Alureon-G@mbr[Rtk]

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Solved Alureon-G@mbr[Rtk]

Post by harlequin on Mon 16 May 2011, 1:54 pm

G'day

I am working on my daughter's computer. The original problem was a fake MS Malicious Softwre Removal Tool. All sorts of strife with that and eventually loaded the disk as a USB drive on my computer and ran Avast on that. That got it working but with all sorts of problems like no Desktop icons etc. Hoping to get back to that after fixing (hopefully) the Alureon problem.

As the fake MS tool issue wasn't found by AVG, I unloaded it and installed Avast, which I use on my computer. On a boot-time scan it finds a root-kit and two other files related to Alureon. It thinks it deletes them, but it doesn't. The same thing happens with a normal scan, except it knows it can't find the two files when it goes to delete them. It still thinks it has deleted the root-kit.

OTL had to run under Avast as I couldn't shut Avast down. It hung the computer when run that way. I tried running it under Safe Mode but couldn't paste the text into it. Don't know what the story is there.

I ran aswMBR under Safe Mode, text below.

Seucrity Check bombed in Safe Mode. After "Preparing Done!" I got the message:

Line - 1:
Error: variable not of type "Object"

It ran under Avast, but saving the text file, while appearing to work, didn't. I cut and pasted the text and it appears below.

MBR
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-16 10:11:49
-----------------------------
10:11:49.281 OS Version: Windows 5.1.2600 Service Pack 3
10:11:49.281 Number of processors: 1 586 0x209
10:11:49.281 ComputerName: TEST UserName:
10:11:49.703 Initialize success
10:11:52.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:11:52.265 Disk 0 Vendor: ST340014A 3.16 Size: 38146MB BusType: 3
10:11:52.265 Device \Driver\atapi -> DriverStartIo 82f4931b
10:11:54.281 Disk 0 MBR read successfully
10:11:54.281 Disk 0 MBR scan
10:11:54.281 Disk 0 TDL4@MBR code has been found
10:11:54.281 Disk 0 Windows XP default MBR code found via API
10:11:54.281 Disk 0 MBR hidden
10:11:54.281 Disk 0 MBR [TDL4] **ROOTKIT**
10:11:54.281 Disk 0 trace - called modules:
10:11:54.281 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82f494d0]<<
10:11:54.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f92ab8]
10:11:54.281 3 CLASSPNP.SYS[f75d7fd7] -> nt!IofCallDriver -> [0x82f7bcd0]
10:11:54.281 \Driver\atapi[0x82fe4338] -> IRP_MJ_CREATE -> 0x82f494d0
10:11:54.796 Scan finished successfully
10:13:02.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
10:13:02.187 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


Security Check
Results of screen317's Security Check version 0.99.11
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
CCleaner
Java(TM) 6 Update 23
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader X (10.0.1)
Mozilla Firefox (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

Sorry this s a bit long, I wasn't sure whether or not someof that information about running the programs was important.

Any help you can render will be greatly appreicated.


Last edited by harlequin on Mon 16 May 2011, 1:57 pm; edited 1 time in total (Reason for editing : aswMBR log doubled up)

harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by DragonMaster Jay on Mon 16 May 2011, 3:30 pm

How to fix TDL4

Re-run aswMBR.exe
  • Click [Scan]
  • On completion of the scan
  • Click the [Fix] for TDL4 (MBRoot):



Once you are done with that, please do the following:

Please download TDSSKiller from here and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by harlequin on Mon 16 May 2011, 4:27 pm

Brilliant, that got rid of it, many thanks.

Results below:

2011/05/16 15:22:01.0875 3668 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/16 15:22:02.0968 3668 ================================================================================
2011/05/16 15:22:02.0968 3668 SystemInfo:
2011/05/16 15:22:02.0968 3668
2011/05/16 15:22:02.0968 3668 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/16 15:22:02.0968 3668 Product type: Workstation
2011/05/16 15:22:02.0968 3668 ComputerName: TEST
2011/05/16 15:22:02.0968 3668 UserName: Administrator
2011/05/16 15:22:02.0968 3668 Windows directory: C:\WINDOWS
2011/05/16 15:22:02.0968 3668 System windows directory: C:\WINDOWS
2011/05/16 15:22:02.0968 3668 Processor architecture: Intel x86
2011/05/16 15:22:02.0968 3668 Number of processors: 1
2011/05/16 15:22:02.0968 3668 Page size: 0x1000
2011/05/16 15:22:02.0968 3668 Boot type: Normal boot
2011/05/16 15:22:02.0968 3668 ================================================================================
2011/05/16 15:22:03.0312 3668 Initialize success
2011/05/16 15:22:08.0046 1536 ================================================================================
2011/05/16 15:22:08.0046 1536 Scan started
2011/05/16 15:22:08.0046 1536 Mode: Manual;
2011/05/16 15:22:08.0046 1536 ================================================================================
2011/05/16 15:22:09.0515 1536 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/05/16 15:22:09.0828 1536 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/16 15:22:09.0984 1536 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/16 15:22:10.0171 1536 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/16 15:22:10.0343 1536 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/16 15:22:10.0515 1536 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/16 15:22:10.0703 1536 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/16 15:22:11.0453 1536 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/05/16 15:22:11.0593 1536 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/05/16 15:22:11.0750 1536 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/05/16 15:22:11.0906 1536 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/05/16 15:22:12.0109 1536 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/05/16 15:22:12.0296 1536 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/05/16 15:22:12.0437 1536 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/16 15:22:12.0609 1536 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/16 15:22:12.0875 1536 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/16 15:22:13.0046 1536 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/16 15:22:13.0234 1536 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/16 15:22:13.0406 1536 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
2011/05/16 15:22:13.0562 1536 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/16 15:22:13.0812 1536 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/16 15:22:13.0984 1536 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/16 15:22:14.0156 1536 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/16 15:22:14.0718 1536 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/16 15:22:14.0937 1536 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/16 15:22:15.0187 1536 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/16 15:22:15.0359 1536 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/16 15:22:15.0531 1536 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/16 15:22:15.0812 1536 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/16 15:22:15.0968 1536 E1000 (a8b3ec8ee13cbe14f067c72110155a1b) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/05/16 15:22:16.0171 1536 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/16 15:22:16.0296 1536 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/16 15:22:16.0453 1536 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/16 15:22:16.0609 1536 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/16 15:22:16.0765 1536 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/16 15:22:16.0937 1536 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/05/16 15:22:17.0109 1536 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/16 15:22:17.0312 1536 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/16 15:22:17.0500 1536 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/16 15:22:17.0656 1536 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/16 15:22:17.0859 1536 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/16 15:22:18.0140 1536 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/16 15:22:18.0328 1536 ialm (da58a8be6a445835f603720c4bc8837e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/16 15:22:18.0546 1536 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/16 15:22:18.0796 1536 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/16 15:22:18.0984 1536 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/16 15:22:19.0156 1536 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/16 15:22:19.0265 1536 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/16 15:22:19.0437 1536 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/16 15:22:19.0593 1536 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/16 15:22:19.0765 1536 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/16 15:22:19.0921 1536 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/16 15:22:20.0093 1536 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/16 15:22:20.0250 1536 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/16 15:22:20.0359 1536 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/16 15:22:20.0562 1536 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/16 15:22:20.0718 1536 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/16 15:22:20.0906 1536 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/05/16 15:22:21.0187 1536 massfilter (8d9c68fa8b7fbe0e225bde0bbcd8ce9b) C:\WINDOWS\system32\DRIVERS\massfilter.sys
2011/05/16 15:22:21.0375 1536 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/16 15:22:21.0515 1536 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/16 15:22:21.0671 1536 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/16 15:22:21.0812 1536 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/16 15:22:21.0953 1536 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/16 15:22:22.0187 1536 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/16 15:22:22.0375 1536 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/16 15:22:22.0578 1536 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/16 15:22:22.0703 1536 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/16 15:22:22.0828 1536 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/16 15:22:23.0000 1536 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/16 15:22:23.0156 1536 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/16 15:22:23.0343 1536 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/16 15:22:23.0500 1536 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/16 15:22:23.0671 1536 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/16 15:22:23.0843 1536 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/16 15:22:24.0015 1536 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/16 15:22:24.0171 1536 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/16 15:22:24.0343 1536 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/16 15:22:24.0546 1536 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/16 15:22:24.0812 1536 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/16 15:22:25.0000 1536 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/16 15:22:25.0218 1536 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/16 15:22:25.0390 1536 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/16 15:22:25.0546 1536 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/16 15:22:25.0765 1536 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/16 15:22:25.0937 1536 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/16 15:22:26.0093 1536 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/16 15:22:26.0281 1536 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/16 15:22:26.0515 1536 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/05/16 15:22:26.0671 1536 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/16 15:22:27.0312 1536 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/16 15:22:27.0453 1536 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/16 15:22:27.0625 1536 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/16 15:22:28.0062 1536 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/16 15:22:28.0250 1536 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/16 15:22:28.0390 1536 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/16 15:22:28.0546 1536 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/16 15:22:28.0718 1536 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/16 15:22:28.0890 1536 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/16 15:22:29.0062 1536 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/16 15:22:29.0203 1536 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/16 15:22:29.0406 1536 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/16 15:22:29.0734 1536 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/16 15:22:29.0937 1536 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/16 15:22:30.0093 1536 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/16 15:22:30.0281 1536 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/16 15:22:30.0484 1536 Sftfs (14cb193ecd4e71a32446790f9ecf39dd) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
2011/05/16 15:22:30.0687 1536 Sftplay (1f05637831caf19b069aaf361d720bb9) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
2011/05/16 15:22:30.0875 1536 Sftredir (423628f17862593d7d43e02187f4c1b5) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
2011/05/16 15:22:31.0015 1536 Sftvol (258ab73a01fa1b8d1a2a053c6bba5544) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
2011/05/16 15:22:31.0265 1536 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/16 15:22:31.0531 1536 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/16 15:22:31.0703 1536 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/16 15:22:31.0890 1536 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/16 15:22:32.0093 1536 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/16 15:22:32.0250 1536 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/16 15:22:32.0703 1536 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/16 15:22:32.0859 1536 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/16 15:22:33.0031 1536 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/16 15:22:33.0203 1536 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/16 15:22:33.0375 1536 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/16 15:22:33.0625 1536 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/16 15:22:33.0890 1536 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/16 15:22:34.0109 1536 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/16 15:22:34.0281 1536 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/16 15:22:34.0375 1536 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/16 15:22:34.0500 1536 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/16 15:22:34.0703 1536 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/16 15:22:34.0828 1536 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/16 15:22:35.0000 1536 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/16 15:22:35.0171 1536 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/16 15:22:35.0406 1536 vodafone_K3805-z_dc_enum (94623623b4e319adf68c04448d4edf30) C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
2011/05/16 15:22:35.0562 1536 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/16 15:22:35.0718 1536 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/16 15:22:35.0906 1536 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/16 15:22:36.0171 1536 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/16 15:22:36.0421 1536 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/16 15:22:36.0609 1536 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/16 15:22:36.0734 1536 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/16 15:22:36.0953 1536 ZTEusbmdm6k (2a6f72d2b6a549b1fc6a6522bc204159) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
2011/05/16 15:22:37.0109 1536 ZTEusbnet (7df32dc0267c91bacf7e2b4e38ac5df1) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
2011/05/16 15:22:37.0250 1536 ZTEusbnmea (2a6f72d2b6a549b1fc6a6522bc204159) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
2011/05/16 15:22:37.0390 1536 ZTEusbser6k (2a6f72d2b6a549b1fc6a6522bc204159) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
2011/05/16 15:22:37.0578 1536 ZTEusbvoice (2a6f72d2b6a549b1fc6a6522bc204159) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
2011/05/16 15:22:37.0921 1536 ================================================================================
2011/05/16 15:22:37.0921 1536 Scan finished
2011/05/16 15:22:37.0921 1536 ================================================================================

harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by DragonMaster Jay on Mon 16 May 2011, 4:51 pm

Please run the BitDefender QuickScan Beta, and once done, press the View Report link. Post that log in your next reply.

ALSO

Please download RenewMyDNS by DragonMaster Jay.
  • Save it to your Desktop.
  • Double-click RenewMyDNS.exe to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete RenewMyDNS.exe


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by harlequin on Mon 16 May 2011, 5:10 pm

OK, here's the Bit Defender results:


QuickScan Beta 32-bit v0.9.9.91
-------------------------------
Scan date: Mon May 16 15:58:44 2011
Machine ID: C4F37CFF



No infection found.
-------------------



Processes
---------
(verified) Ad-Aware Service Application 1632 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
(verified) Ad-Aware Tray Application 128 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
(verified) avast! Antivirus 1740 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(verified) avast! Antivirus 184 C:\Program Files\AVAST Software\Avast\AvastUI.exe
(verified) brother brstswnd 192 C:\Program Files\Brownie\BrStsWnd.exe
(verified) brother pjl parser 316 C:\Program Files\Brownie\brpjp04a.exe
(verified) Firefox 1912 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Firefox 256 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) GoogleToolbarNotifier 208 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Intel(R) Common User Interface 2028 C:\WINDOWS\system32\hkcmd.exe
(verified) Java(TM) Platform SE 6 U23 1292 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Java(TM) Platform SE Auto Updater 2 0 2040 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft Application Virtualization 2448 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(verified) Microsoft Application Virtualization 2352 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(verified) Microsoft Office 2010 2820 C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(verified) Microsoft Search Enhancement Pack 1448 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(verified) Microsoft® Windows® Operating System 1540 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3328 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 680 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 240 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 760 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 748 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 632 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 648 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 1312 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1420 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1500 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1128 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1092 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 996 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 920 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2404 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 3080 C:\WINDOWS\system32\wbem\unsecapp.exe
(verified) Microsoft® Windows® Operating System 3652 C:\WINDOWS\system32\wbem\wmiprvse.exe
(verified) Microsoft® Windows® Operating System 704 C:\WINDOWS\system32\winlogon.exe


Network activity
----------------
Process plugin-container.exe (256) connected on port 80 (HTTP) --> 60.254.143.11
Process AvastSvc.exe (1740) connected on port 80 (HTTP) --> 74.125.237.39
Process AvastSvc.exe (1740) connected on port 80 (HTTP) --> 74.125.237.91
Process AvastSvc.exe (1740) connected on port 80 (HTTP) --> 66.220.147.44
Process AvastSvc.exe (1740) connected on port 80 (HTTP) --> 74.125.237.39
Process AvastSvc.exe (1740) connected on port 80 (HTTP) --> 173.222.192.74
Process AvastSvc.exe (1740) connected on port 80 (HTTP) --> 60.254.143.24
Process firefox.exe (1912) connected on port 443 (HTTP over SSL) --> 74.125.237.85
Process firefox.exe (1912) connected on port 443 (HTTP over SSL) --> 74.125.237.85
Process firefox.exe (1912) connected on port 443 (HTTP over SSL) --> 74.125.237.93
Process firefox.exe (1912) connected on port 443 (HTTP over SSL) --> 74.125.237.80
Process firefox.exe (1912) connected on port 443 (HTTP over SSL) --> 66.102.11.132

Process svchost.exe (996) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
(unsigned) quickstart.exe C:\Program Files\OpenOffice.org 3\program\quickstart.exe

(verified) Ad-Aware Admin Application C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
(verified) Ad-Aware Tray Application C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
(verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
(verified) brother brstswnd C:\Program Files\Brownie\BrStsWnd.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Intel(R) Common User Interface C:\WINDOWS\system32\hkcmd.exe
(verified) Intel(R) Common User Interface C:\WINDOWS\system32\igfxsrvc.dll
(verified) Intel(R) Common User Interface C:\WINDOWS\system32\igfxtray.exe
(verified) Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wupdmgr.exe
(verified) UpdateTask.exe C:\Program Files\Ask.com\UpdateTask.exe
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
(unsigned) Java(TM) Platform SE 6 U23 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) avast! WebRep c:\program files\avast software\avast\aswwebrepie.dll
(verified) BitDefender QuickScan C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nu5xs11t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
(verified) Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
(verified) Google Update C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
(verified) Java Deployment Toolkit 6.0.230.5 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java(TM) Platform SE 6 U23 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Java(TM) Platform SE 6 U23 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL
(verified) Microsoft Search Helper Extention c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll
(verified) Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
(verified) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
(verified) Toolbar c:\program files\ask.com\genericasktoolbar.dll
(verified) Windows Live Toolbar c:\program files\windows live\toolbar\wltcore.dll
(verified) Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
(verified) Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Scan
----
(unsigned) MD5: ddb39a503fc2c31108e2107549227270 C:\Program Files\AVAST Software\Avast\defs\11051501\algo.dll
(unsigned) MD5: ea8fcf30d2961369435c84ce3b3063f1 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) MD5: a3922cd380f968b898da4bb414c38900 C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
(unsigned) MD5: b0057a8beb1f7cc88662bec2b262966e C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
(unsigned) MD5: f7dce54077ee9d8a351c4b1ffa866ee7 C:\Program Files\OpenOffice.org 3\program\quickstart.exe
(unsigned) MD5: 30bb1bde595ca65fd5549462080d94e5 C:\WINDOWS\system32\drivers\AEGISP.sys
(unsigned) MD5: 2fe6d5be0629f706197b30c0aa05de30 C:\WINDOWS\system32\drivers\BRPAR.sys


No file uploaded.

Scan finished - communication took 6 sec
Total traffic - 0.05 MB sent, 1.19 KB recvd
Scanned 1033 files and modules - 220 seconds

==============================================================================



and here are the RenewMy DNS results:

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.3.2

Microsoft Windows XP [Version 5.1.2600]


``````````Network and DNS Information``````````




Windows IP Configuration



Host Name . . . . . . . . . . . . : test

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : nsw.bigpond.net.au



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : nsw.bigpond.net.au

Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection

Physical Address. . . . . . . . . : 00-0B-DB-59-E4-08

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 121.210.144.199

Subnet Mask . . . . . . . . . . . : 255.255.248.0

Default Gateway . . . . . . . . . : 121.210.144.1

DHCP Server . . . . . . . . . . . : 172.18.49.149

DNS Servers . . . . . . . . . . . : 61.9.195.193

61.9.194.49

Lease Obtained. . . . . . . . . . : Monday, 16 May 2011 15:11:03

Lease Expires . . . . . . . . . . : Tuesday, 17 May 2011 08:59:41




Windows IP Configuration



Successfully flushed the DNS Resolver Cache.



``````````Speed-test - Ping``````````


Pinging yahoo.com [69.147.125.65] with 32 bytes of data:



Reply from 69.147.125.65: bytes=32 time=253ms TTL=46

Reply from 69.147.125.65: bytes=32 time=262ms TTL=46

Reply from 69.147.125.65: bytes=32 time=261ms TTL=46

Reply from 69.147.125.65: bytes=32 time=250ms TTL=46



Ping statistics for 69.147.125.65:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 250ms, Maximum = 262ms, Average = 256ms



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:



Reply from 64.202.189.170: bytes=32 time=220ms TTL=110

Reply from 64.202.189.170: bytes=32 time=223ms TTL=110

Reply from 64.202.189.170: bytes=32 time=223ms TTL=110

Reply from 64.202.189.170: bytes=32 time=219ms TTL=110



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 219ms, Maximum = 223ms, Average = 221ms



Pinging facebook.com [69.63.189.16] with 32 bytes of data:



Reply from 69.63.189.16: bytes=32 time=282ms TTL=239

Reply from 69.63.189.16: bytes=32 time=283ms TTL=239

Reply from 69.63.189.16: bytes=32 time=284ms TTL=239

Reply from 69.63.189.16: bytes=32 time=283ms TTL=239



Ping statistics for 69.63.189.16:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 282ms, Maximum = 284ms, Average = 283ms



Pinging google.com [74.125.237.80] with 32 bytes of data:



Reply from 74.125.237.80: bytes=32 time=10ms TTL=54

Reply from 74.125.237.80: bytes=32 time=7ms TTL=54

Reply from 74.125.237.80: bytes=32 time=7ms TTL=54

Reply from 74.125.237.80: bytes=32 time=7ms TTL=54



Ping statistics for 74.125.237.80:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 7ms, Maximum = 10ms, Average = 7ms


********************
EOF


Thanks again.

harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by DragonMaster Jay on Mon 16 May 2011, 5:15 pm

Let's do a final scan, because I think we've got your computer clean...

Scan for malware

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by harlequin on Mon 16 May 2011, 5:47 pm

Well, that is brilliant! Not only is the comoputer cleaned up, but that last step bought back the desktop items as well!

Malwarebytes results:
Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6587

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

16/05/2011 16:36:22
mbam-log-2011-05-16 (16-36-14).txt

Scan type: Quick scan
Objects scanned: 145823
Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\RECYCLER\s-1-5-21-1292428093-790525478-725345543-500\Dc1.dll (Trojan.Hiloti) -> No action taken.
c:\documents and settings\administrator\Desktop\windows recovery.lnk (Trojan.FakeAV) -> No action taken.
c:\documents and settings\administrator\application data\Adobe\plugs\mmc67.exe (Trojan.Agent) -> No action taken.

harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by harlequin on Mon 16 May 2011, 6:29 pm

I have just run a full scan of Malwarebytes' Anti-Malware and all clear. Done in time for my daughter to get her uni assignment done, a great result.

Thanks heaps.

A question if I may, that may prevent bothering you again - Ad-Aware didn't find this stuff. Ad-Aware and Avast and Zone Alarm are what I am running on my own computer (and now my daughter's) and I think they are all OK excpt maybe Ad-Aware. Should I be running Anti-Malware on both or should I run Ad-aware and Anti-malware?

Thanks again for the help, I'm glad you guys know your stuff.

harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by DragonMaster Jay on Mon 16 May 2011, 6:34 pm

What you got now is good. But, for Avast, the Internet Security is most recommended.

Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.





Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  • Spybot - Search & Destroy.
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by harlequin on Mon 16 May 2011, 6:47 pm

Hmm. When the fake MS Malicious Software Removal Tool infected the computer it caused all Desktop icons to disappear and severely truncated the list of programs in Start>All Programs. A lot are missing from the list, but they still exist. When I go to Select Start > All Programs > Accessories > System tools >, the only thing that appears is Internet Explorer. I presume I can find the folder and the right exe and run it, but it would be nice to have all this stuff back. I figure you have had to clear up fake MS a few times and may know what it did to cause this and how to fix it. As mentioned, the desktop items came back after one of the earlier steps.

harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by harlequin on Mon 16 May 2011, 7:44 pm

OK, I found out how to run restore and cleanup from the command line. That is all done, as is the removal ofthe software sued and the removal of temporary files.

I have bookmarked the recommended sites and will download the software.

With regard to the All Programs problem I should add that the drop-down button at the bottom of the box is absent. If you can't help with that, just let me know - you've been a lifesaver as it is.

harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by DragonMaster Jay on Mon 16 May 2011, 8:02 pm

Will you take a screenshot of the mentioned area?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by harlequin on Mon 16 May 2011, 8:44 pm

Sceenshot attached.

Under Avast anitivirus there is no arrow for the drop-downmenu for the rest of the programs.

Accessories>System tools shows only IE explorer.

harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by DragonMaster Jay on Tue 17 May 2011, 3:44 pm

I didn't get the screenshot. Please upload it to [You must be registered and logged in to see this link.] and post the link here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by harlequin on Tue 17 May 2011, 11:32 pm

[You must be registered and logged in to see this link.]

Sorry about the delay in replying. Work, then squash. Computer is back at daughter's, if I can't run her though any answer over the phone I will go over after work tomorrow and do it.

harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by DragonMaster Jay on Wed 18 May 2011, 2:20 pm

That didn't upload right. Try once more please.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by harlequin on Wed 18 May 2011, 9:24 pm

Apparently I didn't share it right. Fixed it and checked it from another computer this time:

[You must be registered and logged in to see this link.]

No drop down arrows for the rest of the programs under 'Avast Antirvirus'

Programs>System>tools> shows only IE but the programs are still there and can be run from the command line.

harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by DragonMaster Jay on Thu 19 May 2011, 10:30 am

Let's see if those programs exist anymore...

Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan and let the program run uninterrupted.
  • Please post the log from it.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by harlequin on Thu 19 May 2011, 11:10 pm

Okay, thanks.
Very late tonight; retail sales sucks but it's a living.
I will go over after work tomorrow and do as you said.


harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by harlequin on Sun 22 May 2011, 4:40 pm

Sorry about the delay, difficulties gettinghere.
OLT.exe can follows

OTL logfile created on: 22/05/2011 15:27:53 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

766.00 Mb Total Physical Memory | 500.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 850 1100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 26.45 Gb Free Space | 71.01% Space Free | Partition Type: NTFS
Drive E: | 1.91 Gb Total Space | 1.81 Gb Free Space | 95.06% Space Free | Partition Type: FAT32

Computer Name: TEST | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 15:26:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/05/10 22:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 22:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/07 18:12:34 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/01/24 18:58:50 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/24 00:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 00:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/06/11 09:17:38 | 003,618,104 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/22 15:26:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2011/05/10 22:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/24 02:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/10 22:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/07 18:12:34 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/24 00:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 00:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 22:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 22:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 22:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 22:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 21:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 21:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 21:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/24 18:59:06 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/10 16:11:46 | 000,009,216 | R--- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/04/30 19:32:30 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2010/04/30 19:32:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010/04/30 19:32:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/04/30 19:32:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/04/30 19:32:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/04/24 00:10:54 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2010/04/24 00:10:52 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2010/04/24 00:10:50 | 000,211,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2010/04/24 00:10:44 | 000,554,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2010/03/01 17:35:22 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV - [2000/07/24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4184fb62&v=6.103.018.001&i=23&tp=ab&iy=&ychte=au&lng=en-GB&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{9C820306-A695-4476-B719-AB59C9DBE435}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{9C820306-A695-4476-B719-AB59C9DBE435} [2011/05/15 15:49:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/15 19:34:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 07:50:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 07:50:18 | 000,000,000 | ---D | M]

[2011/01/23 19:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/08/19 17:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/17 16:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nu5xs11t.default\extensions
[2011/01/24 18:02:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nu5xs11t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/17 16:21:57 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nu5xs11t.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/01/23 19:57:35 | 000,000,000 | ---D | M] (English (Australian) Dictionary) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nu5xs11t.default\extensions\en-AU@dictionaries.addons.mozilla.org
[2011/05/08 14:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/12 20:37:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/24 17:59:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/15 15:49:51 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{9C820306-A695-4476-B719-AB59C9DBE435}
[2011/05/15 19:34:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/08/19 17:34:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/09 07:50:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 17:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/09 07:50:09 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/09 07:50:09 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/09 07:50:09 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/09 07:50:09 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/09 07:50:09 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/25 15:06:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{940a1e93-48b0-11e0-a6a6-000bdb59e408}\Shell - "" = AutoRun
O33 - MountPoints2\{940a1e93-48b0-11e0-a6a6-000bdb59e408}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{940a1e93-48b0-11e0-a6a6-000bdb59e408}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ef21a792-3ed5-11e0-a698-000bdb59e408}\Shell\Auto\command - "" = E:\Start.exe
O33 - MountPoints2\{ef21a792-3ed5-11e0-a698-000bdb59e408}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ef21a792-3ed5-11e0-a698-000bdb59e408}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 15:26:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/16 16:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/05/16 16:23:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/16 16:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/16 16:22:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/16 16:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/16 15:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2011/05/16 11:19:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/05/15 19:34:48 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/15 19:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/05/15 19:34:47 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/15 19:34:45 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/15 19:34:44 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/15 19:34:43 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/15 19:34:42 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/15 19:34:42 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/15 19:34:41 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/15 19:34:21 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/15 19:34:19 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/15 19:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/15 19:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/15 17:15:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/05/15 16:47:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/05/15 15:50:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/15 15:49:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/05/15 15:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/13 14:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/13 14:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Recovery
[2011/05/13 14:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{9C820306-A695-4476-B719-AB59C9DBE435}
[2011/05/13 14:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cG06509CoJpG06509
[2 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/22 15:26:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/22 15:10:02 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/22 15:10:02 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/22 15:01:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/05/22 13:01:39 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2011/05/22 12:53:31 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2011/05/21 21:04:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/21 21:04:08 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2011/05/21 21:03:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/21 20:17:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Windows Update.job
[2011/05/21 19:11:22 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/16 19:39:16 | 000,061,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\allprograms2.JPG
[2011/05/16 18:36:05 | 000,004,710 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110516_183600.reg
[2011/05/16 18:18:16 | 000,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/16 12:08:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/15 19:34:48 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/15 19:34:42 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/15 17:16:08 | 000,008,860 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110515_171603.reg
[2011/05/15 16:51:51 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2011/05/15 16:14:13 | 000,051,824 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110515_161407.reg
[2011/05/15 14:55:35 | 000,027,359 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\English 100.odt
[2011/05/15 14:54:08 | 000,078,508 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\gr.odt
[2011/05/15 13:01:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tcoxulod.bin
[2011/05/13 15:09:16 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/05/13 14:33:28 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17620772
[2011/05/13 14:29:30 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xgutafox.dat
[2011/05/12 20:00:26 | 000,087,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\uneasy the head.pdf
[2011/05/11 07:28:45 | 000,526,679 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\horror assignment (lachlan).odt
[2011/05/10 22:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 22:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 22:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 22:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 22:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 22:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 22:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 21:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 21:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 21:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/05 21:44:43 | 000,059,150 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\201Assessment5.pdf
[2011/05/05 21:42:47 | 000,017,581 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\201Assessment5.odt
[2011/05/04 17:53:14 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/05/04 17:49:27 | 000,013,267 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\marcfores.odg
[2011/05/04 11:11:03 | 000,011,648 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\reco thingy mawott.odt
[2011/05/02 20:07:40 | 000,009,845 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\yikesgr.odt
[2011/05/02 17:51:27 | 000,036,290 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\recocontainer.odt
[2011/05/02 13:33:45 | 000,017,004 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\CLLA201Ass5.odt
[2011/05/02 12:50:19 | 000,017,012 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Greek Ass 4.odt
[2011/05/01 13:22:35 | 000,436,036 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/01 13:22:35 | 000,068,690 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/01 11:45:40 | 000,061,195 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ultimate dungeons and dragon map.odt
[2011/04/30 16:31:25 | 000,014,645 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\project for ft.odt
[2011/04/30 11:58:33 | 000,010,085 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Reco thing.odt
[2011/04/28 17:08:06 | 000,605,539 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\marcs dungen dragons set map.odg
[2011/04/28 15:53:18 | 000,049,846 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mums une save by marc.odt
[2011/04/27 08:22:04 | 000,008,748 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\matts ramdom whiting.odt
[2 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 19:39:16 | 000,061,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\allprograms2.JPG
[2011/05/16 18:36:03 | 000,004,710 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110516_183600.reg
[2011/05/15 19:34:48 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/15 17:16:05 | 000,008,860 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110515_171603.reg
[2011/05/15 16:51:51 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2011/05/15 16:14:09 | 000,051,824 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110515_161407.reg
[2011/05/15 14:55:30 | 000,027,359 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\English 100.odt
[2011/05/13 15:09:16 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/05/13 14:49:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 14:33:28 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17620772
[2011/05/13 14:29:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tcoxulod.bin
[2011/05/13 14:29:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xgutafox.dat
[2011/05/12 20:00:24 | 000,087,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\uneasy the head.pdf
[2011/05/11 07:28:38 | 000,526,679 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\horror assignment (lachlan).odt
[2011/05/05 21:44:41 | 000,059,150 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\201Assessment5.pdf
[2011/05/05 21:42:46 | 000,017,581 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\201Assessment5.odt
[2011/05/04 17:49:26 | 000,013,267 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\marcfores.odg
[2011/05/04 11:11:03 | 000,011,648 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\reco thingy mawott.odt
[2011/05/02 20:07:36 | 000,009,845 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\yikesgr.odt
[2011/05/02 17:51:27 | 000,036,290 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\recocontainer.odt
[2011/05/02 13:33:43 | 000,017,004 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\CLLA201Ass5.odt
[2011/05/01 11:16:09 | 000,061,195 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ultimate dungeons and dragon map.odt
[2011/04/30 16:31:24 | 000,014,645 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\project for ft.odt
[2011/04/30 11:58:33 | 000,010,085 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Reco thing.odt
[2011/04/29 22:16:11 | 000,017,012 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Greek Ass 4.odt
[2011/04/28 17:08:00 | 000,605,539 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\marcs dungen dragons set map.odg
[2011/04/28 15:53:04 | 000,049,846 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mums une save by marc.odt
[2011/04/27 08:22:04 | 000,008,748 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\matts ramdom whiting.odt
[2011/02/27 11:52:38 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT
[2011/02/27 11:48:24 | 000,009,868 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2011/02/12 21:40:18 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/02/12 21:34:59 | 000,000,312 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/02/12 21:34:59 | 000,000,292 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2011/02/12 21:34:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/02/12 21:34:30 | 000,020,605 | ---- | C] () -- C:\WINDOWS\HL-4040CN.INI
[2011/02/12 21:34:08 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/02/12 21:34:07 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/02/12 21:34:07 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\bd4040cn.dat
[2011/02/12 21:32:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011/02/12 21:32:14 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2011/02/12 21:32:13 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BAOCH06A.DAT
[2011/01/23 19:53:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/03 11:45:49 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/25 16:13:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/06/25 15:09:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/25 15:02:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/11/30 16:29:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/30 16:28:27 | 000,177,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 22:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 22:00:00 | 000,436,036 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 22:00:00 | 000,068,690 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 22:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/08/24 22:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2004/11/01 00:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2011/02/12 20:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2011/05/16 15:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2011/05/20 20:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SoftGrid Client
[2011/02/26 20:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TP
[2011/03/07 21:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vodafone
[2011/05/15 19:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/15 15:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/05/15 14:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cG06509CoJpG06509
[2011/03/15 18:26:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/05 12:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/03/07 21:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/09/04 19:07:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2011/05/21 19:11:22 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/05/22 15:01:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/05/21 20:17:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Update.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/02/22 11:16:54 | 000,016,980 | ---- | M] ()(C:\Documents and Settings\Administrator\My Documents\assessµe?t 1 pdf check.odt) -- C:\Documents and Settings\Administrator\My Documents\ασσεσσμεντ 1 pdf check.odt
[2011/02/22 11:16:51 | 000,016,980 | ---- | C] ()(C:\Documents and Settings\Administrator\My Documents\assessµe?t 1 pdf check.odt) -- C:\Documents and Settings\Administrator\My Documents\ασσεσσμεντ 1 pdf check.odt
[2011/02/22 09:44:41 | 000,015,656 | ---- | M] ()(C:\Documents and Settings\Administrator\My Documents\assessµe?t 1.odt) -- C:\Documents and Settings\Administrator\My Documents\ασσεσσμεντ 1.odt
[2011/02/13 23:35:09 | 000,015,656 | ---- | C] ()(C:\Documents and Settings\Administrator\My Documents\assessµe?t 1.odt) -- C:\Documents and Settings\Administrator\My Documents\ασσεσσμεντ 1.odt

< End of report >

harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by harlequin on Sun 22 May 2011, 4:45 pm

Just noticed this 'extras' file, here it is in case you need it:

OTL Extras logfile created on: 22/05/2011 15:27:53 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

766.00 Mb Total Physical Memory | 500.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 850 1100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 26.45 Gb Free Space | 71.01% Space Free | Partition Type: NTFS
Drive E: | 1.91 Gb Total Space | 1.81 Gb Free Space | 95.06% Space Free | Partition Type: FAT32

Computer Name: TEST | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E5FFF6-9B42-466D-B996-7D7FB54C470A}" = Brother HL-4040CN
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78522C2-C369-4F68-B278-5D6994F00B3E}" = GreekLS Classical
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F9D2AA32-11F5-4521-BABD-793EBF4BFA4D}" = Brother HL-2140
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LaserGreekUProfessional_is1" = LaserGreek Professional in Unicode v 14.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = ninemsn Internet Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/05/2011 02:13:14 | Computer Name = TEST | Source = Google Update | ID = 20
Description =

Error - 20/05/2011 03:13:14 | Computer Name = TEST | Source = Google Update | ID = 20
Description =

Error - 20/05/2011 04:13:14 | Computer Name = TEST | Source = Google Update | ID = 20
Description =

Error - 20/05/2011 05:13:14 | Computer Name = TEST | Source = Google Update | ID = 20
Description =

Error - 20/05/2011 06:13:14 | Computer Name = TEST | Source = Google Update | ID = 20
Description =

Error - 20/05/2011 06:20:13 | Computer Name = TEST | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 20/05/2011 06:53:44 | Computer Name = TEST | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.0.1.434, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/05/2011 06:53:49 | Computer Name = TEST | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.0.1.434, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/05/2011 06:53:49 | Computer Name = TEST | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.0.1.434, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/05/2011 06:53:49 | Computer Name = TEST | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.0.1.434, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 20/03/2011 18:00:04 | Computer Name = TEST | Source = Dhcp | ID = 1002
Description = The IP address lease 120.16.249.124 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 120.16.148.125 (The DHCP
Server sent a DHCPNACK message).

Error - 21/03/2011 05:44:19 | Computer Name = TEST | Source = Dhcp | ID = 1002
Description = The IP address lease 120.16.148.124 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 120.16.83.217 (The DHCP
Server sent a DHCPNACK message).

Error - 27/03/2011 00:40:13 | Computer Name = TEST | Source = Dhcp | ID = 1002
Description = The IP address lease 120.16.187.116 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 120.16.213.145 (The DHCP
Server sent a DHCPNACK message).

Error - 27/03/2011 01:03:53 | Computer Name = TEST | Source = Dhcp | ID = 1002
Description = The IP address lease 120.16.213.146 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 120.16.12.65 (The DHCP Server
sent a DHCPNACK message).

Error - 31/03/2011 06:58:10 | Computer Name = TEST | Source = Dhcp | ID = 1002
Description = The IP address lease 120.16.37.161 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 120.16.219.217 (The DHCP
Server sent a DHCPNACK message).

Error - 01/04/2011 02:32:31 | Computer Name = TEST | Source = Dhcp | ID = 1002
Description = The IP address lease 120.16.16.226 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 120.16.105.1 (The DHCP Server
sent a DHCPNACK message).

Error - 01/04/2011 02:45:56 | Computer Name = TEST | Source = Dhcp | ID = 1002
Description = The IP address lease 120.16.105.7 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 120.16.202.130 (The DHCP
Server sent a DHCPNACK message).

Error - 01/04/2011 02:54:11 | Computer Name = TEST | Source = Dhcp | ID = 1002
Description = The IP address lease 120.16.202.129 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 120.16.3.33 (The DHCP Server
sent a DHCPNACK message).

Error - 01/04/2011 03:04:03 | Computer Name = TEST | Source = Dhcp | ID = 1002
Description = The IP address lease 120.16.3.34 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 120.16.181.162 (The DHCP
Server sent a DHCPNACK message).

Error - 02/04/2011 19:52:24 | Computer Name = TEST | Source = Dhcp | ID = 1002
Description = The IP address lease 120.16.14.96 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 120.16.165.193 (The DHCP
Server sent a DHCPNACK message).


< End of report >

harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by DragonMaster Jay on Mon 23 May 2011, 6:24 pm

I know this might be a bit difficult to understand on your end, but help me here...

This is what I was looking for. The program names are listed to the right of the equal sign in this sequenced list...please tell me if you see these in your Start Menu:

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E5FFF6-9B42-466D-B996-7D7FB54C470A}" = Brother HL-4040CN
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78522C2-C369-4F68-B278-5D6994F00B3E}" = GreekLS Classical
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F9D2AA32-11F5-4521-BABD-793EBF4BFA4D}" = Brother HL-2140
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LaserGreekUProfessional_is1" = LaserGreek Professional in Unicode v 14.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = ninemsn Internet Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by harlequin on Mon 23 May 2011, 9:06 pm

OK, I hope I'm not being too obtuse here. Let me know if it's not what you want.

Start> has shortcuts fro Firefox, Open Office, CCleaner, Notepad, Internet Explorer, Windows Media Player and Outlook Express.

Start>All Programs> has:

Accessories, which seems to contain all the usual things except that
clciking some of the contents gives the following:
Entertainment> shows (Empty) and
System Tools> Internet Explorer (no add-ons) ; nothing else shows in here.

Startup> Open Office 3.3 ; shows nothing else.

Then there are entries, with no right arrows, for
Internet Explorer
Outlook Express
Remote Assitance
Windows Media Player

Then
YouTube Downloader> seems to have everything
CCleaner> appears to have everything
Open Office.org 3.3> shows (Empty)
Windows Recovery> shows Windows Recovery only - Could be right?
avast! Free Antivirus> shows only avast! Free AnitVirus - fairly sure this should have more.

The missing programss arenot listedunder here and thereis no drop-down arrow to access them.

Please note that while
Tools> shows only IE, I was able to run System Restore and Disk Cleanup from the command line. Also, Open Office is shown as empty but I went into the folder and made a shortcut and placed it on the desktop. All the various programs are certainly there.


harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by DragonMaster Jay on Tue 24 May 2011, 8:01 pm

I must go with the same recommendation as the rest of my community of experts to reinstall each of the programs that you want to show up in the Start menu.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by harlequin on Wed 25 May 2011, 12:24 am

OK, shall do.

Thanks again for all the help, it is much appreciated.



harlequin

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2011-05-16
Operating System : WindowsXP SP3

View user profile

Back to top Go down

Solved Re: Alureon-G@mbr[Rtk]

Post by Sponsored content Today at 11:13 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum