Ebay/Paypal Problem

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 23rd February 2010, 7:38 pm

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/02/23 13:04
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEDFCD000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7C31000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xECEE9000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: Volume C:\
Status: MBR Rootkit Detected!

Path: c:\documents and settings\all users\application data\spybot - search & destroy\proccache.sbc
Status: Size mismatch (API: 27516, Raw: 27482)

Stealth Objects
-------------------
Object: Hidden Code [Driver: ACPI, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d26310 Size: 153

==EOF==

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by Belahzur on 23rd February 2010, 8:05 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 24th February 2010, 2:18 am

GMER 1.0.15.15281 - [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-23 20:18:24
Windows 5.1.2600 Service Pack 3
Running: GMER.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxldypoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[220] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 017B28F5
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[220] WS2_32.dll!send 71AB4C27 5 Bytes JMP 017B2781
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[220] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 017B2873
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[220] WS2_32.dll!recv 71AB676F 5 Bytes JMP 017B27B9
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[220] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 017B27F1
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[292] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F228F5
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[292] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F22781
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[292] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F22873
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[292] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F227B9
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[292] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F227F1
.text C:\Program Files\Bonjour\mDNSResponder.exe[304] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 007D28F5
.text C:\Program Files\Bonjour\mDNSResponder.exe[304] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007D2781
.text C:\Program Files\Bonjour\mDNSResponder.exe[304] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 007D2873
.text C:\Program Files\Bonjour\mDNSResponder.exe[304] WS2_32.dll!recv 71AB676F 5 Bytes JMP 007D27B9
.text C:\Program Files\Bonjour\mDNSResponder.exe[304] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 007D27F1
.text C:\WINDOWS\BCMSMMSG.exe[484] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CC28F5
.text C:\WINDOWS\BCMSMMSG.exe[484] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CC2781
.text C:\WINDOWS\BCMSMMSG.exe[484] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CC2873
.text C:\WINDOWS\BCMSMMSG.exe[484] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CC27B9
.text C:\WINDOWS\BCMSMMSG.exe[484] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CC27F1
.text C:\Program Files\Java\jre6\bin\jusched.exe[536] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C628F5
.text C:\Program Files\Java\jre6\bin\jusched.exe[536] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C62781
.text C:\Program Files\Java\jre6\bin\jusched.exe[536] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C62873
.text C:\Program Files\Java\jre6\bin\jusched.exe[536] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C627B9
.text C:\Program Files\Java\jre6\bin\jusched.exe[536] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C627F1
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[592] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01C528F5
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[592] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01C52781
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[592] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01C52873
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[592] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01C527B9
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[592] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01C527F1
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[888] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010528F5
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[888] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01052781
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[888] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01052873
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[888] WS2_32.dll!recv 71AB676F 5 Bytes JMP 010527B9
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[888] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010527F1
.text C:\Program Files\iTunes\iTunesHelper.exe[976] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 011028F5
.text C:\Program Files\iTunes\iTunesHelper.exe[976] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01102781
.text C:\Program Files\iTunes\iTunesHelper.exe[976] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01102873
.text C:\Program Files\iTunes\iTunesHelper.exe[976] WS2_32.dll!recv 71AB676F 5 Bytes JMP 011027B9
.text C:\Program Files\iTunes\iTunesHelper.exe[976] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 011027F1
.text C:\Program Files\SpiralFrog\Spiralfrog.exe[988] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 03A028F5
.text C:\Program Files\SpiralFrog\Spiralfrog.exe[988] WS2_32.dll!send 71AB4C27 5 Bytes JMP 03A02781
.text C:\Program Files\SpiralFrog\Spiralfrog.exe[988] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03A02873
.text C:\Program Files\SpiralFrog\Spiralfrog.exe[988] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03A027B9
.text C:\Program Files\SpiralFrog\Spiralfrog.exe[988] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 03A027F1
.text C:\Program Files\Messenger\msmsgs.exe[1088] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A528F5
.text C:\Program Files\Messenger\msmsgs.exe[1088] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A52781
.text C:\Program Files\Messenger\msmsgs.exe[1088] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A52873
.text C:\Program Files\Messenger\msmsgs.exe[1088] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A527B9
.text C:\Program Files\Messenger\msmsgs.exe[1088] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A527F1
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1120] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E328F5
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1120] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E32781
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1120] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E32873
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1120] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E327B9
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1120] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E327F1
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[1236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D228F5
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[1236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D22781
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[1236] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D22873
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[1236] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D227B9
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe[1236] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D227F1
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe[1300] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D028F5
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe[1300] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D02781
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe[1300] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D02873
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe[1300] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D027B9
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe[1300] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D027F1
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[1312] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E428F5
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[1312] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E42781
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[1312] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E42873
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[1312] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E427B9
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[1312] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E427F1
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1360] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 013D28F5
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1360] WS2_32.dll!send 71AB4C27 5 Bytes JMP 013D2781
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1360] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 013D2873
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1360] WS2_32.dll!recv 71AB676F 5 Bytes JMP 013D27B9
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1360] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 013D27F1
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[1424] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010E28F5
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[1424] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010E2781
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[1424] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010E2873
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[1424] WS2_32.dll!recv 71AB676F 5 Bytes JMP 010E27B9
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[1424] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010E27F1
.text C:\WINDOWS\Explorer.EXE[1668] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 017728F5
.text C:\WINDOWS\Explorer.EXE[1668] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01772781
.text C:\WINDOWS\Explorer.EXE[1668] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01772873
.text C:\WINDOWS\Explorer.EXE[1668] WS2_32.dll!recv 71AB676F 5 Bytes JMP 017727B9
.text C:\WINDOWS\Explorer.EXE[1668] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 017727F1
.text C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[1696] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 052128F5
.text C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[1696] WS2_32.dll!send 71AB4C27 5 Bytes JMP 05212781
.text C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[1696] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 05212873
.text C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[1696] WS2_32.dll!recv 71AB676F 5 Bytes JMP 052127B9
.text C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[1696] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 052127F1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 02C5299D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 02C5294D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 02C52911
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02C52EA5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02C52F01
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 02C52BF3
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 02C529B9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 02C5370F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 02C52D5B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] CRYPT32.dll!CertGetCertificateChain 77A92F67 5 Bytes JMP 02C532E9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2344] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 5 Bytes JMP 02C532F2
.text C:\Program Files\Sun\StarOffice 8\program\soffice.BIN[2456] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 06A328F5
.text C:\Program Files\Sun\StarOffice 8\program\soffice.BIN[2456] WS2_32.dll!send 71AB4C27 5 Bytes JMP 06A32781
.text C:\Program Files\Sun\StarOffice 8\program\soffice.BIN[2456] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 06A32873
.text C:\Program Files\Sun\StarOffice 8\program\soffice.BIN[2456] WS2_32.dll!recv 71AB676F 5 Bytes JMP 06A327B9
.text C:\Program Files\Sun\StarOffice 8\program\soffice.BIN[2456] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 06A327F1
.text C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN[2460] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 06BA28F5
.text C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN[2460] WS2_32.dll!send 71AB4C27 5 Bytes JMP 06BA2781
.text C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN[2460] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 06BA2873
.text C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN[2460] WS2_32.dll!recv 71AB676F 5 Bytes JMP 06BA27B9
.text C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN[2460] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 06BA27F1
.text C:\Program Files\Outlook Express\msimn.exe[2836] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 034828F5
.text C:\Program Files\Outlook Express\msimn.exe[2836] ws2_32.dll!send 71AB4C27 5 Bytes JMP 03482781
.text C:\Program Files\Outlook Express\msimn.exe[2836] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03482873
.text C:\Program Files\Outlook Express\msimn.exe[2836] ws2_32.dll!recv 71AB676F 5 Bytes JMP 034827B9
.text C:\Program Files\Outlook Express\msimn.exe[2836] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 034827F1
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2876] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CD28F5
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2876] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CD2781
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2876] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CD2873
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2876] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CD27B9
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2876] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CD27F1
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2904] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01F228F5
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2904] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01F22781
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2904] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01F22873
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2904] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01F227B9
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2904] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01F227F1
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2964] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 011428F5
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2964] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01142781
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2964] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01142873
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2964] WS2_32.dll!recv 71AB676F 5 Bytes JMP 011427B9
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2964] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 011427F1
.text C:\Program Files\Java\jre6\bin\jucheck.exe[3656] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 023528F5
.text C:\Program Files\Java\jre6\bin\jucheck.exe[3656] ws2_32.dll!send 71AB4C27 5 Bytes JMP 02352781
.text C:\Program Files\Java\jre6\bin\jucheck.exe[3656] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02352873
.text C:\Program Files\Java\jre6\bin\jucheck.exe[3656] ws2_32.dll!recv 71AB676F 5 Bytes JMP 023527B9
.text C:\Program Files\Java\jre6\bin\jucheck.exe[3656] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 023527F1
.text C:\Program Files\iPod\bin\iPodService.exe[3816] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B228F5
.text C:\Program Files\iPod\bin\iPodService.exe[3816] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B22781
.text C:\Program Files\iPod\bin\iPodService.exe[3816] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B22873
.text C:\Program Files\iPod\bin\iPodService.exe[3816] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B227B9
.text C:\Program Files\iPod\bin\iPodService.exe[3816] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B227F1
.text C:\WINDOWS\System32\alg.exe[4024] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B228F5
.text C:\WINDOWS\System32\alg.exe[4024] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B22781
.text C:\WINDOWS\System32\alg.exe[4024] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B22873
.text C:\WINDOWS\System32\alg.exe[4024] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B227B9
.text C:\WINDOWS\System32\alg.exe[4024] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B227F1
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[4072] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F728F5
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[4072] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F72781
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[4072] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F72873
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[4072] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F727B9
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[4072] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F727F1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 02FF299D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 02FF294D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 02FF2911
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD189 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2548CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED9C0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02FF2EA5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02FF2F01
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 02FF2BF3
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 02FF29B9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 02FF370F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 02FF2D5B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] CRYPT32.dll!CertGetCertificateChain 77A92F67 5 Bytes JMP 02FF32E9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 5 Bytes JMP 02FF32F2

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4244] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\ACPI \Device\00000050 86D26310
Device \Driver\ACPI \Device\00000051 86D26310
Device \Driver\ACPI \Device\00000044 86D26310
Device \Driver\ACPI \Device\00000047 86D26310
Device \Driver\ACPI \Device\00000048 86D26310
Device \Driver\ACPI \Device\00000055 86D26310

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\ACPI \Device\00000049 86D26310
Device \Driver\ACPI \Device\00000056 86D26310

---- EOF - GMER 1.0.15 ----

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by Belahzur on 24th February 2010, 3:50 pm

Hello.

Now, please make sure mbr.exe is located on your Desktop!! << IMPORTANT

Now open a new notepad file.
Input this into the notepad file:

@echo off
cd %userprofile%
cd Desktop
mbr.exe -f
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.

Mbr.exe should make a logfile on your Desktop, DO NOT post it just yet. Once you have run my bat file once, run it AGAIN!! << IMPORTANT

Next, DO NOT reboot the machine.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 25th February 2010, 12:54 am

OTL logfile created on: 2/24/2010 6:31:50 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 449.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 33.15 Gb Free Space | 59.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENSENS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/24 18:31:16 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/12/12 10:00:20 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/20 17:42:52 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/20 17:42:51 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/20 17:42:44 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/20 17:42:40 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/20 17:42:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/01/26 14:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/03 18:11:57 | 000,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/01/03 18:11:57 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/03 18:11:57 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/09/10 16:40:06 | 000,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/09/10 16:39:48 | 000,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/09/10 15:50:26 | 000,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/09/10 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 20:41:18 | 001,241,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Sun\StarOffice 8\program\soffice.bin
PRC - [2008/03/14 20:41:18 | 001,019,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Sun\StarOffice 8\program\soffice.exe
PRC - [2008/03/12 12:05:36 | 000,163,128 | ---- | M] (SpiralFrog) -- C:\Program Files\SpiralFrog\Spiralfrog.exe
PRC - [2008/02/05 14:29:20 | 000,054,512 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
PRC - [2008/01/04 13:27:08 | 000,587,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/11/13 18:51:24 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
PRC - [2007/11/13 18:49:22 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
PRC - [2005/12/08 10:03:02 | 000,811,008 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2005/10/20 10:54:16 | 000,126,976 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe
PRC - [2005/10/19 08:59:12 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2003/08/29 04:59:24 | 000,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2002/08/14 17:29:26 | 000,090,112 | ---- | M] (MUSICMATCH, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2002/06/27 00:53:26 | 000,303,104 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2002/06/27 00:34:44 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/06/27 00:21:30 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
PRC - [2002/06/27 00:20:58 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2002/04/11 03:19:36 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/11 03:19:34 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2002/02/15 10:31:42 | 000,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/02/24 18:31:16 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/08/20 17:42:40 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/20 17:42:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/01/03 18:11:57 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/09/10 16:39:48 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/09/10 15:50:26 | 000,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/03/04 20:22:53 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2008/01/04 13:27:08 | 000,587,096 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2005/10/20 10:54:16 | 000,126,976 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe -- (QuickBooksDB)
SRV - [2004/07/15 01:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/08/20 17:42:52 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/20 17:42:52 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/10 09:00:08 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/06/18 09:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/17 12:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/03/05 19:46:22 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/10/18 03:00:00 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/10/19 08:59:12 | 000,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/03/09 21:31:02 | 000,021,456 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 21:31:02 | 000,016,080 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 21:31:00 | 000,051,024 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/01/15 14:45:06 | 000,042,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/14 12:38:36 | 000,108,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2003/01/14 12:38:30 | 000,078,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2002/12/19 17:48:48 | 000,539,008 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002/09/03 10:53:10 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/04/01 13:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 07:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local



O1 HOSTS File: ([2009/04/04 07:30:30 | 000,304,232 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10480 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [FastFox] C:\Program Files\NCH Swift Sound\FastFox\fastfox.exe (NCH Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TexTally] C:\Program Files\NCH Swift Sound\TexTally\textally.exe (NCH Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: bankfirstonline.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} [You must be registered and logged in to see this link.] (Mines Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} [You must be registered and logged in to see this link.] (SkillGam Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} [You must be registered and logged in to see this link.] (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} [You must be registered and logged in to see this link.] (TPIR Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} [You must be registered and logged in to see this link.] (Brickout Control)
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} [You must be registered and logged in to see this link.] (Jigsaw Genius Control)
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} [You must be registered and logged in to see this link.] (SolitaireRush Control)
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} [You must be registered and logged in to see this link.] (WWHearts Control)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} [You must be registered and logged in to see this link.] (BJA Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} [You must be registered and logged in to see this link.] (Bejeweled Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} [You must be registered and logged in to see this link.] (SpiderSolitaire Control)
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} [You must be registered and logged in to see this link.] (Blockwerx Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} [You must be registered and logged in to see this link.] (ContactExtractor Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [You must be registered and logged in to see this link.] (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} [You must be registered and logged in to see this link.] (WordMojo Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} [You must be registered and logged in to see this link.] (Cubis Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} [You must be registered and logged in to see this link.] (WoF Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} [You must be registered and logged in to see this link.] (SwapIt Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} [You must be registered and logged in to see this link.] (Hangman Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} [You must be registered and logged in to see this link.] (Tilecity Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} [You must be registered and logged in to see this link.] (Royal Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} [You must be registered and logged in to see this link.] (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} [You must be registered and logged in to see this link.] (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} [You must be registered and logged in to see this link.] (GolfSol Control)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} [You must be registered and logged in to see this link.] (WWSpades Control)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/04 20:27:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/24 18:31:09 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/24 05:54:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/23 12:20:16 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2010/02/23 09:59:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/22 18:42:06 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/02/20 19:47:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/20 19:46:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/20 19:46:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/20 19:46:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/20 19:46:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/20 19:30:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/19 16:51:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/19 16:51:12 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/19 16:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/15 19:39:02 | 000,175,880 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/02/14 13:41:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2010/02/14 13:36:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2010/02/14 12:40:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2010/02/14 12:17:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/14 12:09:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/09 14:41:07 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/01/31 08:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/01/30 07:33:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/01/29 08:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/01/29 08:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/30 20:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/08/13 12:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/05/24 15:26:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/24 15:26:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/05/24 15:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/24 18:31:16 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/24 18:29:52 | 000,000,062 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fix.bat
[2010/02/24 18:02:09 | 056,199,314 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/24 17:59:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/24 17:59:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/24 06:33:16 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/02/24 06:31:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/24 06:30:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/23 14:09:17 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GMER.exe
[2010/02/23 12:20:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2010/02/23 12:19:19 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2010/02/23 12:15:00 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2010/02/23 10:19:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/23 08:43:19 | 003,869,515 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2010/02/22 16:08:47 | 000,175,880 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/02/22 16:06:20 | 000,153,078 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2010/02/21 22:58:20 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Stealth MBR Rootkit Detector.exe
[2010/02/20 19:47:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/19 16:51:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/18 23:15:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/15 10:23:17 | 000,009,612 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Our address labels.odt
[2010/02/15 09:12:49 | 000,129,024 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Christmas Card List.doc
[2010/02/15 09:09:47 | 000,011,524 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Junior Disciple Phone List.odt
[2010/02/15 08:57:03 | 000,016,888 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Junior Disciple Invitation.odt
[2010/02/14 10:32:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/07 18:55:44 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 21:07:33 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Announcement List.doc
[2010/01/28 19:27:57 | 000,090,624 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Jen's Shower Invitation List.doc
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/23 14:09:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GMER.exe
[2010/02/23 12:20:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2010/02/23 12:19:17 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2010/02/22 21:35:51 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fix.bat
[2010/02/22 16:06:17 | 000,153,078 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2010/02/21 22:58:19 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Stealth MBR Rootkit Detector.exe
[2010/02/20 19:47:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/20 19:47:26 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/20 19:46:09 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/20 19:46:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/20 19:46:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/20 19:46:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/20 19:46:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/20 19:44:29 | 003,869,515 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2010/02/19 16:51:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/15 10:23:16 | 000,009,612 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Our address labels.odt
[2010/01/28 18:31:50 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Jen's Shower Invitation List.doc
[2010/01/26 16:21:01 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Announcement List.doc
[2009/06/09 18:03:43 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/26 18:19:07 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/11/26 18:19:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/11/06 14:37:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2008/08/18 17:08:06 | 000,000,158 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2008/08/18 17:08:03 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/08/01 16:16:12 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/27 14:08:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/03/07 18:48:51 | 000,000,457 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/03/09 21:31:04 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
< End of report >

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 25th February 2010, 12:55 am

OTL Extras logfile created on: 2/24/2010 6:31:50 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 449.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 33.15 Gb Free Space | 59.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENSENS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
"{0B8FF60F-C012-4459-AADF-A3AD4E3757DE}" = Dell Picture Studio - Dell Image Expert
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1CD870CF-D67A-4691-962A-56E202D66733}" = StarOffice 8
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = B44Inst
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{95738B44-49CF-4C62-A620-320F1007B14A}" = SpiralFrog Download Manager 0.8.25
"{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}" = Readiris 7.5
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{ED93995E-8BF2-480F-8EA4-7D29E29A7052}" = HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG8Uninstall" = AVG 8.5
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Express" = Express Dictate
"FastFox" = FastFox
"hp instant support" = hp instant support
"hp psc 2100 series_Driver" = hp psc 2100 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x Driver Installer
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mavis Beacon Teaches Typing 16" = Mavis Beacon Teaches Typing 16
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photo Viewer" = Photo Viewer 2.3
"PSC 2000 Series" = HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
"Scribe" = Express Scribe
"Sky Rangers Simulator" = Sky Rangers Simulator
"TexTally" = TexTally
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/24/2010 3:04:07 AM | Computer Name = JENSENS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: JENSENS ExceptionManager.TimeStamp: 2/24/2010
1:04:07 AM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
JENSENS\Owner 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The BITS service returned an error for the job with
the ID '920a7a9e-a356-4fd5-bfad-71c52e63610c'; the job's name and description are
'Updater job.' and 'Updater: Download the Server XML File.'. The BITS service
error message for this job is 'Not enough storage is available to process this command.

'.
This
job has been canceled, and the DownloaderManager will attempt it again. If you
see this error frequently, you may have a mis-configuration, or another administrator
process/user is canceling BITS jobs. It is also possible that some mis-configuration
of the Manifest file is causing BITS to have trouble with a source or destination
path; be sure that all SOURCE paths are valid URLs, and that all DESTINATION paths
are valid LOCAL UNC paths--__shares are not allowed__. TargetSite: NULL HelpLink:
NULL Source: NULL

Error - 2/24/2010 3:04:09 AM | Computer Name = JENSENS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: JENSENS ExceptionManager.TimeStamp: 2/24/2010
1:04:09 AM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
JENSENS\Owner 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The metadata file (the Server Manifest) can't be
downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable
(check download URL in Updater config file), the downloader failed, or the Manifest
failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information
*********************************************
Exception
Type: System.Runtime.InteropServices.COMException ErrorCode: -2145386481 Message:
Exception from HRESULT: 0x8020000F. TargetSite: Void GetError(Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.IBackgroundCopyError
ByRef) HelpLink: NULL Source: Microsoft.ApplicationBlocks.ApplicationUpdater StackTrace
Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.IBackgroundCopyJob.GetError(IBackgroundCopyError&
ppError) at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.BITSDownloader.HandleDownloadErrorCancelJob(IBackgroundCopyJob
copyJob, String& errMessage) at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.BITSDownloader.Microsoft.ApplicationBlocks.ApplicationUpdater.Interfaces.IDownloader.Download(String
sourceFile, String destFile, TimeSpan maxTimeWait) at Microsoft.ApplicationBlocks.ApplicationUpdater.DownloaderManager.IsServerManifestDownloaded()

Error - 2/24/2010 4:53:51 AM | Computer Name = JENSENS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: JENSENS ExceptionManager.TimeStamp: 2/24/2010
2:53:50 AM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
JENSENS\Owner 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The BITS service returned an error for the job with
the ID '63d18033-b994-4a8e-a8f6-2258bf85e518'; the job's name and description are
'Updater job.' and 'Updater: Download the Server XML File.'. The BITS service
error message for this job is 'The client does not have sufficient access rights
to the requested server object. '. This job has been canceled, and the DownloaderManager
will attempt it again. If you see this error frequently, you may have a mis-configuration,
or another administrator process/user is canceling BITS jobs. It is also possible
that some mis-configuration of the Manifest file is causing BITS to have trouble
with a source or destination path; be sure that all SOURCE paths are valid URLs,
and that all DESTINATION paths are valid LOCAL UNC paths--__shares are not allowed__.
TargetSite:
NULL HelpLink: NULL Source: NULL

Error - 2/24/2010 4:53:53 AM | Computer Name = JENSENS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: JENSENS ExceptionManager.TimeStamp: 2/24/2010
2:53:53 AM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
JENSENS\Owner 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The metadata file (the Server Manifest) can't be
downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable
(check download URL in Updater config file), the downloader failed, or the Manifest
failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information
*********************************************
Exception
Type: System.Runtime.InteropServices.COMException ErrorCode: -2145386481 Message:
Exception from HRESULT: 0x8020000F. TargetSite: Void GetError(Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.IBackgroundCopyError
ByRef) HelpLink: NULL Source: Microsoft.ApplicationBlocks.ApplicationUpdater StackTrace
Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.IBackgroundCopyJob.GetError(IBackgroundCopyError&
ppError) at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.BITSDownloader.HandleDownloadErrorCancelJob(IBackgroundCopyJob
copyJob, String& errMessage) at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.BITSDownloader.Microsoft.ApplicationBlocks.ApplicationUpdater.Interfaces.IDownloader.Download(String
sourceFile, String destFile, TimeSpan maxTimeWait) at Microsoft.ApplicationBlocks.ApplicationUpdater.DownloaderManager.IsServerManifestDownloaded()

Error - 2/24/2010 8:12:57 AM | Computer Name = JENSENS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/24/2010 8:13:24 AM | Computer Name = JENSENS | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 2/24/2010 8:25:37 PM | Computer Name = JENSENS | Source = Application Hang | ID = 1002
Description = Hanging application fastfox.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/24/2010 8:25:45 PM | Computer Name = JENSENS | Source = Application Hang | ID = 1001
Description = Fault bucket 335464970.

Error - 2/24/2010 8:26:11 PM | Computer Name = JENSENS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: JENSENS ExceptionManager.TimeStamp: 2/24/2010
6:26:10 PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
JENSENS\Owner 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The BITS service returned an error for the job with
the ID '633bda85-cc56-4b6b-aa96-7aea465ce85f'; the job's name and description are
'Updater job.' and 'Updater: Download the Server XML File.'. The BITS service
error message for this job is 'The client does not have sufficient access rights
to the requested server object. '. This job has been canceled, and the DownloaderManager
will attempt it again. If you see this error frequently, you may have a mis-configuration,
or another administrator process/user is canceling BITS jobs. It is also possible
that some mis-configuration of the Manifest file is causing BITS to have trouble
with a source or destination path; be sure that all SOURCE paths are valid URLs,
and that all DESTINATION paths are valid LOCAL UNC paths--__shares are not allowed__.
TargetSite:
NULL HelpLink: NULL Source: NULL

Error - 2/24/2010 8:26:14 PM | Computer Name = JENSENS | Source = Spiralfrog | ID = 0
Description = General Information ********************************************* Additional
Info: ExceptionManager.MachineName: JENSENS ExceptionManager.TimeStamp: 2/24/2010
6:26:14 PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName:
Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity:
JENSENS\Owner 1) Exception Information *********************************************
Exception
Type: System.Exception Message: The metadata file (the Server Manifest) can't be
downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable
(check download URL in Updater config file), the downloader failed, or the Manifest
failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information
*********************************************
Exception
Type: System.Runtime.InteropServices.COMException ErrorCode: -2145386481 Message:
Exception from HRESULT: 0x8020000F. TargetSite: Void GetError(Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.IBackgroundCopyError
ByRef) HelpLink: NULL Source: Microsoft.ApplicationBlocks.ApplicationUpdater StackTrace
Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.IBackgroundCopyJob.GetError(IBackgroundCopyError&
ppError) at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.BITSDownloader.HandleDownloadErrorCancelJob(IBackgroundCopyJob
copyJob, String& errMessage) at Microsoft.ApplicationBlocks.ApplicationUpdater.Downloaders.BITSDownloader.Microsoft.ApplicationBlocks.ApplicationUpdater.Interfaces.IDownloader.Download(String
sourceFile, String destFile, TimeSpan maxTimeWait) at Microsoft.ApplicationBlocks.ApplicationUpdater.DownloaderManager.IsServerManifestDownloaded()

[ System Events ]
Error - 2/14/2010 10:00:04 AM | Computer Name = JENSENS | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 2/14/2010 10:12:04 AM | Computer Name = JENSENS | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 2/14/2010 10:24:04 AM | Computer Name = JENSENS | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 2/14/2010 10:36:04 AM | Computer Name = JENSENS | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 2/14/2010 10:48:04 AM | Computer Name = JENSENS | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 2/14/2010 11:00:04 AM | Computer Name = JENSENS | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 2/14/2010 11:07:20 AM | Computer Name = JENSENS | Source = System Error | ID = 1003
Description = Error code 100000d4, parameter1 ee6d0038, parameter2 00000002, parameter3
00000001, parameter4 804dbc9a.

Error - 2/14/2010 11:54:08 AM | Computer Name = JENSENS | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000000, parameter2 00000002, parameter3
00000000, parameter4 804fd603.

Error - 2/24/2010 4:53:30 AM | Computer Name = JENSENS | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 ec5631f4, parameter3
ecc84aa0, parameter4 00000000.

Error - 2/24/2010 8:25:58 PM | Computer Name = JENSENS | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 ffffff94, parameter2 00000002, parameter3
00000000, parameter4 804fd682.


< End of report >

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by Belahzur on 25th February 2010, 1:04 am

Hello.

Please reboot your computer, and when booting, select the new extra option you should have, and boot into the recovery console.



Once in the RC, type in "fixmbr" and hit Enter.



Type 'y' if asked to, and allow it to do it's job.

Once it's done that and shows the next bit for another command, type "exit"

This will reboot your machine again, allow it to boot normally this time.
=====

Next, please re-run Combofix and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 25th February 2010, 2:55 am

ComboFix 10-02-24.01 - Owner 02/24/2010 20:37:17.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.526 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.

2010-02-23 19:25 . 2010-02-23 19:25 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS.000\WINDOWS
2010-02-23 19:25 . 2010-02-23 19:25 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS.000\UserData
2010-02-23 19:24 . 2010-02-23 19:24 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS.000\PrivacIE
2010-02-23 19:19 . 2010-02-23 19:19 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS.000\IETldCache
2010-02-23 19:19 . 2010-02-23 19:19 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS.000\IECompatCache
2010-02-23 00:42 . 2010-02-23 01:00 -------- d-----w- C:\Combo-Fix
2010-02-19 22:51 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 22:51 . 2010-02-19 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 22:51 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 05:15 . 2010-02-19 05:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-17 16:19 . 2010-02-20 08:58 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS\IECompatCache
2010-02-17 16:19 . 2010-02-17 16:19 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS\PrivacIE
2010-02-14 19:41 . 2010-02-14 19:41 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2010-02-14 19:36 . 2010-02-14 19:36 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2010-02-14 18:52 . 2010-02-14 18:52 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS\IETldCache
2010-02-14 18:40 . 2010-02-14 18:40 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2010-02-14 18:18 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-14 18:17 . 2010-02-14 18:17 -------- d-----w- c:\windows\ie8updates
2010-02-14 18:14 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-14 18:14 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-14 18:09 . 2010-02-17 16:19 -------- dc-h--w- c:\windows\ie8
2010-02-09 20:41 . 2005-10-19 14:59 163840 ----a-w- c:\windows\system32\igfxres.dll
2010-01-31 17:08 . 2010-01-31 17:08 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS\WINDOWS
2010-01-31 17:08 . 2010-01-31 17:08 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS\UserData
2010-01-31 16:36 . 2010-01-31 16:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-31 14:43 . 2010-02-18 17:23 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-29 14:36 . 2010-01-29 14:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-01-29 14:36 . 2010-01-29 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-29 03:20 . 2010-01-31 16:35 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-01-29 02:20 . 2010-01-31 16:36 -------- d-----w- c:\documents and settings\HelpAssistant\.SunDownloadManager
2010-01-29 02:20 . 2010-01-31 16:36 -------- d-s---w- c:\documents and settings\HelpAssistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 02:34 . 2008-10-18 14:09 -------- d-----w- c:\program files\SpiralFrog
2010-02-25 02:34 . 2008-11-07 02:57 -------- d-----w- c:\documents and settings\Owner\Application Data\StarOffice8
2010-02-25 02:33 . 2008-03-08 00:35 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2010-02-25 00:30 . 2009-11-10 01:15 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-20 17:46 . 2008-03-08 00:36 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-02-15 14:49 . 2008-11-07 02:58 1 ----a-w- c:\documents and settings\Owner\Application Data\StarOffice8\user\uno_packages\cache\stamp.sys
2010-02-07 02:19 . 2009-03-12 15:42 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2010-01-31 17:22 . 2009-04-04 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-31 17:17 . 2009-04-04 13:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-31 16:50 . 2002-09-03 17:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-06-23 17:33 916480 ------w- c:\windows\system32\wininet.dll
2009-12-19 22:06 . 2009-10-03 17:38 127325 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-12-19 22:06 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-12-19 22:06 . 2009-12-19 22:06 1408376 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayerWinSilent_071505000011.exe
2009-12-16 18:43 . 2008-03-05 02:22 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2002-09-03 16:29 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2002-09-03 16:50 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 01:04 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2002-09-03 16:42 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2005-08-30 04:02 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2001-08-17 22:36 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2002-09-03 16:46 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2002-09-03 16:46 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2002-09-03 16:27 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-25 02:31 . 2010-02-25 02:31 16384 c:\windows\Temp\Perflib_Perfdata_b8.dat
+ 2007-11-13 11:31 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2007-11-13 11:31 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2008-03-05 02:22 . 2008-03-05 02:22 295424 c:\windows\system32\termsrv2.dll
- 2002-09-03 16:37 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2002-09-03 16:37 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2010-02-24 12:32 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-24 12:32 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-24 12:32 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SpiralFrog"="c:\program files\SpiralFrog\Spiralfrog.exe" [2008-03-12 163128]
"TexTally"="c:\program files\NCH Swift Sound\TexTally\textally.exe" [2008-12-30 274436]
"FastFox"="c:\program files\NCH Swift Sound\FastFox\fastfox.exe" [2008-12-30 327684]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2008-1-21 122880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-4 45056]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-12-8 811008]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 23:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/24/2008 2:57 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/24/2008 2:57 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/2/2008 3:26 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/2/2008 3:26 PM 297752]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
.
Contents of the 'Scheduled Tasks' folder

2010-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2008-11-19 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2100 seriesF56855811176EC24C9B302F94878AD886AF77CFF219100904.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 06:46]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Trusted Zone: bankfirstonline.com\www
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-24 20:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-24 20:51:41
ComboFix-quarantined-files.txt 2010-02-25 02:51
ComboFix2.txt 2010-02-23 16:41
ComboFix3.txt 2010-02-23 15:17
ComboFix4.txt 2010-02-23 00:59
ComboFix5.txt 2010-02-25 02:36

Pre-Run: 36,036,419,584 bytes free
Post-Run: 36,001,275,904 bytes free

- - End Of File - - BD2FBB9B85562A727339FE9655E92369

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by Belahzur on 25th February 2010, 1:01 pm

Hello.

Good work, we squashed it. Did you remove the HelpAssistant user accounts via control userpasswords2 like I asked? just making sure so we can move onto the next bit.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 26th February 2010, 12:19 am

Ummm....I'm not sure....I think I've done everything you've asked. I follow your steps step by step. How can I double check that this is done?

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by Belahzur on 26th February 2010, 12:27 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

control userpasswords2

When this user account control window opens, check what users are listed, and make sure HelpAssistant isn't there.

If if it there, highlight it by clicking on it once, and press remove.

let me know.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 26th February 2010, 12:52 am

Ok...I do remember doing that but for some reason it was still there. I did it again & removed it.

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by Belahzur on 26th February 2010, 11:16 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "65533:TCP=-
    "52344:TCP"=-
    "2479:TCP"=-
    "3246:TCP"=-
    "3389:TCP"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "65533:TCP=-
    "52344:TCP"=-
    "2479:TCP"=-
    "3246:TCP"=-
    "3389:TCP"=-


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 27th February 2010, 3:39 pm

========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\52344:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2479:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3246:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\52344:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2479:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3246:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully.

OTL by OldTimer - Version 3.1.30.1 log created on 02272010_093924

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by Belahzur on 27th February 2010, 8:16 pm

Hello.
Well done, we are getting close to end. I'm still slightly paranoid, so next, please delete the two OTL mades, and re-run OTL.

Please post only EXTRAS.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 27th February 2010, 11:06 pm

I ran it but it did not create a file called extras.txt. It only created otl.txt & here is the log

OTL logfile created on: 2/27/2010 4:15:48 PM - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 233.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 33.41 Gb Free Space | 59.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENSENS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/24 18:31:16 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/12/28 08:07:10 | 000,761,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
PRC - [2009/12/12 10:00:20 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/20 17:42:52 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/20 17:42:51 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/20 17:42:44 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/20 17:42:40 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/20 17:42:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/01/26 14:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/03 18:11:57 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/03 18:11:57 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/09/10 16:40:06 | 000,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/09/10 16:39:48 | 000,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/09/10 15:50:26 | 000,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/09/10 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 18:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 20:41:18 | 001,241,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Sun\StarOffice 8\program\soffice.bin
PRC - [2008/03/14 20:41:18 | 001,019,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Sun\StarOffice 8\program\soffice.exe
PRC - [2008/03/12 12:05:36 | 000,163,128 | ---- | M] (SpiralFrog) -- C:\Program Files\SpiralFrog\Spiralfrog.exe
PRC - [2008/02/05 14:29:20 | 000,054,512 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
PRC - [2008/01/04 13:27:08 | 000,587,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/11/13 18:51:24 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
PRC - [2007/11/13 18:49:22 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
PRC - [2005/12/08 10:03:02 | 000,811,008 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2005/10/20 10:54:16 | 000,126,976 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe
PRC - [2005/10/19 08:59:12 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2003/08/29 04:59:24 | 000,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2002/08/14 17:29:26 | 000,090,112 | ---- | M] (MUSICMATCH, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2002/06/27 00:53:26 | 000,303,104 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2002/06/27 00:34:44 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/06/27 00:21:30 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
PRC - [2002/06/27 00:20:58 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2002/04/11 03:19:36 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/11 03:19:34 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2002/02/15 10:31:42 | 000,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/02/24 18:31:16 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 18:11:56 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/20 17:42:40 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/20 17:42:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/01/03 18:11:57 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/09/10 16:39:48 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/09/10 15:50:26 | 000,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/01/04 13:27:08 | 000,587,096 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2005/10/20 10:54:16 | 000,126,976 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe -- (QuickBooksDB)
SRV - [2004/07/15 01:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/08/20 17:42:52 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/20 17:42:52 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/10 09:00:08 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/06/18 09:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/17 12:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/03/05 19:46:22 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/10/18 03:00:00 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/10/19 08:59:12 | 000,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/03/09 21:31:02 | 000,021,456 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 21:31:02 | 000,016,080 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 21:31:00 | 000,051,024 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/01/15 14:45:06 | 000,042,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/14 12:38:36 | 000,108,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2003/01/14 12:38:30 | 000,078,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2002/12/19 17:48:48 | 000,539,008 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002/09/03 10:53:10 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/04/01 13:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 07:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local



O1 HOSTS File: ([2009/04/04 07:30:30 | 000,304,232 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10480 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [FastFox] C:\Program Files\NCH Swift Sound\FastFox\fastfox.exe (NCH Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TexTally] C:\Program Files\NCH Swift Sound\TexTally\textally.exe (NCH Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: bankfirstonline.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} [You must be registered and logged in to see this link.] (Mines Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} [You must be registered and logged in to see this link.] (SkillGam Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} [You must be registered and logged in to see this link.] (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} [You must be registered and logged in to see this link.] (TPIR Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} [You must be registered and logged in to see this link.] (Brickout Control)
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} [You must be registered and logged in to see this link.] (Jigsaw Genius Control)
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} [You must be registered and logged in to see this link.] (SolitaireRush Control)
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} [You must be registered and logged in to see this link.] (WWHearts Control)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} [You must be registered and logged in to see this link.] (BJA Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} [You must be registered and logged in to see this link.] (Bejeweled Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} [You must be registered and logged in to see this link.] (SpiderSolitaire Control)
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} [You must be registered and logged in to see this link.] (Blockwerx Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} [You must be registered and logged in to see this link.] (ContactExtractor Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [You must be registered and logged in to see this link.] (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} [You must be registered and logged in to see this link.] (WordMojo Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} [You must be registered and logged in to see this link.] (Cubis Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} [You must be registered and logged in to see this link.] (WoF Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} [You must be registered and logged in to see this link.] (SwapIt Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} [You must be registered and logged in to see this link.] (Hangman Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} [You must be registered and logged in to see this link.] (Tilecity Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} [You must be registered and logged in to see this link.] (Royal Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} [You must be registered and logged in to see this link.] (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} [You must be registered and logged in to see this link.] (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} [You must be registered and logged in to see this link.] (GolfSol Control)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} [You must be registered and logged in to see this link.] (WWSpades Control)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/04 20:27:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/27 15:52:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/27 09:39:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/24 18:31:09 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/23 12:20:16 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2010/02/23 09:59:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/22 18:42:06 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/02/20 19:47:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/20 19:46:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/20 19:46:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/20 19:46:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/20 19:46:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/20 19:30:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/19 16:51:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/19 16:51:12 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/19 16:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/15 19:39:02 | 000,175,880 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/02/14 13:41:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2010/02/14 13:36:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2010/02/14 12:40:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2010/02/14 12:17:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/14 12:09:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/09 14:41:07 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/01/31 08:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/01/30 07:33:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/01/29 08:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/01/29 08:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/30 20:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/08/13 12:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/05/24 15:26:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/24 15:26:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/05/24 15:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/26 18:00:33 | 056,305,693 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/26 17:58:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/26 17:58:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/26 07:08:00 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/02/26 07:08:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/25 23:15:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/25 18:17:22 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2010/02/24 20:47:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/24 20:35:36 | 003,871,969 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2010/02/24 18:31:16 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/24 18:29:52 | 000,000,062 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fix.bat
[2010/02/24 06:31:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/23 14:09:17 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GMER.exe
[2010/02/23 12:20:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2010/02/23 12:19:19 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2010/02/22 16:08:47 | 000,175,880 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/02/22 16:06:20 | 000,153,078 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2010/02/21 22:58:20 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Stealth MBR Rootkit Detector.exe
[2010/02/20 19:47:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/19 16:51:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/15 10:23:17 | 000,009,612 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Our address labels.odt
[2010/02/15 09:12:49 | 000,129,024 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Christmas Card List.doc
[2010/02/15 09:09:47 | 000,011,524 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Junior Disciple Phone List.odt
[2010/02/15 08:57:03 | 000,016,888 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Junior Disciple Invitation.odt
[2010/02/14 10:32:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/07 18:55:44 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 21:07:33 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Announcement List.doc
[2010/01/28 19:27:57 | 000,090,624 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Jen's Shower Invitation List.doc
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/23 14:09:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GMER.exe
[2010/02/23 12:20:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2010/02/23 12:19:17 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2010/02/22 21:35:51 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fix.bat
[2010/02/22 16:06:17 | 000,153,078 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2010/02/21 22:58:19 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Stealth MBR Rootkit Detector.exe
[2010/02/20 19:47:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/20 19:47:26 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/20 19:46:09 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/20 19:46:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/20 19:46:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/20 19:46:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/20 19:46:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/20 19:44:29 | 003,871,969 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2010/02/19 16:51:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/15 10:23:16 | 000,009,612 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Our address labels.odt
[2010/01/28 18:31:50 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Jen's Shower Invitation List.doc
[2009/06/09 18:03:43 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/26 18:19:07 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/11/26 18:19:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/11/06 14:37:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2008/08/18 17:08:06 | 000,000,158 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2008/08/18 17:08:03 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/08/01 16:16:12 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/27 14:08:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/03/07 18:48:51 | 000,000,457 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/03/09 21:31:04 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
< End of report >

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by Belahzur on 28th February 2010, 1:35 am

Hello.
That's OTL.txt, please post extras.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 28th February 2010, 1:41 am

Yes, I know...like I said it didn't create extras.txt.

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by Belahzur on 28th February 2010, 1:45 am

Okay, please re-run Combofix one more time.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 28th February 2010, 2:26 am

ComboFix 10-02-27.04 - Owner 02/27/2010 20:04:38.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.394 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-27 15:39 . 2010-02-27 15:39 -------- d-----w- C:\_OTL
2010-02-23 19:25 . 2010-02-23 19:25 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS.000\WINDOWS
2010-02-23 19:25 . 2010-02-23 19:25 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS.000\UserData
2010-02-23 19:24 . 2010-02-23 19:24 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS.000\PrivacIE
2010-02-23 19:19 . 2010-02-23 19:19 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS.000\IETldCache
2010-02-23 19:19 . 2010-02-23 19:19 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS.000\IECompatCache
2010-02-23 00:42 . 2010-02-23 01:00 -------- d-----w- C:\Combo-Fix
2010-02-19 22:51 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 22:51 . 2010-02-19 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 22:51 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 05:15 . 2010-02-19 05:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-17 16:19 . 2010-02-20 08:58 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS\IECompatCache
2010-02-17 16:19 . 2010-02-17 16:19 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS\PrivacIE
2010-02-14 19:41 . 2010-02-14 19:41 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2010-02-14 19:36 . 2010-02-14 19:36 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2010-02-14 18:52 . 2010-02-14 18:52 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS\IETldCache
2010-02-14 18:40 . 2010-02-14 18:40 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2010-02-14 18:18 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-14 18:17 . 2010-02-14 18:17 -------- d-----w- c:\windows\ie8updates
2010-02-14 18:14 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-14 18:14 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-14 18:09 . 2010-02-17 16:19 -------- dc-h--w- c:\windows\ie8
2010-02-09 20:41 . 2005-10-19 14:59 163840 ----a-w- c:\windows\system32\igfxres.dll
2010-01-31 17:08 . 2010-01-31 17:08 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS\WINDOWS
2010-01-31 17:08 . 2010-01-31 17:08 -------- d-----w- c:\documents and settings\HelpAssistant.JENSENS\UserData
2010-01-31 16:36 . 2010-01-31 16:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-31 14:43 . 2010-02-18 17:23 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-29 14:36 . 2010-01-29 14:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-01-29 14:36 . 2010-01-29 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-29 03:20 . 2010-01-31 16:35 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-01-29 02:20 . 2010-01-31 16:36 -------- d-----w- c:\documents and settings\HelpAssistant\.SunDownloadManager
2010-01-29 02:20 . 2010-01-31 16:36 -------- d-s---w- c:\documents and settings\HelpAssistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 00:06 . 2008-10-18 14:09 -------- d-----w- c:\program files\SpiralFrog
2010-02-27 00:05 . 2008-11-07 02:57 -------- d-----w- c:\documents and settings\Owner\Application Data\StarOffice8
2010-02-27 00:05 . 2008-03-08 00:35 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2010-02-25 00:30 . 2009-11-10 01:15 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-20 17:46 . 2008-03-08 00:36 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-02-15 14:49 . 2008-11-07 02:58 1 ----a-w- c:\documents and settings\Owner\Application Data\StarOffice8\user\uno_packages\cache\stamp.sys
2010-02-07 02:19 . 2009-03-12 15:42 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2010-01-31 17:22 . 2009-04-04 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-31 17:17 . 2009-04-04 13:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-31 16:50 . 2002-09-03 17:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-06-23 17:33 916480 ------w- c:\windows\system32\wininet.dll
2009-12-19 22:06 . 2009-10-03 17:38 127325 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-12-19 22:06 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-12-19 22:06 . 2009-12-19 22:06 1408376 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayerWinSilent_071505000011.exe
2009-12-16 18:43 . 2008-03-05 02:22 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2002-09-03 16:29 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2002-09-03 16:50 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 01:04 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2002-09-03 16:42 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-26 23:58 . 2010-02-26 23:58 16384 c:\windows\Temp\Perflib_Perfdata_b4.dat
+ 2007-11-13 11:31 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2007-11-13 11:31 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2008-03-05 02:22 . 2008-03-05 02:22 295424 c:\windows\system32\termsrv2.dll
- 2002-09-03 16:37 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2002-09-03 16:37 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2010-02-24 12:32 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-24 12:32 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-24 12:32 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SpiralFrog"="c:\program files\SpiralFrog\Spiralfrog.exe" [2008-03-12 163128]
"TexTally"="c:\program files\NCH Swift Sound\TexTally\textally.exe" [2008-12-30 274436]
"FastFox"="c:\program files\NCH Swift Sound\FastFox\fastfox.exe" [2008-12-30 327684]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2008-1-21 122880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-4 45056]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-12-8 811008]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 23:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/24/2008 2:57 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/24/2008 2:57 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/2/2008 3:26 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/2/2008 3:26 PM 297752]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
.
Contents of the 'Scheduled Tasks' folder

2010-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2008-11-19 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2100 seriesF56855811176EC24C9B302F94878AD886AF77CFF219100904.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 06:46]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Trusted Zone: bankfirstonline.com\www
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-27 20:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-27 20:20:21
ComboFix-quarantined-files.txt 2010-02-28 02:20
ComboFix2.txt 2010-02-25 02:51
ComboFix3.txt 2010-02-23 16:41
ComboFix4.txt 2010-02-23 15:17
ComboFix5.txt 2010-02-28 02:03

Pre-Run: 35,794,292,736 bytes free
Post-Run: 35,842,961,408 bytes free

- - End Of File - - 8E572E75B12AA9DA6B7F682EABF7404E

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by Belahzur on 28th February 2010, 11:42 pm

Hello.

Good work, were winning, last bit to take out, that HelpAssistant account. Follow my instructions in the order they are written.

Please create a folder on your Desktop called SWReg.

  1. Download SWReg.exe from [You must be registered and logged in to see this link.].
  2. Save SWReg.exe inside the SWReg folder you just created.

    Do not run SWReg.exe.

    Now open a new Notepad file, and input this into the Notepad file:

    @echo off
    swreg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s >>log.txt
    swreg query "HKLM\SYSTEM\CurrentControlSet\Services\TermService\Parameters" /s >>log.txt
    start notepad log.txt

    Save this as SWReg.bat, save it inside the SWReg folder as well.
    Double click SWReg.bat and the black cmd window will open and close, this is normal.

  3. Make sure both SWReg.exe and SWReg.bat as located next to each other for this to work.
  4. Now, double click on SWReg.bat to run the script.
  5. Once done, a Notepad log file will open, copy and paste that log back here.


Next,

Now open a new Notepad file, and input this into the Notepad file:

@echo off
net user HelpAssistant>"%userprofile%\desktop\log.txt"
start notepad "%userprofile%\desktop\log.txt"
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.



Copy and paste the 2 logs back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 3rd March 2010, 1:54 am

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-18
Flags REG_DWORD 12 (0xc)
State REG_DWORD 0 (0x0)
RefCount REG_DWORD 1 (0x1)
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 9 (0x9)
State REG_DWORD 0 (0x0)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 858229908 (0x33278c94)
ProfileLoadTimeHigh REG_DWORD 30063002 (0x1cab99a)
RefCount REG_DWORD 3 (0x3)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 9 (0x9)
State REG_DWORD 0 (0x0)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 848386158 (0x3291586e)
ProfileLoadTimeHigh REG_DWORD 30063002 (0x1cab99a)
RefCount REG_DWORD 2 (0x2)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1214440339-602609370-682003330-1000
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.JENSENS
Sid REG_BINARY 01050000000000051500000093e36248da16eb23828ba628e8030000
Flags REG_DWORD 1 (0x1)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 1429914964 (0x553ac554)
ProfileLoadTimeHigh REG_DWORD 30061066 (0x1cab20a)
RefCount REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1214440339-602609370-682003330-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Owner
Sid REG_BINARY 01050000000000051500000093e36248da16eb23828ba628eb030000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 1528698658 (0x5b1e1722)
ProfileLoadTimeHigh REG_DWORD 30063002 (0x1cab99a)
RefCount REG_DWORD 1 (0x1)
RunLogonScriptSync REG_DWORD 0 (0x0)
OptimizedLogonStatus REG_DWORD 11 (0xb)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1214440339-602609370-682003330-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\QBDataServiceUser
Sid REG_BINARY 01050000000000051500000093e36248da16eb23828ba628ee030000
Flags REG_DWORD 1 (0x1)
State REG_DWORD 0 (0x0)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 998229908 (0x3b7fc794)
ProfileLoadTimeHigh REG_DWORD 30063002 (0x1cab99a)
RefCount REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1214440339-602609370-682003330-1007
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.JENSENS.000
Sid REG_BINARY 01050000000000051500000093e36248da16eb23828ba628ef030000
Flags REG_DWORD 1 (0x1)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD -1266069296 (0xb48950d0)
ProfileLoadTimeHigh REG_DWORD 30062000 (0x1cab5b0)
RefCount REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1214440339-602609370-682003330-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator
Sid REG_BINARY 01050000000000051500000093e36248da16eb23828ba628f4010000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 260 (0x104)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 666469788 (0x27b9859c)
ProfileLoadTimeHigh REG_DWORD 29996347 (0x1c9b53b)
RefCount REG_DWORD 0 (0x0)
RunLogonScriptSync REG_DWORD 0 (0x0)

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll
Certificate REG_BINARY 01000000010000000100000006005c005253413148000000000200003f0000000100010089c288264ae933f4519421ce4634af44ffe6c4c5c23b5d448970d0e5f0cc10bb46e2915f8eaf15e973900f302492ae95d67cdf7943160331d2e1769c973138d600000000000000000800480000d4fb42b4a710b7a4cc933bbaae8589927b38cad56058d3c7493d2fad47e0ffe42fdbe87f01406aacdc44c01061e26c37c727ccf6fc79fdc0e3ea005f5c34410000000000000000

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-18
Flags REG_DWORD 12 (0xc)
State REG_DWORD 0 (0x0)
RefCount REG_DWORD 1 (0x1)
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 9 (0x9)
State REG_DWORD 0 (0x0)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 858229908 (0x33278c94)
ProfileLoadTimeHigh REG_DWORD 30063002 (0x1cab99a)
RefCount REG_DWORD 3 (0x3)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 9 (0x9)
State REG_DWORD 0 (0x0)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 848386158 (0x3291586e)
ProfileLoadTimeHigh REG_DWORD 30063002 (0x1cab99a)
RefCount REG_DWORD 2 (0x2)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1214440339-602609370-682003330-1000
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.JENSENS
Sid REG_BINARY 01050000000000051500000093e36248da16eb23828ba628e8030000
Flags REG_DWORD 1 (0x1)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 1429914964 (0x553ac554)
ProfileLoadTimeHigh REG_DWORD 30061066 (0x1cab20a)
RefCount REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1214440339-602609370-682003330-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Owner
Sid REG_BINARY 01050000000000051500000093e36248da16eb23828ba628eb030000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 1528698658 (0x5b1e1722)
ProfileLoadTimeHigh REG_DWORD 30063002 (0x1cab99a)
RefCount REG_DWORD 1 (0x1)
RunLogonScriptSync REG_DWORD 0 (0x0)
OptimizedLogonStatus REG_DWORD 11 (0xb)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1214440339-602609370-682003330-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\QBDataServiceUser
Sid REG_BINARY 01050000000000051500000093e36248da16eb23828ba628ee030000
Flags REG_DWORD 1 (0x1)
State REG_DWORD 0 (0x0)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 998229908 (0x3b7fc794)
ProfileLoadTimeHigh REG_DWORD 30063002 (0x1cab99a)
RefCount REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1214440339-602609370-682003330-1007
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.JENSENS.000
Sid REG_BINARY 01050000000000051500000093e36248da16eb23828ba628ef030000
Flags REG_DWORD 1 (0x1)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD -1266069296 (0xb48950d0)
ProfileLoadTimeHigh REG_DWORD 30062000 (0x1cab5b0)
RefCount REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1214440339-602609370-682003330-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator
Sid REG_BINARY 01050000000000051500000093e36248da16eb23828ba628f4010000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 260 (0x104)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 666469788 (0x27b9859c)
ProfileLoadTimeHigh REG_DWORD 29996347 (0x1c9b53b)
RefCount REG_DWORD 0 (0x0)
RunLogonScriptSync REG_DWORD 0 (0x0)

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll
Certificate REG_BINARY 01000000010000000100000006005c005253413148000000000200003f0000000100010089c288264ae933f4519421ce4634af44ffe6c4c5c23b5d448970d0e5f0cc10bb46e2915f8eaf15e973900f302492ae95d67cdf7943160331d2e1769c973138d600000000000000000800480000d4fb42b4a710b7a4cc933bbaae8589927b38cad56058d3c7493d2fad47e0ffe42fdbe87f01406aacdc44c01061e26c37c727ccf6fc79fdc0e3ea005f5c34410000000000000000

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 3rd March 2010, 1:56 am

When I double clicked on the fix.bat, it opened & closed like normal & opened a notepad file but it's blank...I have nothing to post from that.

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by Belahzur on 3rd March 2010, 2:57 pm

Try this instead.

Now open a new Notepad file, and input this into the Notepad file:

@echo off
net user HelpAssistant.JENSENS>"%userprofile%\desktop\log.txt"
net user HelpAssistant.JENSENS.000>"%userprofile%\desktop\log.txt"
start notepad "%userprofile%\desktop\log.txt"
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 4th March 2010, 3:57 am

Still a blank notepad.

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 9th March 2010, 12:12 pm

I tried your last instructions but it still comes up with a blank notepad........

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by Belahzur on 9th March 2010, 3:23 pm

Hello.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Folders to delete:
C:\Documents and Settings\HelpAssistant.JENSENS
C:\Documents and Settings\HelpAssistant.JENSENS.000

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1214440339-602609370-682003330-1000
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1214440339-602609370-682003330-1007


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 10th March 2010, 1:28 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Documents and Settings\HelpAssistant.JENSENS" deleted successfully.
Folder "C:\Documents and Settings\HelpAssistant.JENSENS.000" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1214440339-602609370-682003330-1000" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1214440339-602609370-682003330-1007" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by Belahzur on 10th March 2010, 10:17 pm

Well that worked. Hooray!

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by tractorlovr on 12th March 2010, 12:14 am

It is doing much better! Thank you! One problem I have & have had for a long time...just haven't done anything about it is my monitor switches colors...it rarely has color...it's like a green or grey hugh. Is there anything to fix it or do I just need a new monitor?

tractorlovr
Novice
Novice

Posts Posts : 30
Joined Joined : 2010-01-29
OS OS : Windows xp
Points Points : 25484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Ebay/Paypal Problem

Post by Belahzur on 12th March 2010, 12:25 am

Probably a new monitor, the cable on it is dying.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum