ginsdirect.net/1/tdsp.php

View previous topic View next topic Go down

ginsdirect.net/1/tdsp.php

Post by corro on 30th September 2010, 9:12 am

Hi!
On booting, and when Windows loads, I get a Windows Internet Explorer box with the following error message:
"Cannot find 'http://ginsdirect.net/1/tdsp.php'. Make sure the path and Internet address is correct."
In fact there are six of those boxes on my screen and if I close one another appears.
Further, if I search for something on Google and try to open a link, I get redirected to other sites other thn that which I want.
I am using Windows XP Pro.
Hope you can help.
Regards
Corro

corro
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-04-08
OS OS : XP Pro
Points Points : 28084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ginsdirect.net/1/tdsp.php

Post by Belahzur on 30th September 2010, 11:35 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: ginsdirect.net/1/tdsp.php

Post by corro on 1st October 2010, 4:04 am

OTL logfile created on: 1/10/2010 1:49:39 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\John Corrigan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 297.57 Gb Free Space | 63.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-2E3AF4EA16
Current User Name: John Corrigan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/01 13:39:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Corrigan\Desktop\OTL.exe
PRC - [2010/07/19 17:26:02 | 000,198,608 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/06/10 16:23:14 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2009/07/20 11:03:24 | 002,836,376 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 11:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007/03/23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007/03/12 14:51:26 | 000,663,552 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2007/03/06 19:20:00 | 000,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/03/02 16:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/01/29 21:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006/01/07 14:35:33 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
PRC - [2004/11/26 22:42:32 | 001,349,120 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004/11/26 22:42:10 | 000,812,032 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/10/01 13:39:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Corrigan\Desktop\OTL.exe
MOD - [2010/02/02 09:13:54 | 000,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2008/04/14 10:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\JOHNCO~1\LOCALS~1\Temp\fFollower.exe -- (Follower)
SRV - [2010/07/19 17:26:02 | 000,198,608 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2008/03/19 11:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004/11/26 22:42:10 | 000,812,032 | ---- | M] (Ahead Software AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2004/11/26 22:42:10 | 000,812,032 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\ZoneLabs\avsys\KLIF.SYS -- (TSP)
DRV - [2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 09:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 09:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 09:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/02/21 11:37:17 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/02/16 19:45:36 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/04/14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 02:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/18 14:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/02/14 19:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/02/11 14:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/01/04 00:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/07/23 13:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/07/05 13:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2007/07/05 13:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/02/22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2004/11/26 22:36:02 | 000,027,648 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/11/26 12:36:24 | 000,098,176 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/11/26 12:36:06 | 000,028,928 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/10/15 11:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:6.1

FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\FireFox\ [2010/07/21 22:12:32 | 000,000,000 | ---D | M]

[2010/07/29 20:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Corrigan\Application Data\Mozilla\Extensions
[2010/07/29 20:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Corrigan\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/03/31 18:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Corrigan\Application Data\Mozilla\Firefox\Profiles\n54niuoc.default\extensions

O1 HOSTS File: ([2004/08/04 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ddaawtaudio] C:\WINDOWS\System32\rqpmkh.dll (Symantec Corporation)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [mlifcysys] C:\WINDOWS\System32\awwvtu.dll (Symantec Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [ljkjjhaudio] C:\WINDOWS\System32\rqpmkh.dll (Symantec Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [ssqnnlsys] C:\WINDOWS\System32\awwvtu.dll (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: FreshDownload - {F4B9D88E-7786-4824-8C0E-EADA01DF3378} - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Plugin Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} [You must be registered and logged in to see this link.] (DjVuCtl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (awwvtu.dll) - C:\WINDOWS\System32\awwvtu.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/16 14:42:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f0b6544e-2238-11de-9261-001fd018ea93}\Shell - "" = Autorun
O33 - MountPoints2\{f0b6544e-2238-11de-9261-001fd018ea93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f0b6544e-2238-11de-9261-001fd018ea93}\Shell\Open\command - "" = K:\RECYCLER\S-0-0-52-100028031-100004524-100026757-7862.com -- File not found
O33 - MountPoints2\{f1c3e33a-fbf6-11dd-b823-abe6183e678e}\Shell - "" = AutoRun
O33 - MountPoints2\{f1c3e33a-fbf6-11dd-b823-abe6183e678e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f1c3e33a-fbf6-11dd-b823-abe6183e678e}\Shell\AutoRun\command - "" = F:\EasySuite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/01 13:39:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Corrigan\Desktop\OTL.exe
[2010/09/30 20:52:13 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2010/09/30 20:52:12 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2010/09/30 20:52:12 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2010/09/30 20:52:12 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2010/09/30 20:52:12 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2010/09/30 20:52:11 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2010/09/30 20:52:11 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2010/09/30 20:52:11 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2010/09/30 20:52:11 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2010/09/30 20:52:11 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2010/09/30 20:52:11 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2010/09/30 20:52:11 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2010/09/30 20:52:10 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2010/09/30 20:52:10 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2010/09/30 20:52:10 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2010/09/30 20:52:10 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2010/09/30 20:52:10 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2010/09/30 20:52:10 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2010/09/30 20:52:10 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2010/09/30 20:52:09 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2010/09/30 20:52:09 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2010/09/30 20:52:08 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2010/09/30 20:52:08 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2010/09/30 20:52:08 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2010/09/30 20:52:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2010/09/30 20:52:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2010/09/30 20:51:53 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2010/09/30 20:51:53 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2010/09/30 20:51:52 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2010/09/30 20:51:52 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2010/09/30 20:51:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2010/09/30 20:51:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2010/09/30 20:51:52 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2010/09/30 20:51:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2010/09/30 20:51:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2010/09/30 20:51:52 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2010/09/30 20:51:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2010/09/30 20:51:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2010/09/30 20:51:38 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2010/09/30 20:51:38 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2010/09/30 20:51:34 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2010/09/30 20:51:34 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2010/09/30 20:51:33 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2010/09/30 20:51:33 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2010/09/30 20:51:31 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2010/09/30 20:51:31 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2010/09/30 20:51:31 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2010/09/30 20:51:31 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2010/09/30 20:51:30 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2010/09/30 20:51:30 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2010/09/30 20:51:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2010/09/30 20:51:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2010/09/30 18:53:04 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\John Corrigan\Desktop\mbam-setup-1.46.exe
[2010/09/30 16:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/09/29 18:34:21 | 000,101,376 | -H-- | C] (Symantec Corporation) -- C:\WINDOWS\System32\rqpmkh.dll
[2010/09/29 17:48:34 | 000,094,208 | -H-- | C] (Symantec Corporation) -- C:\WINDOWS\System32\awwvtu.dll
[2010/09/17 22:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Corrigan\Application Data\Eltima Software

========== Files - Modified Within 30 Days ==========

[2010/10/01 13:45:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/01 13:45:07 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/10/01 13:44:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/01 13:44:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/01 13:40:59 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\John Corrigan\NTUSER.DAT
[2010/10/01 13:40:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\John Corrigan\ntuser.ini
[2010/10/01 13:39:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Corrigan\Desktop\OTL.exe
[2010/10/01 11:33:04 | 015,601,664 | ---- | M] () -- C:\Documents and Settings\John Corrigan\My Documents\db5.mdb
[2010/09/30 20:52:27 | 000,512,476 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/30 20:52:27 | 000,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/30 20:52:27 | 000,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/30 20:52:15 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\John Corrigan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/09/30 18:54:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/30 18:53:04 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\John Corrigan\Desktop\mbam-setup-1.46.exe
[2010/09/30 15:30:16 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/30 12:05:41 | 001,675,264 | ---- | M] () -- C:\Documents and Settings\John Corrigan\My Documents\CamdenHavenRFB.mdb
[2010/09/30 12:03:25 | 000,000,425 | ---- | M] () -- C:\WINDOWS\adbk32.ini
[2010/09/29 18:34:21 | 000,101,376 | -H-- | M] (Symantec Corporation) -- C:\WINDOWS\System32\rqpmkh.dll
[2010/09/29 17:48:34 | 000,094,208 | -H-- | M] (Symantec Corporation) -- C:\WINDOWS\System32\awwvtu.dll
[2010/09/29 17:46:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/29 17:46:55 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/29 17:17:24 | 000,218,112 | ---- | M] () -- C:\Documents and Settings\John Corrigan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/21 19:59:35 | 001,306,624 | ---- | M] () -- C:\Documents and Settings\John Corrigan\Desktop\Postcode.mde
[2010/09/20 09:25:44 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\John Corrigan\default.pls
[2010/09/17 22:05:58 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2010/09/17 22:05:56 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/09/16 03:04:33 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/09 14:44:13 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/06 11:41:00 | 000,929,792 | ---- | M] () -- C:\Documents and Settings\John Corrigan\My Documents\db8.mdb
[2010/09/06 11:40:36 | 000,245,760 | ---- | M] () -- C:\Documents and Settings\John Corrigan\My Documents\Appointments.mdb
[2010/09/05 21:07:59 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\John Corrigan\My Documents\RFD Lesson Notes.doc

========== Files Created - No Company Name ==========

[2010/09/30 20:52:15 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\John Corrigan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/09/30 20:51:42 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/09/30 20:51:42 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/09/30 20:51:42 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/09/30 20:51:41 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/09/30 20:51:41 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/09/30 20:51:41 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/09/30 20:51:41 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/09/30 20:51:41 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/09/30 20:51:41 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/09/30 20:51:40 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/09/30 20:51:40 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/09/30 20:51:40 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/09/30 20:51:40 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/09/30 20:51:39 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/09/30 20:51:39 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/09/30 20:51:39 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/09/30 20:51:39 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/09/30 20:51:35 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/09/30 20:51:34 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/09/30 18:54:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/05 21:07:59 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\John Corrigan\My Documents\RFD Lesson Notes.doc
[2010/06/10 16:06:31 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/10 16:06:31 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/20 14:57:00 | 000,000,435 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/01/05 16:07:25 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/05 16:07:25 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/13 21:44:19 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/07/28 10:44:15 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/07/28 10:42:38 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/04/16 03:01:51 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/06 15:23:11 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/03/26 17:37:29 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/03/21 10:29:48 | 000,000,080 | ---- | C] () -- C:\WINDOWS\scan2email.ini
[2009/03/21 10:20:04 | 000,000,534 | ---- | C] () -- C:\WINDOWS\scan2email_p.ini
[2009/03/12 17:36:28 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/03 17:15:13 | 000,000,425 | ---- | C] () -- C:\WINDOWS\adbk32.ini
[2009/02/21 11:37:17 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/02/17 20:51:18 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/02/17 20:51:18 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/02/17 20:49:42 | 000,000,798 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/02/17 20:49:42 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/02/16 21:06:34 | 000,218,112 | ---- | C] () -- C:\Documents and Settings\John Corrigan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/16 16:04:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CFE8F97
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44807EFA
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >

OTL Extras logfile created on: 1/10/2010 1:49:39 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\John Corrigan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 297.57 Gb Free Space | 63.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-2E3AF4EA16
Current User Name: John Corrigan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"enablefirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"enablefirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"enablefirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{15B3667C-3468-4B03-8CC1-0EE41AD589F3}" = PSPrinters06
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1E2B6A53-C6B4-4ABC-AAD9-53E9B1740D56}" = ProFusion PSG 2
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A669D55-F127-46DF-9FBE-8D27CD7E4A53}" = PS320
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Test Installer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BA2D9411-DBB4-43e4-9421-780413650A67}" = Photosmart 320,370,7400,8100,8400,8700 Series
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adr_Book_is1" = Adr_Book 5.8f
"Belarc Advisor" = Belarc Advisor 7.2
"Browser Defender_is1" = Browser Defender 3.0.0.11
"Collectorz.com Book Collector" = Collectorz.com Book Collector
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSIRO Fire Danger Calculator" = CSIRO Fire Danger Calculator
"DBXTriever_is1" = DBXTriever 3.15
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1E2B6A53-C6B4-4ABC-AAD9-53E9B1740D56}" = ProFusion PSG 2
"Kiran's Typing Tutor_is1" = Kiran's Typing Tutor 1.0
"Legacy 6.0" = Legacy 6.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"ProFusion Sleep Software_is1" = ProFusion Sleep Software 3.1 Build 248
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Scan2Email" = Scan2Email
"Spyware Doctor" = Spyware Doctor 7.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1e4909e688cda12b" = Windows Speech Recognition Toolkit

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/09/2010 3:48:47 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =

Error - 29/09/2010 4:00:54 AM | Computer Name = JOHN-2E3AF4EA16 | Source = Application Hang | ID = 1002
Description = Hanging application fFollower.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 30/09/2010 1:34:07 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =

Error - 30/09/2010 1:34:12 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =

Error - 30/09/2010 1:34:12 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =

Error - 30/09/2010 1:34:14 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =

Error - 30/09/2010 1:34:14 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =

Error - 30/09/2010 1:34:14 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =

Error - 30/09/2010 1:34:16 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =

Error - 30/09/2010 1:34:16 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =

[ System Events ]
Error - 29/09/2010 9:39:08 PM | Computer Name = JOHN-2E3AF4EA16 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001FD018EA93 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).

Error - 29/09/2010 10:09:11 PM | Computer Name = JOHN-2E3AF4EA16 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001FD018EA93 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).

Error - 29/09/2010 10:39:15 PM | Computer Name = JOHN-2E3AF4EA16 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001FD018EA93 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).

Error - 30/09/2010 1:34:18 AM | Computer Name = JOHN-2E3AF4EA16 | Source = Service Control Manager | ID = 7034
Description = The Follower service terminated unexpectedly. It has done this 1
time(s).

Error - 30/09/2010 2:20:39 AM | Computer Name = JOHN-2E3AF4EA16 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001FD018EA93 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).

Error - 30/09/2010 4:20:44 AM | Computer Name = JOHN-2E3AF4EA16 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001FD018EA93 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).

Error - 30/09/2010 6:50:48 AM | Computer Name = JOHN-2E3AF4EA16 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001FD018EA93 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).

Error - 30/09/2010 3:55:51 PM | Computer Name = JOHN-2E3AF4EA16 | Source = Service Control Manager | ID = 7034
Description = The Follower service terminated unexpectedly. It has done this 1
time(s).

Error - 30/09/2010 11:29:20 PM | Computer Name = JOHN-2E3AF4EA16 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001FD018EA93 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).

Error - 30/09/2010 11:45:16 PM | Computer Name = JOHN-2E3AF4EA16 | Source = Service Control Manager | ID = 7000
Description = The Follower service failed to start due to the following error: %%2


< End of report >

corro
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-04-08
OS OS : XP Pro
Points Points : 28084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ginsdirect.net/1/tdsp.php

Post by Belahzur on 1st October 2010, 10:33 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - Reg Error: Value error. File not found
    O4 - HKCU..\Run: [ljkjjhaudio] C:\WINDOWS\System32\rqpmkh.dll (Symantec Corporation)
    O4 - HKCU..\Run: [ssqnnlsys] C:\WINDOWS\System32\awwvtu.dll (Symantec Corporation)
    O9 - Extra Button: FreshDownload - {F4B9D88E-7786-4824-8C0E-EADA01DF3378} - Reg Error: Value error. File not found
    O30 - LSA: Authentication Packages - (awwvtu.dll) - C:\WINDOWS\System32\awwvtu.dll (Symantec Corporation)
    O33 - MountPoints2\{f0b6544e-2238-11de-9261-001fd018ea93}\Shell\Open\command - "" = K:\RECYCLER\S-0-0-52-100028031-100004524-100026757-7862.com -- File not found



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: ginsdirect.net/1/tdsp.php

Post by corro on 2nd October 2010, 2:40 am

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ED0E8CA5-42FB-4B18-997B-769E0408E79D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED0E8CA5-42FB-4B18-997B-769E0408E79D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ljkjjhaudio not found.
C:\WINDOWS\system32\rqpmkh.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ssqnnlsys not found.
File C:\WINDOWS\System32\awwvtu.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4B9D88E-7786-4824-8C0E-EADA01DF3378}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4B9D88E-7786-4824-8C0E-EADA01DF3378}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:awwvtu.dll deleted successfully.
File C:\WINDOWS\System32\awwvtu.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0b6544e-2238-11de-9261-001fd018ea93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0b6544e-2238-11de-9261-001fd018ea93}\ not found.
File K:\RECYCLER\S-0-0-52-100028031-100004524-100026757-7862.com not found.

OTL by OldTimer - Version 3.2.14.1 log created on 10022010_123837

corro
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-04-08
OS OS : XP Pro
Points Points : 28084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ginsdirect.net/1/tdsp.php

Post by Belahzur on 2nd October 2010, 8:34 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: ginsdirect.net/1/tdsp.php

Post by corro on 3rd October 2010, 12:01 am

Hi!
mbam has been downloaded and installed but it will not run. Any further suggestions?

corro
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-04-08
OS OS : XP Pro
Points Points : 28084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ginsdirect.net/1/tdsp.php

Post by Belahzur on 3rd October 2010, 12:08 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: ginsdirect.net/1/tdsp.php

Post by corro on 3rd October 2010, 4:27 am

ComboFix 10-10-01.07 - John Corrigan 03/10/2010 12:28:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2190 [GMT 11:00]
Running from: c:\documents and settings\John Corrigan\Desktop\Combo-Fix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\John Corrigan\GoToAssistDownloadHelper.exe
c:\windows\system32\rqpmkh.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOLLOWER
-------\Legacy_gxvxcserv.sys
-------\Service_Follower
-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 )))))))))))))))))))))))))))))))
.

2010-10-03 00:12 . 2010-10-03 00:12 0 ----a-w- c:\documents and settings\John Corrigan\settings.dat
2010-10-02 22:54 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 22:53 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 02:35 . 2010-10-02 02:35 -------- d-----w- C:\_OTL
2010-09-30 10:51 . 2004-08-04 12:00 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2010-09-17 12:44 . 2010-09-30 05:48 -------- d-----w- c:\documents and settings\John Corrigan\Application Data\Eltima Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 01:47 . 2009-02-27 02:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-03 01:46 . 2009-05-28 08:37 -------- d-----w- c:\program files\Spyware Doctor
2010-10-02 23:44 . 2009-04-09 19:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-30 06:39 . 2009-09-29 04:11 -------- d-----w- c:\program files\Google
2010-09-30 05:46 . 2010-07-29 10:44 -------- d-----w- c:\program files\LimeWire
2010-09-29 07:46 . 2009-03-02 02:08 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-21 09:30 . 2009-03-03 07:17 -------- d-----w- c:\program files\Adr_Book 5.8f
2010-09-17 12:05 . 2009-12-13 11:44 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-09-17 12:05 . 2009-12-13 11:44 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-08-30 11:45 . 2010-08-19 03:47 -------- d-----w- c:\program files\Microsoft Works
2010-08-28 21:05 . 2009-03-21 06:24 -------- d-----w- c:\program files\Scan2Email
2010-08-24 12:06 . 2010-08-24 12:06 -------- d-----w- c:\program files\QuickTime
2010-08-21 00:30 . 2009-02-16 09:00 75224 ----a-w- c:\documents and settings\John Corrigan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-19 17:03 . 2010-08-19 17:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-08-19 03:48 . 2010-08-19 03:48 -------- d-----w- c:\program files\Common Files\L&H
2010-08-19 03:47 . 2010-08-19 03:47 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-19 03:46 . 2010-08-19 03:46 -------- d-----w- c:\program files\Microsoft.NET
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-09 07:08 . 2010-08-09 07:08 -------- d-----w- c:\program files\MSECache
2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-14 19:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-21 08:05 . 2010-06-10 06:06 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-19 07:26 . 2010-06-10 06:06 192 ----a-w- c:\windows\UDB.zip
2010-07-19 07:26 . 2010-06-10 06:06 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-19 07:26 . 2010-06-10 06:06 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-07-19 07:26 . 2010-06-10 06:06 1435600 ----a-w- c:\windows\PCTBDCore.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-07-20 2836376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m|\" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-11-26 1349120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-07 148888]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-06-10 1287120]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe" [2006-01-07 172032]
"HPHUPD06"="c:\program files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe" [2006-01-07 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2006-01-07 622592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-24 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-11-4 258048]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [28/05/2009 7:37 PM 218592]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [10/06/2010 5:06 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [10/06/2010 5:06 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [28/05/2009 7:37 PM 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [10/06/2010 5:06 PM 198608]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [28/05/2009 7:37 PM 366840]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [28/05/2009 7:37 PM 63360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [10/06/2010 5:06 PM 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-03 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 12:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-cbywvuaudio - rqpmkh.dll
HKLM-Run-ddaawtaudio - rqpmkh.dll
HKU-Default-Run-ljiihhaudio - rqpmkh.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-03 12:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-527237240-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CAE51E11-FBEA-2DA3-F738-849B3F1FE5BD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaebjddpobjbmiefdm"=hex:62,61,68,68,00,00
"halpiahhchgljjeo"=hex:66,61,64,68,6c,6a,61,62,66,68,61,63,00,9a

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{15110d6d-f658-4812-8870-8fe7ca6fa5bf}]
@Denied: (Full) (Everyone)
"Model"=dword:0000004c
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ed,18,1c,90,2a,1d,36,50,e7,26,6e,59,18,38,62,a6,57,2a,12,33,bd,
75,b8,a6,df,b0,64,ac,d4,e6,11,bb,7e,41,a9,a4,57,dd,4e,75,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
c:\program files\Spyware Doctor\TFEngine\TFNI.dll
c:\program files\Spyware Doctor\TFEngine\TFMon.dll
c:\program files\Spyware Doctor\TFEngine\TFRK.dll

- - - - - - - > 'lsass.exe'(780)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'explorer.exe'(540)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\TFEngine\TfWah.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\MSVCR71.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Spyware Doctor\TFEngine\TFService.exe
.
**************************************************************************
.
Completion time: 2010-10-03 12:57:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-03 01:57

Pre-Run: 319,361,433,600 bytes free
Post-Run: 320,015,200,256 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 998D03D8823FFE7C9FC3B53D7BAC6D72

corro
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-04-08
OS OS : XP Pro
Points Points : 28084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ginsdirect.net/1/tdsp.php

Post by Belahzur on 3rd October 2010, 11:16 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    RegNull::
    [HKEY_USERS\S-1-5-21-527237240-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CAE51E11-FBEA-2DA3-F738-849B3F1FE5BD}*]

    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{15110d6d-f658-4812-8870-8fe7ca6fa5bf}]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum