\Dragon Age\DAOriginsLauncher.exe" = H:\Spel\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"H:\Spel\Dragon Age\bin_ship\daupdatersvc.service.exe" = H:\Spel\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"G:\WoW\wow1\Launcher.exe" = G:\WoW\wow1\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"H:\Steam\steamapps\common\alien swarm\srcds.exe" = H:\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"H:\Steam\steamapps\msvensson87\team fortress 2\hl2.exe" = H:\Steam\steamapps\msvensson87\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"H:\Steam\steamapps\common\mafia ii - public demo\launcher.exe" = H:\Steam\steamapps\common\mafia ii - public demo\launcher.exe:*:Enabled:Mafia II - Demo -- ()
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"G:\spel\StarCraft II\StarCraft II.exe" = G:\spel\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"G:\spel\StarCraft II\Versions\Base15405\SC2.exe" = G:\spel\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Documents and Settings\Mathias Svensson\Application Data\Macromedia\Flash Player\" = C:\Documents and Settings\Mathias Svensson\Application Data\Macromedia\Flash Player\:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"H:\Steam\steamapps\common\alien swarm\swarm.exe" = H:\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"H:\Steam\steamapps\mustard87\garrysmod\hl2.exe" = H:\Steam\steamapps\mustard87\garrysmod\hl2.exe:*:Enabled:hl2 -- ()
"H:\Steam\steamapps\mustard87\team fortress 2\hl2.exe" = H:\Steam\steamapps\mustard87\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"H:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = H:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0A5DAE9E-DD2A-40D1-9AEB-06F31133A9DE}" = OpenOffice.org 3.2
"{0E93710D-31E5-477C-8A4B-5032B484BE74}" = Windows Live inloggningsassistenten
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363AA0EF-7672-42C2-AA43-237E1DBFB827}_is1" = Moyea FLV Editor Pro Version: 3.1.13.0
"{3CD921DC-FE10-404C-99DB-FA57A6FCB32E}_is1" = Ben There Dan That 1.1.3.8
"{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}" = Windows Live Essentials
"{5E39FDEE-7676-4BB7-9E2B-8224D7D74406}_is1" = Moyea Video Converter version 2.5.1.1475
"{6B76A0FE-4D7F-4BCE-8BD1-D61CAB936D40}_is1" = Beat Hazard 1.3s
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-008A-0409-0000-0000000FF1CE}" = Microsoft Office 2007 Recent Documents Gadget
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1053-7B44-A93000000001}" = Adobe Reader 9.3 - Svenska
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{BF1EC9C0-9C10-11DF-BBC7-005056C00008}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9B26742-06BE-3B75-B1DE-7B91B5956A04}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EC928237-A3BD-4640-ABD0-E49E758F2315}" = Windows Live Messenger
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 9.13 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.5
"avast5" = avast! Internet Security
"CCleaner" = CCleaner (remove only)
"CDisplayEx_is1" = CDisplayEx 1.4
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DamnNFOViewer" = DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)
"Family Toolbar" = Family Toolbar
"Fiddler2" = Fiddler2
"HijackThis" = HijackThis 2.0.2
"IconPackager" = IconPackager
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Basic)
"Kristanix Right Click Image Converter" = Right Click Image Converter
"League of Legends_is1" = League of Legends
"LucasArts' Shadows of the Empire (full game)" = LucasArts' Shadows of the Empire (full game)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Northland" = Northland
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Personal" = Personal 4.10.2
"PokerStars" = PokerStars
"Resource Hacker 3.4.0" = Resource Hacker 3.4.0
"Spotify" = Spotify
"StarCraft II" = StarCraft II
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"Svenska Spels Poker" = Svenska Spels Poker
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Telia mobile broadband" = Telia mobile broadband
"Texas Holdem Poker 3D Deluxe Edition DeLEGiON_is1" = Texas Holdem Poker 3D Deluxe Edition v1 0 DeLEGiON
"Unlocker" = Unlocker 1.8.5
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinAVI Video Converter 10.5_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Sidebar" = Windows Sidebar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 1.0.5
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft Public Test" = World of Warcraft Public Test
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-09-11 16:59:09 | Computer Name = MUSTARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2010-09-11 16:59:09 | Computer Name = MUSTARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2010-09-11 16:59:09 | Computer Name = MUSTARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2010-09-11 16:59:09 | Computer Name = MUSTARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2010-09-11 16:59:09 | Computer Name = MUSTARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2010-09-11 16:59:09 | Computer Name = MUSTARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2010-09-11 16:59:09 | Computer Name = MUSTARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2010-09-11 16:59:09 | Computer Name = MUSTARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2010-09-11 16:59:09 | Computer Name = MUSTARD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2010-09-12 12:05:44 | Computer Name = MUSTARD | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x0000100b.

[ System Events ]
Error - 2010-07-11 14:27:25 | Computer Name = MUSTARD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.34 for the Network Card with network
address 001D7DD9057E has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
 
We'll need to replace infected files with healthy files from your Windows CD.

  • Insert Windows CD into your CD drive.
  • Go Start>Run and type in:
cmd
  • Click OK.
  • At the comand prompt window, copy/paste exactly the bolded text below the way I have posted them. (IMPORTANT! the d after the word expand is the drive letter to your CDROM; if it's a different letter on your computer, please make the necessary adjustment).

expand d:\i386\winlogon.ex_ c:\winlogon.exe /y
then
expand d:\i386\explorer.ex_ c:\explorer.exe /y
  • Type exit to exit the command prompt
  • Open Windows Explorer and make sure, winlogon.exe and explorer.exe are located in C:\ folder


NOW.....

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL

:Services

:Reg

:Files
C:\WINDOWS\explorer.exe|c:\explorer.exe /replace
C:\WINDOWS\system32\winlogon.exe|c:\winlogon.exe /replace


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
Hi sorry for late reply loads of things going on, couldn't find my cd so i am gonna borrow one from a friend will do first thing after work tomorrow.

Thanks :)
 
Status
Not open for further replies.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
Emills83
Solved Scan showed a Keylogger...Now I'm concerned
2
Replies
26
Views
7K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back