Help Please anitspy trojan/spyware

View previous topic View next topic Go down

Help Please anitspy trojan/spyware

Post by firefly on Mon Oct 04, 2010 2:00 pm

hi i need help in removing this, it has completely taken over my pc at start up ive tried closing it down in the start menu and shows as hotfix on the task bar.

whats happening is this i turn on my pc and antispy kicks in and pretends to be doing a scan of the system
i believe it is a non working version just to get you to pay antivirus goods, it runs in the start i have no choice but to press scan when it asks otherwise i cant open the desktop till its completed.

its completely stopped me from using iexplorer.
im currently using malwares anti malware and will post the results this is the quick scan mbam
Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/10/2010 14:58:47
mbam-log-2010-10-04 (14-58-47).txt

Scan type: Quick scan
Objects scanned: 137560
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

firefly
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-14
Gender Gender : Female
OS OS : xp
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by firefly on Mon Oct 04, 2010 8:41 pm

i think its sorted now used eset scan and it removed a trojan

firefly
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-14
Gender Gender : Female
OS OS : xp
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by Belahzur on Mon Oct 04, 2010 11:10 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by firefly on Mon Oct 04, 2010 11:34 pm

TL logfile created on: 10/5/2010 12:31:20 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = D:\Documents and Settings\Sexy Litle Numbers\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

959.00 Mb Total Physical Memory | 321.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 14.76 Gb Free Space | 49.22% Space Free | Partition Type: NTFS
Drive D: | 111.24 Gb Total Space | 104.87 Gb Free Space | 94.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SN049688620668
Current User Name: Sexy Litle Numbers
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/05 00:31:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\OTL.exe
PRC - [2010/09/18 16:14:00 | 000,033,792 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL 9.1\waol.exe
PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/06 15:16:02 | 000,359,600 | ---- | M] () -- C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe
PRC - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/03/31 12:40:14 | 000,054,608 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL 9.1\shellmon.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/19 10:12:38 | 000,632,048 | ---- | M] (eBay Inc.) -- C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
PRC - [2008/12/05 16:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/05/25 18:16:08 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1250073252\ee\aolsoftware.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2007/01/09 18:11:20 | 000,118,784 | ---- | M] (OptionNV) -- C:\WINDOWS\system32\Gtdetectsc.exe
PRC - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2006/10/14 00:18:24 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
PRC - [2005/11/03 20:02:09 | 000,001,536 | ---- | M] () -- c:\Program Files\Common Files\AOL\1250073252\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
PRC - [2005/05/11 14:52:04 | 000,737,381 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005/05/11 14:52:00 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005/05/11 14:50:34 | 000,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2005/05/11 14:50:14 | 000,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2005/01/07 12:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
PRC - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 00:31:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\OTL.exe
MOD - [2010/07/06 15:16:32 | 000,903,344 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\sguard.dll
MOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/10/22 20:59:13 | 000,006,144 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\idleproc.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/03/21 20:33:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCR71.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/07/06 15:16:02 | 000,359,600 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe -- (IOLO_SRV)
SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/05 16:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/12/17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- D:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2007/01/09 18:11:20 | 000,118,784 | ---- | M] (OptionNV) [Auto | Running] -- C:\WINDOWS\system32\Gtdetectsc.exe -- (gtdetectsc)
SRV - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/05/11 14:52:00 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/05/11 14:50:34 | 000,110,672 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/05/11 14:50:14 | 000,221,266 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/01/07 12:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\BTWSp50.sys -- (BTWSp50)
DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/08/08 13:12:42 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/04/23 15:54:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 15:54:50 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 15:54:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 15:54:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 15:54:46 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/03/26 15:18:00 | 000,020,352 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swivspnt.sys -- (swivsp)
DRV - [2005/10/26 17:08:26 | 003,786,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/04 00:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/12/02 17:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 23:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2003/08/20 18:34:50 | 000,548,952 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2003/07/16 13:30:26 | 000,221,736 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2003/07/02 17:26:36 | 001,301,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/07/02 17:24:36 | 000,086,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2003/07/02 17:12:52 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/07/02 16:57:10 | 000,167,384 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2003/01/10 22:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = [You must be registered and logged in to see this link.]


[2010/08/13 00:11:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\Mozilla\Extensions
[2009/10/05 16:04:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/10/02 15:14:58 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKLM\..\Toolbar: (no name) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1250073252\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL Inc.)
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} [You must be registered and logged in to see this link.] (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} [You must be registered and logged in to see this link.] (EPUImageControl Class)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} [You must be registered and logged in to see this link.] (Slide Image Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} [You must be registered and logged in to see this link.] (Windows Live Photo Upload Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (D:\Documents and Settings\Sexy Litle Numbers\Application Data\hotfix.exe) - D:\Documents and Settings\Sexy Litle Numbers\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/02 14:53:24 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck smrgdf D:\Documents and Settings\Sexy Litle Numbers\Application Data\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/05 00:31:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\OTL.exe
[2010/10/04 14:00:35 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Recent
[2010/10/02 18:57:38 | 003,516,328 | ---- | C] (Macrovision Corporation) -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\eBayToolbarSetup.exe
[2010/10/02 14:52:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010/10/02 14:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/10/01 23:28:19 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2010/10/01 23:28:19 | 000,057,344 | ---- | C] (None) -- C:\WINDOWS\System32\PosXpFrame.ocx
[2010/09/29 15:05:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Local Settings\Application Data\PhotoX
[2010/09/29 13:34:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\FrmMain
[2010/09/18 18:09:51 | 000,000,000 | -HSD | C] -- C:\INCINERATE
[2010/09/18 17:32:09 | 000,033,588 | R--- | C] (America Online, Inc.) -- C:\WINDOWS\System32\drivers\wanatw4.sys
[2010/09/18 15:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.0 VRb
[2010/09/18 01:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.0 VRa
[2010/09/17 01:21:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\Windows Live Writer
[2010/09/17 01:21:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\My Documents\My Weblog Posts
[2010/09/16 23:10:27 | 000,054,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2010/09/16 23:08:12 | 001,247,056 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\windows livesetup-web.exe
[2010/09/06 20:18:48 | 000,094,384 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/09/06 20:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2005/12/20 16:36:20 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[1980/01/01 01:00:00 | 001,301,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[1980/01/01 01:00:00 | 000,548,952 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[1980/01/01 01:00:00 | 000,221,736 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1980/01/01 01:00:00 | 000,167,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[1980/01/01 01:00:00 | 000,086,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/05 00:31:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\OTL.exe
[2010/10/05 00:22:00 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/04 23:00:27 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{230A6A4B-C6DF-43B6-978A-B81048E0A7AB}.job
[2010/10/04 22:22:01 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/04 21:34:09 | 000,313,903 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\My Documents\One_Call_Policy_Book for our car.pdf
[2010/10/04 21:33:23 | 000,237,701 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\My Documents\One-Call-Home-Policy-Book.pdf
[2010/10/04 20:52:22 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/04 13:14:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/04 13:13:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/04 13:13:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/04 13:13:32 | 1006,030,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/04 13:12:29 | 009,699,328 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\ntuser.dat
[2010/10/04 13:12:29 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\ntuser.ini
[2010/10/03 23:29:31 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/03 23:29:31 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/10/02 22:33:10 | 000,000,273 | ---- | M] () -- C:\WINDOWS\SysMech.INI
[2010/10/02 18:57:38 | 003,516,328 | ---- | M] (Macrovision Corporation) -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\eBayToolbarSetup.exe
[2010/10/02 14:53:24 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/10/02 14:16:25 | 000,503,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/02 14:16:25 | 000,442,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/02 14:16:25 | 000,072,290 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/01 22:59:13 | 000,000,291 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\srsf.bat
[2010/09/30 23:18:43 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/27 20:05:12 | 000,081,124 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\351241SLNUK.pdf
[2010/09/20 20:36:00 | 000,015,000 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\wklnhst.dat
[2010/09/19 00:29:54 | 003,611,864 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\ToolbarSetup.exe
[2010/09/18 15:56:07 | 000,000,718 | ---- | M] () -- C:\WINDOWS\aolback.exe.lnk
[2010/09/18 15:56:07 | 000,000,555 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\AOL 9.0 VR.lnk
[2010/09/18 15:56:07 | 000,000,533 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.0 VR.lnk
[2010/09/16 23:08:19 | 001,247,056 | ---- | M] (Microsoft Corporation) -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\windows livesetup-web.exe
[2010/09/13 18:34:27 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smss.exe
[2010/09/07 16:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 16:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 15:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/06 20:23:59 | 000,000,406 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/09/06 20:18:49 | 000,001,580 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\System Mechanic.lnk
[2010/09/06 20:18:00 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2010/09/06 19:51:52 | 000,014,848 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/04 21:34:07 | 000,313,903 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\My Documents\One_Call_Policy_Book for our car.pdf
[2010/10/04 21:33:20 | 000,237,701 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\My Documents\One-Call-Home-Policy-Book.pdf
[2010/10/03 23:29:31 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/10/03 23:29:31 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/10/02 15:11:06 | 1006,030,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/02 14:53:24 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010/10/01 22:52:33 | 000,000,291 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\srsf.bat
[2010/09/27 20:05:09 | 000,081,124 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\351241SLNUK.pdf
[2010/09/19 00:29:51 | 003,611,864 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\ToolbarSetup.exe
[2010/09/18 01:16:34 | 000,000,533 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.0 VR.lnk
[2010/09/11 18:26:07 | 000,000,273 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2010/09/06 20:23:59 | 000,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/09/06 20:18:49 | 000,001,580 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\System Mechanic.lnk
[2010/09/06 20:18:48 | 002,319,536 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/09/06 20:18:44 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2010/09/06 20:18:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2010/09/06 20:18:00 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/03/30 15:47:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2009/06/06 08:59:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX200DEFGIPS.ini
[2009/05/22 09:41:35 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\XLSCX.INI
[2009/05/22 09:41:24 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2009/04/27 15:19:30 | 000,000,067 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\nero_photoshow_express.txt
[2009/04/27 15:06:46 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/01/08 23:19:47 | 000,000,024 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/10/25 21:42:21 | 000,000,130 | -H-- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\lakerda1967.sys
[2008/10/25 21:41:58 | 000,010,584 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\docXConverter (3).ini
[2008/05/15 12:04:38 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\.googlewebacchosts
[2008/04/01 00:16:08 | 000,761,050 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/01/26 23:19:22 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2007/12/25 14:45:05 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2007/07/13 01:21:32 | 000,014,848 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/07 03:22:08 | 000,000,141 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Local Settings\Application Data\fusioncache.dat
[2006/07/24 13:24:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/05/28 17:15:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/05/11 22:10:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/04/18 12:01:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/03/31 18:23:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/03/31 18:21:13 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX3800EFGIPSD.ini
[2006/03/03 00:15:14 | 000,000,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/07 15:17:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2005/12/31 19:04:47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC46Euro.ini
[2005/12/30 00:51:52 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2005/12/30 00:27:25 | 000,015,000 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\wklnhst.dat
[2005/12/20 17:14:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/20 17:02:47 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2005/12/20 16:58:33 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2005/12/20 16:52:46 | 000,007,584 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005/12/20 16:41:34 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/12/20 16:41:33 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/12/20 16:36:20 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/12/20 16:36:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/12/20 16:36:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2005/10/21 16:28:56 | 000,005,968 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 18:13:32 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/23 14:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1999/11/22 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 01:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[1980/01/01 01:00:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\smss.exe:SummaryInformation
@Alternate Data Stream - 116 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 116 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

firefly
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-14
Gender Gender : Female
OS OS : xp
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by firefly on Mon Oct 04, 2010 11:38 pm

OTL Extras logfile created on: 10/5/2010 12:31:21 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = D:\Documents and Settings\Sexy Litle Numbers\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

959.00 Mb Total Physical Memory | 321.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 14.76 Gb Free Space | 49.22% Space Free | Partition Type: NTFS
Drive D: | 111.24 Gb Total Space | 104.87 Gb Free Space | 94.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SN049688620668
Current User Name: Sexy Litle Numbers
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- C:\PROGRA~1\AOL9~1.1B\aol.exe -z"%1" (AOL Inc.)
https [open] -- C:\PROGRA~1\AOL9~1.1B\aol.exe -z"%1" (AOL Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2797D1CC-B68F-4098-96EF-E45700A3335C}" = DesignPro Business Cards SE
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.2
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a604316d-f407-4d88-a148-a90eb61db150}" = Nero 9 Trial
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CEA5EF64-B694-4B79-9A2C-0FF738906A1D}" = DriverGuide Toolkit
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AccessRT" = AccessRT
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AOL Broadband Toolbar" = AOL Broadband Toolbar
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"EPSON Stylus SX200_SX400_TX200_TX400 Userís Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual
"ESDX3800 User's Guide" = ESDX3800 User's Guide
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"Nero PhotoShow Express" = Nero PhotoShow Express
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickTime" = QuickTime
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"ViviCam 8325 Digital Camera Driver" = ViviCam 8325 Digital Camera Driver
"ViviCam 8325 User's Manual" = ViviCam 8325 User's Manual
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winusb0100" = Microsoft WinUsb 1.0
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

firefly
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-14
Gender Gender : Female
OS OS : xp
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by Belahzur on Tue Oct 05, 2010 9:19 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by firefly on Tue Oct 05, 2010 10:01 pm

ok thanks will post soon as ive done the scan again

firefly
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-14
Gender Gender : Female
OS OS : xp
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by firefly on Tue Oct 05, 2010 10:53 pm

alwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4748

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/10/2010 23:51:58
mbam-log-2010-10-05 (23-51-58).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 245762
Time elapsed: 50 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{15fd8424-d12a-4c51-8c6c-d5d57b80f781} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{67b3becf-7b6f-42b2-99f0-f7656f89cffa} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{715ffd42-4e05-4eab-9513-c8daa5395ae2} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{759d6f7c-8d30-45b6-abea-fa51c190eed5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9a4a64a4-a2fb-48fa-9bba-1ac50267695d} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\243b60df-796c-409e-be55-0ad5c9710ba4 (Adware.Platrium) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{03d7ff6e-9781-40b5-bb7f-94291a361604} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0729f461-8054-47dc-8d39-a31b61cc0119} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{148e1447-c728-48fd-beec-a7d06c5fff58} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8292078f-f6e9-412b-8eb1-360c05c5ece5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a57470de-14c7-4fcd-9d4c-e5711f24f0ed} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c62a9e79-2b52-439b-af57-2e60bb06e86c} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\bc.DLL (Adware.Platrium) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP1462\A0501056.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

firefly
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-14
Gender Gender : Female
OS OS : xp
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by Belahzur on Wed Oct 06, 2010 12:07 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by firefly on Wed Oct 06, 2010 11:57 am

ComboFix 10-10-05.04 - Sexy Litle Numbers 06/10/2010 12:40:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.959.393 [GMT 1:00]
Running from: d:\documents and settings\Sexy Litle Numbers\My Documents\12345systemrostorevirusremover.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\Thumbs.db
d:\documents and settings\Sexy Litle Numbers\Application Data\srsf.bat
d:\documents and settings\Sexy Litle Numbers\System
d:\documents and settings\Sexy Litle Numbers\System\win_qs8.jqx
D:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-05 18:25 . 2010-10-05 18:25 -------- d-----w- d:\documents and settings\All Users\Application Data\AVS4YOU
2010-10-05 18:25 . 2010-10-05 18:25 -------- d-----w- d:\documents and settings\Sexy Litle Numbers\Application Data\AVS4YOU
2010-10-05 18:24 . 2008-11-24 11:00 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-10-05 18:24 . 2010-10-05 19:18 -------- d-----w- c:\program files\AVS4YOU
2010-10-05 18:24 . 2010-10-05 19:18 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-10-05 18:15 . 2010-10-05 18:15 -------- d-----w- d:\documents and settings\Sexy Litle Numbers\Application Data\com.likno.air.PhotoFrameShow.BA293090D193671BA859C8E310874AAD5CDD8BAD.1
2010-10-05 18:15 . 2010-10-05 18:13 53632 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-10-05 18:15 . 2010-10-05 18:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-02 14:04 . 2010-10-02 14:04 -------- d-sh--w- d:\documents and settings\Administrator\IETldCache
2010-10-02 13:52 . 2010-10-02 15:41 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-10-02 13:52 . 2010-10-02 13:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-01 22:28 . 2000-03-14 00:00 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-09-29 14:05 . 2010-10-01 22:26 -------- d-----w- d:\documents and settings\Sexy Litle Numbers\Local Settings\Application Data\PhotoX
2010-09-29 12:34 . 2010-09-29 12:44 -------- d-----w- d:\documents and settings\Sexy Litle Numbers\Application Data\FrmMain
2010-09-20 10:27 . 2010-09-20 10:27 353512 ----a-w- d:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\19514\RapportMS.dll
2010-09-20 10:27 . 2010-09-20 10:27 12544 ----a-w- d:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys
2010-09-18 17:09 . 2010-09-18 17:09 -------- d-----w- C:\INCINERATE
2010-09-18 16:32 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2010-09-18 14:52 . 2010-09-18 16:32 -------- d-----w- c:\program files\AOL 9.0 VRb
2010-09-18 00:14 . 2010-09-18 14:42 -------- d-----w- c:\program files\AOL 9.0 VRa
2010-09-17 23:25 . 2010-09-13 11:06 1601 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\iolo\Registry\Working\restore.bat
2010-09-17 00:21 . 2010-09-17 00:21 -------- d-----w- d:\documents and settings\Sexy Litle Numbers\Application Data\Windows Live Writer
2010-09-16 22:10 . 2010-04-28 06:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-09-06 20:17 . 2010-10-05 19:28 518 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\iolo\Registry\Last\restore.bat
2010-09-06 19:37 . 2010-10-05 20:15 1601 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\iolo\restore.bat
2010-09-06 19:18 . 2010-09-06 19:18 -------- d-----w- d:\documents and settings\LocalService.NT AUTHORITY\Application Data\iolo
2010-09-06 19:18 . 2010-07-06 14:16 94384 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-09-06 19:18 . 2010-07-06 14:16 2319536 ----a-w- c:\windows\system32\Incinerator.dll
2010-09-06 19:18 . 2010-02-03 09:21 12288 ----a-w- c:\windows\system32\smrgdf.exe
2010-09-06 19:18 . 2010-02-03 09:21 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-09-06 19:18 . 2010-09-06 19:18 -------- d-----w- c:\program files\iolo
2010-09-06 19:18 . 2010-09-06 19:18 74703 ----a-w- c:\windows\system32\mfc45.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 17:23 . 2005-12-29 22:55 99728 ----a-w- d:\documents and settings\Sexy Litle Numbers\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-10-02 20:50 . 2010-06-10 19:49 -------- d-----w- d:\documents and settings\All Users\Application Data\OD2
2010-10-02 14:23 . 2005-12-20 15:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-20 19:36 . 2005-12-29 23:27 15000 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\wklnhst.dat
2010-09-18 23:30 . 2006-01-11 17:28 -------- d-----w- c:\program files\eBay
2010-09-18 16:09 . 2009-08-12 10:34 -------- d-----w- c:\program files\Common Files\aolshare
2010-09-18 14:54 . 2005-12-20 15:51 -------- d-----w- c:\program files\Common Files\AOL
2010-09-18 14:52 . 2005-12-20 15:51 -------- d-----w- d:\documents and settings\All Users\Application Data\AOL
2010-09-16 22:10 . 2008-03-09 16:06 -------- d-----w- c:\program files\Windows Live
2010-09-13 17:34 . 2004-08-10 16:38 50688 ----a-w- c:\windows\system32\smss.exe
2010-09-13 17:29 . 2010-06-18 20:07 -------- d-----w- d:\documents and settings\Sexy Litle Numbers\Application Data\iolo
2010-09-07 15:12 . 2010-07-05 22:50 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-02-15 23:39 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-02-15 23:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-02-15 23:39 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-02-15 23:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-02-15 23:39 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-02-15 23:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-02-15 23:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-02-15 23:39 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-06 20:08 . 2007-06-26 21:44 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-09-06 20:08 . 2006-03-09 20:50 -------- d-----w- d:\documents and settings\Sexy Litle Numbers\Application Data\Azureus
2010-09-06 19:37 . 2010-06-18 20:07 -------- d-----w- d:\documents and settings\All Users\Application Data\iolo
2010-09-06 18:51 . 2010-08-30 13:47 -------- d-----w- c:\program files\AOL 9.1
2010-09-06 18:51 . 2010-08-30 13:06 -------- d-----w- c:\program files\AOL 9.0 VR
2010-08-30 13:48 . 2010-08-30 13:48 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-08-30 13:45 . 2010-08-30 13:45 -------- d-----w- c:\program files\Raxco
2010-08-29 22:31 . 2010-06-18 21:38 -------- d-----w- d:\documents and settings\All Users\Application Data\Yahoo!
2010-08-29 22:31 . 2008-07-18 23:02 -------- d-----w- c:\program files\Yahoo!
2010-08-29 19:43 . 2010-08-29 19:43 8192 ----a-w- c:\windows\winsock.reg
2010-08-29 19:43 . 2010-08-29 19:43 20480 ----a-w- c:\windows\winsock2.reg
2010-08-29 19:43 . 2010-08-29 19:43 -------- d-----w- d:\documents and settings\All Users\Application Data\WinsockFix
2010-08-27 20:56 . 2010-08-27 20:56 -------- d-----w- d:\documents and settings\Sexy Litle Numbers\Application Data\FCTB000061107
2010-08-27 20:52 . 2010-08-27 20:56 60273 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\FCTB000061107\Toolbar\Uninst.exe
2010-08-27 20:52 . 2010-08-27 20:56 243200 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\FCTB000061107\Toolbar\Helper.dll
2010-08-27 20:52 . 2010-08-27 20:56 1499136 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\FCTB000061107\Toolbar\Toolbar.dll
2010-08-26 20:41 . 2008-10-29 17:45 -------- d-----w- c:\program files\Google
2010-08-18 11:09 . 2010-07-27 23:49 -------- d-----w- c:\program files\Common Files\FreeCause
2010-08-17 13:17 . 2004-08-10 16:38 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-11 21:29 . 2008-07-18 23:02 -------- d-----w- c:\program files\CCleaner
2010-08-07 22:59 . 2010-08-07 22:59 -------- d-----w- c:\program files\Common Files\Java
2010-08-07 22:57 . 2010-08-07 22:57 503808 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1c2cfcc1-n\msvcp71.dll
2010-08-07 22:57 . 2010-08-07 22:57 61440 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6ec63e86-n\decora-sse.dll
2010-08-07 22:57 . 2010-08-07 22:57 499712 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1c2cfcc1-n\jmc.dll
2010-08-07 22:57 . 2010-08-07 22:57 348160 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1c2cfcc1-n\msvcr71.dll
2010-08-07 22:57 . 2010-08-07 22:57 12800 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6ec63e86-n\decora-d3d.dll
2010-08-07 22:55 . 2006-12-18 01:29 -------- d-----w- c:\program files\Java
2010-08-03 22:45 . 2010-08-27 20:56 471552 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\FCTB000061107\Toolbar\emailchecker_plugin.dll
2010-08-02 21:17 . 2010-07-18 17:53 1 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-30 12:20 . 2010-07-30 12:20 503808 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d6d81ef-n\msvcp71.dll
2010-07-30 12:20 . 2010-07-30 12:20 499712 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d6d81ef-n\jmc.dll
2010-07-30 12:20 . 2010-07-30 12:20 348160 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d6d81ef-n\msvcr71.dll
2010-07-30 12:20 . 2010-07-30 12:20 61440 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46cd9785-n\decora-sse.dll
2010-07-30 12:20 . 2010-07-30 12:20 12800 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46cd9785-n\decora-d3d.dll
2010-07-29 21:57 . 2010-07-29 21:57 79488 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
2010-07-29 21:57 . 2010-07-29 21:57 152576 ----a-w- d:\documents and settings\Sexy Litle Numbers\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
2010-07-22 15:49 . 2004-08-10 16:38 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 22:31 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 04:00 . 2010-08-07 22:56 423656 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2010-03-31 50512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1250073252\ee\AOLSoftware.exe" [2007-05-25 42032]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-03-19 632048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-1-8 113664]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IconixOEAddOn
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series]
2007-12-13 06:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEFE.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus DX3800 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
"EPSON Stylus C46 Series (Copy 3)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P32 "EPSON Stylus C46 Series (Copy 3)" /M "Stylus C46" /EF "HKCU"
"EPSON Stylus C46 Series (Copy 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P32 "EPSON Stylus C46 Series (Copy 1)" /M "Stylus C46" /EF "HKCU"
"EPSON Stylus C46 Series (Copy 2)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P32 "EPSON Stylus C46 Series (Copy 2)" /M "Stylus C46" /EF "HKCU"
"EPSON Stylus C46 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"EPSON Stylus DX3800 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
"EPSON Stylus C46 Series (Copy 3)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P32 "EPSON Stylus C46 Series (Copy 3)" /O6 "USB002" /M "Stylus C46"
"EPSON Stylus C46 Series (Copy 2)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P32 "EPSON Stylus C46 Series (Copy 2)" /O6 "USB001" /M "Stylus C46"
"EPSON Stylus C46 Series (Copy 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P32 "EPSON Stylus C46 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C46"
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/02/2010 00:39 165584]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/02/2010 00:39 17744]
R2 gtdetectsc;GtDetectSc Service;c:\windows\system32\Gtdetectsc.exe [23/12/2008 13:24 118784]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [06/09/2010 20:18 711352]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [06/09/2010 20:18 711352]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [26/03/2007 15:18 20352]
S2 BTWSp50;BTWSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BTWSp50.sys --> c:\windows\system32\Drivers\BTWSp50.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/08/2010 22:17 136176]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [30/03/2010 15:31 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [30/03/2010 15:31 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [30/03/2010 15:31 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [30/03/2010 15:32 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [30/03/2010 15:32 98568]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 21:17]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 21:17]

2010-10-06 c:\windows\Tasks\User_Feed_Synchronization-{230A6A4B-C6DF-43B6-978A-B81048E0A7AB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - [You must be registered and logged in to see this link.]
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-{B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{4E7BD74F-2B8D-469E-F0C6-A03BB699B532} - (no file)
WebBrowser-{B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - (no file)
MSConfigStartUp-CTFMON - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3476259568-820065448-607964368-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A5A132A-F641-435A-4641-8E448B1A2881}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadkmbegpamklklhee"=hex:69,61,68,64,66,6a,67,6e,62,6a,63,67,6c,63,6a,66,6e,6a,
00,00
"hankcadfjmnejcmb"=hex:69,61,68,64,66,6a,67,6e,62,6a,63,67,6c,63,6a,66,6e,6a,
00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-06 12:53:07
ComboFix-quarantined-files.txt 2010-10-06 11:53

Pre-Run: 15,511,076,864 bytes free
Post-Run: 15,537,504,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0F13EC55A5120F606B5CCA23839D383D

firefly
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-14
Gender Gender : Female
OS OS : xp
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by Belahzur on Wed Oct 06, 2010 9:22 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by firefly on Sat Oct 09, 2010 7:09 pm

i cant find the C:\Program Files\esetonlinescanner\log.txt.

firefly
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-14
Gender Gender : Female
OS OS : xp
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by Belahzur on Sat Oct 09, 2010 11:59 pm

Okay, did the scanner find anything?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by firefly on Sun Oct 10, 2010 10:03 pm

yes it said something about the hotfix that it had found

firefly
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-14
Gender Gender : Female
OS OS : xp
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by firefly on Sun Oct 10, 2010 11:00 pm

i am running the scan again and will post the log once scan has completed

firefly
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-14
Gender Gender : Female
OS OS : xp
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by firefly on Mon Oct 11, 2010 12:35 pm

pc cant find the file again but i did fine this
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=638181f3a131994598af5c2971101a14
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-23 09:50:55
# local_time=2010-02-23 09:50:55 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777175 100 0 684374 684374 0 0
# compatibility_mode=1024 16777215 100 0 1632201 1632201 0 0
# compatibility_mode=8192 67108863 100 0 3854 3854 0 0
# scanned=135903
# found=1
# cleaned=1
# scan_time=3959
D:\Documents and Settings\Sexy Litle Numbers\My Documents\Nero-9.2.6.0_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=638181f3a131994598af5c2971101a14
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-01 02:06:40
# local_time=2010-06-01 03:06:40 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=2057
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777175 100 0 9126399 9126399 0 0
# compatibility_mode=1024 16777215 100 0 10074226 10074226 0 0
# compatibility_mode=8192 67108863 100 0 8442279 8442279 0 0
# scanned=16805
# found=0
# cleaned=0
# scan_time=1281
Update failed (45315). Trying proxy [You must be registered and logged in to see this link.]
finished. ret_update=-1 e_gle=41219
esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=638181f3a131994598af5c2971101a14
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-02 01:19:29
# local_time=2010-06-02 02:19:29 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=2057
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777175 100 0 9158836 9158836 0 0
# compatibility_mode=1024 16777215 100 0 10106663 10106663 0 0
# compatibility_mode=8192 67108863 100 0 8478316 8478316 0 0
# scanned=140394
# found=0
# cleaned=0
# scan_time=9211
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=638181f3a131994598af5c2971101a14
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-14 01:47:37
# local_time=2010-07-14 02:47:37 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=2057
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 12837053 12837053 0 0
# compatibility_mode=1024 16777215 100 0 13784880 13784880 0 0
# compatibility_mode=8192 67108863 100 0 12156533 12156533 0 0
# scanned=152725
# found=0
# cleaned=0
# scan_time=4683
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=638181f3a131994598af5c2971101a14
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-11 08:21:46
# local_time=2010-08-11 09:21:46 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=2057
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 15277916 15277916 0 0
# compatibility_mode=1024 16777215 100 0 16225743 16225743 0 0
# compatibility_mode=8192 67108863 100 0 14597396 14597396 0 0
# scanned=148129
# found=0
# cleaned=0
# scan_time=6669
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=638181f3a131994598af5c2971101a14
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-26 09:30:25
# local_time=2010-08-26 10:30:25 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=2057
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 16580588 16580588 0 0
# compatibility_mode=1024 16777215 100 0 17528415 17528415 0 0
# compatibility_mode=8192 67108863 100 0 15900068 15900068 0 0
# scanned=138802
# found=0
# cleaned=0
# scan_time=4115
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=638181f3a131994598af5c2971101a14
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-01 11:07:29
# local_time=2010-10-02 12:07:29 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=2057
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 19698472 19698472 0 0
# compatibility_mode=1024 16777215 100 0 20646299 20646299 0 0
# compatibility_mode=8192 67108863 100 0 19017952 19017952 0 0
# scanned=38499
# found=0
# cleaned=0
# scan_time=2457
esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=638181f3a131994598af5c2971101a14
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-02 09:05:07
# local_time=2010-10-02 10:05:07 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=2057
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 19779681 19779681 0 0
# compatibility_mode=1024 16777215 100 0 20727508 20727508 0 0
# compatibility_mode=8192 67108863 100 0 19099161 19099161 0 0
# scanned=12218
# found=0
# cleaned=0
# scan_time=306
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=638181f3a131994598af5c2971101a14
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-04 05:50:04
# local_time=2010-10-04 06:50:04 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=2057
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 19938034 19938034 0 0
# compatibility_mode=1024 16777215 100 0 20885861 20885861 0 0
# compatibility_mode=8192 67108863 100 0 19257514 19257514 0 0
# scanned=131217
# found=1
# cleaned=1
# scan_time=3049
D:\Documents and Settings\Sexy Litle Numbers\Application Data\hotfix.exe Win32/TrojanDownloader.FakeAlert.BEX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=638181f3a131994598af5c2971101a14
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-05 11:12:22
# local_time=2010-10-06 12:12:22 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=2057
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 20046803 20046803 0 0
# compatibility_mode=1024 16777215 100 0 20991030 20991030 0 0
# compatibility_mode=8192 67108863 100 0 19366283 19366283 0 0
# scanned=4
# found=0
# cleaned=0
# scan_time=0
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=638181f3a131994598af5c2971101a14
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-06 10:42:54
# local_time=2010-10-06 11:42:54 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 20130293 20130293 0 0
# compatibility_mode=1024 16777215 100 0 21078120 21078120 0 0
# compatibility_mode=8192 67108863 100 0 19449773 19449773 0 0
# scanned=38968
# found=0
# cleaned=0
# scan_time=1147
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=638181f3a131994598af5c2971101a14
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-09 05:32:32
# local_time=2010-10-09 06:32:32 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 20367323 20367323 0 0
# compatibility_mode=1024 16777215 100 0 21315150 21315150 0 0
# compatibility_mode=8192 67108863 100 0 19686803 19686803 0 0
# scanned=194606
# found=0
# cleaned=0
# scan_time=4708
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=638181f3a131994598af5c2971101a14
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-11 12:33:15
# local_time=2010-10-11 01:33:15 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 20475328 20475328 0 0
# compatibility_mode=1024 16777215 100 0 21423155 21423155 0 0
# compatibility_mode=1280 16777175 100 0 94337 94337 0 0
# compatibility_mode=8192 67108863 100 0 19794808 19794808 0 0
# scanned=201076
# found=0
# cleaned=0
# scan_time=8346

firefly
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-14
Gender Gender : Female
OS OS : xp
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by Belahzur on Mon Oct 11, 2010 9:40 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.3.4
    Viewpoint Media Player

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by firefly on Tue Oct 12, 2010 12:42 pm

it is running better however when i normally switch my pc on it used to go directly to the windows loading screen but it now keeps goinf to the dos page which asks if i wish to load xp normally
also when im now clcicking x to close a page it takes about 15 sometimes 20 seconds for the page to close or it sometimes wont close at all and i have to reboot my system and the start u[ process seems now to be taking abso&amp;#406;ute ages to reach the desktop

firefly
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-14
Gender Gender : Female
OS OS : xp
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by Belahzur on Tue Oct 12, 2010 11:31 pm

Hello.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by firefly on Fri Oct 15, 2010 9:34 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4841

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/10/2010 22:34:07
mbam-log-2010-10-15 (22-34-07).txt

Scan type: Quick scan
Objects scanned: 167401
Time elapsed: 17 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

firefly
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-14
Gender Gender : Female
OS OS : xp
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by Belahzur on Fri Oct 15, 2010 10:57 pm

Okay, how is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Please anitspy trojan/spyware

Post by firefly on Sat Oct 16, 2010 12:30 pm

it seems to be running much smoother

firefly
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-14
Gender Gender : Female
OS OS : xp
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum