Nick147

Members

View Profile See their activity

Posts
12
Joined
April 28, 2011
Last visited
April 29, 2011

About Nick147

Birthday 06/14/1975

Tech Info

Experience
some_experience
System: windows_vista_home

Nick147's Achievements

Newbie (1/14)

Reputation

Online banking hacked

Nick147 replied to Nick147's topic in Tech Support & Discussions Forum

Hi - thanks so much for all your help - you have been amazxing. I am working my way through the list to make my PC safer - will soon get it all done ansd hopefully will be much better educated and protected from things in the future. Thanks again, Nick
- April 29, 2011
- 21 replies
Online banking hacked

Nick147 replied to Nick147's topic in Tech Support & Discussions Forum

Yep - happy things are running fine and ready to move on to finish off the cleaning process.
- April 29, 2011
- 21 replies
Online banking hacked

Nick147 replied to Nick147's topic in Tech Support & Discussions Forum

Hi - this is the only one I had any trouble with - took a while to get this working - frozen screens etc - but did the scan and it has just finished but I can't get a log - the screen just says: Scan Results No threats found Scanned files: 199470 Infected files: 0 Cleaned files: 0 Total scan time: 01:23:46 Scan status: finished It then gives me an option to uninstall application on close.
- April 29, 2011
- 21 replies
Online banking hacked

Nick147 replied to Nick147's topic in Tech Support & Discussions Forum

Thanks both - the two notepad files from the OTL scan are here: OTL logfile created on: 29/04/2011 12:39:02 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Hawthorn\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 583.19 Gb Total Space | 389.87 Gb Free Space | 66.85% Space Free | Partition Type: NTFS Drive D: | 12.98 Gb Total Space | 1.82 Gb Free Space | 14.00% Space Free | Partition Type: NTFS Computer Name: HAWTHORNE-PC | User Name: Hawthorn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hawthorn\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe () PRC - C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) ========== Modules (SafeList) ========== MOD - C:\Users\Hawthorn\Desktop\OTL.scr (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found SRV - (gupdate) Google Update Service (gupdate) -- File not found SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MpKslb1efbda2) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E29A3074-4943-4FF4-AC38-81FE30F3E648}\MpKslb1efbda2.sys (Microsoft Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (PCDSRVC{4F253FFC-7957E8FC-06000000}_0) -- c:\Program Files\PC-Doctor for Windows\pcdsrvc.pkms (PC-Doctor, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\Windows\System32\drivers\alcan5wn.sys (THOMSON) DRV - (alcaudsl) -- C:\Windows\System32\drivers\alcaudsl.sys (THOMSON) DRV - (ASPI32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/27 22:23:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 22:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hawthorn\AppData\Roaming\mozilla\Extensions [2011/04/27 22:23:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2009/12/03 00:03:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/03/18 18:57:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2011/04/29 00:25:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe () O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [updateLBPShortCut] c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100728060044 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Hawthorn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Hawthorn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/04/29 00:31:30 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011/04/29 00:31:29 | 000,000,000 | ---D | C] -- C:\Users\Hawthorn\AppData\Local\temp [2011/04/29 00:25:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/04/29 00:14:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/04/29 00:14:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/04/29 00:14:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/04/29 00:14:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/04/29 00:14:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/04/29 00:14:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011/04/28 23:32:17 | 000,000,000 | ---D | C] -- C:\_OTL [2011/04/28 19:32:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Hawthorn\Desktop\OTL.scr [2011/04/28 17:59:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Hawthorn\Desktop\TFC.exe [2011/04/27 23:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011/04/27 23:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011/04/27 22:44:14 | 000,000,000 | ---D | C] -- C:\Users\Hawthorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011/04/27 22:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/04/27 22:23:39 | 000,000,000 | ---D | C] -- C:\Users\Hawthorn\AppData\Roaming\Mozilla [2011/04/27 22:23:39 | 000,000,000 | ---D | C] -- C:\Users\Hawthorn\AppData\Local\Mozilla [2011/04/27 22:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011/04/27 22:22:58 | 012,399,552 | ---- | C] (Mozilla) -- C:\Users\Hawthorn\Desktop\Firefox Setup 4.0.exe [2011/04/27 08:56:29 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011/04/27 08:56:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011/04/27 08:56:15 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011/04/23 11:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/04/23 11:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/04/23 11:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011/04/13 20:31:03 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011/04/13 20:31:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011/04/13 20:30:58 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/04/13 20:30:58 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011/04/13 20:30:58 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/04/13 20:30:58 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/04/13 20:30:58 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/04/13 20:30:58 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/04/13 20:30:57 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/04/13 20:30:57 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/04/13 20:30:57 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/04/13 20:30:57 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/04/13 20:30:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/04/13 20:30:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/04/13 20:30:57 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/04/13 20:30:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/04/13 20:30:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/04/13 20:30:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/04/13 20:30:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/04/13 20:30:53 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011/04/13 20:30:52 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011/04/13 20:30:48 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011/04/13 20:30:46 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/04/13 20:30:44 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/04/13 20:30:44 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011/04/12 08:41:22 | 000,000,000 | ---D | C] -- C:\Users\Hawthorn\Documents\Wondershare Streaming Video Recorder [2011/04/12 08:41:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWOW64 [2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll [2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Hawthorn\Desktop\*.tmp files -> C:\Users\Hawthorn\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/29 11:49:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/04/29 11:49:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/04/29 09:49:03 | 3209,879,552 | -HS- | M] () -- C:\hiberfil.sys [2011/04/29 00:25:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011/04/29 00:10:17 | 004,332,535 | R--- | M] () -- C:\Users\Hawthorn\Desktop\Combo-Fix1.exe [2011/04/28 22:17:49 | 000,932,400 | ---- | M] () -- C:\Users\Hawthorn\Desktop\Norton_Removal_Tool.exe [2011/04/28 21:07:06 | 000,073,216 | ---- | M] () -- C:\Users\Hawthorn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/28 19:32:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Hawthorn\Desktop\OTL.scr [2011/04/28 17:59:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Hawthorn\Desktop\TFC.exe [2011/04/28 06:56:53 | 000,002,529 | ---- | M] () -- C:\Users\Hawthorn\Desktop\HiJackThis.lnk [2011/04/27 22:43:14 | 001,402,880 | ---- | M] () -- C:\Users\Hawthorn\Desktop\HijackThis.msi [2011/04/27 22:23:36 | 000,000,872 | ---- | M] () -- C:\Users\Hawthorn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/04/27 22:23:36 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/04/27 22:23:16 | 012,399,552 | ---- | M] (Mozilla) -- C:\Users\Hawthorn\Desktop\Firefox Setup 4.0.exe [2011/04/24 08:34:13 | 000,006,028 | ---- | M] () -- C:\Users\Hawthorn\AppData\Roaming\wklnhst.dat [2011/04/23 11:54:49 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/04/15 11:16:02 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHawthorn.job [2011/04/14 07:56:31 | 000,317,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll [2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Hawthorn\Desktop\*.tmp files -> C:\Users\Hawthorn\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/29 00:14:52 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011/04/29 00:14:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/04/29 00:14:52 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011/04/29 00:14:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/04/29 00:14:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/04/29 00:10:11 | 004,332,535 | R--- | C] () -- C:\Users\Hawthorn\Desktop\Combo-Fix1.exe [2011/04/28 22:17:44 | 000,932,400 | ---- | C] () -- C:\Users\Hawthorn\Desktop\Norton_Removal_Tool.exe [2011/04/27 22:44:14 | 000,002,529 | ---- | C] () -- C:\Users\Hawthorn\Desktop\HiJackThis.lnk [2011/04/27 22:43:03 | 001,402,880 | ---- | C] () -- C:\Users\Hawthorn\Desktop\HijackThis.msi [2011/04/27 22:23:36 | 000,000,872 | ---- | C] () -- C:\Users\Hawthorn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/04/27 22:23:36 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/04/27 22:23:36 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/04/23 11:54:49 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/01/11 00:20:37 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2010/11/20 22:09:38 | 000,001,649 | ---- | C] () -- C:\Users\Hawthorn\AppData\Roaming\dvdae.config [2010/11/20 22:04:59 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini [2010/11/20 22:04:21 | 000,000,034 | ---- | C] () -- C:\Users\Hawthorn\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2010/06/30 01:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL [2010/01/01 20:19:26 | 000,028,731 | ---- | C] () -- C:\Users\Hawthorn\AppData\Roaming\UserTile.png [2009/12/13 20:05:40 | 000,006,028 | ---- | C] () -- C:\Users\Hawthorn\AppData\Roaming\wklnhst.dat [2009/12/04 11:42:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/12/04 11:42:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/11/30 18:14:47 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009/11/30 13:15:07 | 000,073,216 | ---- | C] () -- C:\Users\Hawthorn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/30 13:06:43 | 000,005,606 | ---- | C] () -- C:\Windows\System32\stci.dll [2009/11/30 13:04:01 | 000,000,680 | ---- | C] () -- C:\Users\Hawthorn\AppData\Local\d3d9caps.dat [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/06/16 19:30:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/06/16 11:52:01 | 000,009,300 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2009/06/16 11:01:08 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll [2009/06/16 11:01:08 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll [2006/11/02 13:47:37 | 000,317,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005/02/04 04:59:48 | 000,118,784 | ---- | C] () -- C:\Windows\System32\metaflac.exe [2005/02/04 04:59:44 | 000,217,088 | ---- | C] () -- C:\Windows\System32\flac.exe < End of report > And: OTL Extras logfile created on: 29/04/2011 12:39:02 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Hawthorn\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 583.19 Gb Total Space | 389.87 Gb Free Space | 66.85% Space Free | Partition Type: NTFS Drive D: | 12.98 Gb Total Space | 1.82 Gb Free Space | 14.00% Space Free | Partition Type: NTFS Computer Name: HAWTHORNE-PC | User Name: Hawthorn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{086C0AF9-53AF-41CF-AC1F-32B48D4C7B6A}" = lport=139 | protocol=6 | dir=in | app=system | "{109696BE-3E83-40C1-8D42-180C36F47B1A}" = lport=445 | protocol=6 | dir=in | app=system | "{25DB9E11-4D0E-4DE0-A3D3-C6883CF357F7}" = rport=139 | protocol=6 | dir=out | app=system | "{28BF3C60-F019-45F9-8FE2-5D73EC2F3E9C}" = rport=137 | protocol=17 | dir=out | app=system | "{2B082DF2-8C68-4F80-A1F9-F153232575D2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5AAA6247-14C2-44B7-B785-33A0B18807C7}" = rport=445 | protocol=6 | dir=out | app=system | "{AD2DA5E0-353F-49C1-B4A5-5161339EFA3F}" = lport=137 | protocol=17 | dir=in | app=system | "{BE88A68A-D301-4295-BC6C-B8DD374879C5}" = lport=138 | protocol=17 | dir=in | app=system | "{C38C16C1-AECB-47B8-BFB9-40C4236B786C}" = rport=138 | protocol=17 | dir=out | app=system | "{C3F41F2D-CD08-460E-A5B7-C74A9E599AEF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1065F8B4-7B97-420D-A4D9-25F5C0A00E96}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{14F40AEB-F7AA-4CC0-9E2C-4CEEF409216A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{15C17941-A575-4917-92DD-CF7D6F88767B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{1672DEDB-A365-4210-9099-91431097BE82}" = protocol=6 | dir=in | app=c:\users\hawthorn\appdata\local\temp\7zscc57.tmp\symnrt.exe | "{308BB295-DC95-46CC-A780-6DD5652E82F1}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{33DA1158-4DB3-41E5-B9A7-0B78A4370CEE}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{361FBC7E-AB26-446F-A57A-AEB4AB0FDAC5}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{3D64A585-B95D-40A8-B731-EEAC9B02FF3F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{427F587D-D3A6-4142-A128-AF392E63E65F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{4FE38CF0-677C-4D27-BB2B-E2822C610876}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{53436E19-E608-4DC3-945F-E057C12F0094}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{5A431749-C09B-4EE9-B7C3-7031C00A5E2A}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{68925BD8-593D-4E32-B21A-F88C26CDDC92}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{6D49EA74-8D0B-422F-BA9A-5F6D11886588}" = protocol=17 | dir=in | app=c:\users\hawthorn\desktop\audioconverter_setup.exe | "{70A77100-15DC-4FEB-9A3A-8D8B234B5AE9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7CBA89ED-4BDE-43FF-948D-5C93995A3BD4}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{8217C5BF-BC73-4BB6-B795-2B9728E595BC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{85B5B1CD-68EF-40F2-82D7-12792B1EC125}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{973A0764-472F-4098-A79C-C6F044B5F8AE}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{9FA36AE3-D53F-4522-B87D-6019E75B492D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{A0ED2407-3306-49AE-BAEC-83C98D2B94E0}" = dir=in | app=c:\program files\itunes\itunes.exe | "{AEF51EE7-D43D-42A8-8840-C4C873156A6F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | "{AF4C6573-9B35-4CAE-8DB6-3A72C8F21AAE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B2B89773-6AAE-415B-88B4-E09CF192B502}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{C40678ED-2B59-4351-B12F-C6032034750C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CE5DD0AA-B329-430C-B492-9E4D90A453E6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{D34FB656-88AC-4170-8342-804B8155F3D3}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe | "{D8880645-3237-4B58-ACF6-9A5499F4DA26}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | "{DAF2B2F5-288F-40EF-844F-EB02231BAB1D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{DD8E3877-BF12-4015-B039-2743528C9CD2}" = protocol=17 | dir=in | app=c:\users\hawthorn\appdata\local\temp\7zscc57.tmp\symnrt.exe | "{E656437E-D496-4FA9-8FC3-FB833CBD91EF}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | "{E855CC10-9B5D-4FEF-8ED7-6AC1922F1B88}" = protocol=6 | dir=in | app=c:\users\hawthorn\desktop\audioconverter_setup.exe | "{EAC67776-0C17-40B0-9F15-30105F153D05}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | "TCP Query User{112E744C-D470-412A-89FE-81F79790F220}C:\program files\speedtouch\dr speedtouch\drst.exe" = protocol=6 | dir=in | app=c:\program files\speedtouch\dr speedtouch\drst.exe | "TCP Query User{2A53FD6A-2809-46AE-8641-DDB85B0FC3FA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{892652AF-2D7A-4B94-8777-1CF509364A67}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{CF6948CF-1694-4505-8C3B-B4AD5587A1C1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{F546FB83-0CEB-428E-ACB1-8FA20AD90B3E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{2624E9A8-B13D-4B27-A493-F5BE0C196680}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{6A90F574-282B-4591-91DF-4CEF336F57EA}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{6DF8F322-7557-4E17-8C73-44C760F0EA2C}C:\program files\speedtouch\dr speedtouch\drst.exe" = protocol=17 | dir=in | app=c:\program files\speedtouch\dr speedtouch\drst.exe | "UDP Query User{DC2043D5-CCF0-4A33-8234-D49FB4491905}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{DFAE34F3-EAD2-47CF-8191-C5FD93B0B8F6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18 "{290CA856-3737-4874-864B-BA142F4823C8}_is1" = HP MediaSmart Demo "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FAB9CD-D1A8-44DC-9B61-38B135E26E67}_is1" = Ask Default Search "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client "{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software "{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1 "{9F73FDEF-DDC1-4307-9D96-13AB3254641A}_is1" = Doctor Who: The Adventure Games "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS "{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FF202088-CF66-4DCA-B1C3-185E7044CEE6}" = HP MediaSmart SmartMenu "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.57 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9 "AOL Toolbar" = AOL Toolbar 5.0 "BookSmart® 2.9.5 2.9.5" = BookSmart® 2.9.5 2.9.5 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EasyBits Magic Desktop" = Magic Desktop "FLAC" = FLAC Installer 1.1.2a (remove only) "HDMI" = Intel® Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaCoder Audio Edition" = MediaCoder Audio Edition 0.7.2.4530 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 4.0 (x86 en-GB)" = Mozilla Firefox 4.0 (x86 en-GB) "NewzToolz_is1" = NewzToolz v1.0.1 "OfficeTrial" = Microsoft Office Home and Student 60 day trial "PC-Doctor for Windows" = Hardware Diagnostic Tools "pywin32-py2.6" = Python 2.6 pywin32-212 "Security Task Manager" = Security Task Manager 1.8c "uTorrent" = µTorrent "WildTangent hp Master Uninstall" = HP Games ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27/04/2011 15:58:57 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27/04/2011 15:58:57 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27/04/2011 15:58:58 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27/04/2011 15:59:09 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27/04/2011 15:59:29 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27/04/2011 15:59:43 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27/04/2011 15:59:59 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27/04/2011 16:00:16 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27/04/2011 16:00:45 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27/04/2011 16:00:52 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 28/04/2011 18:31:43 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28/04/2011 18:32:17 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7031 Description = Error - 28/04/2011 18:36:06 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28/04/2011 19:16:18 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7030 Description = Error - 28/04/2011 19:21:25 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7030 Description = Error - 28/04/2011 19:23:52 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7030 Description = Error - 28/04/2011 19:23:58 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7030 Description = Error - 28/04/2011 19:28:38 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28/04/2011 22:01:19 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 29/04/2011 04:51:40 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7000 Description = < End of report >
- April 29, 2011
- 21 replies
Online banking hacked

Nick147 replied to Nick147's topic in Tech Support & Discussions Forum

Morning - shut down and re-started and went to the lloyds site via google this morning and the hoax screens have gone and all seems fine. I logged on to my site in the normal way - all secure, nothing odd, was abel to bank and logged off. Thank you so much - I wouldn't have had a prayer! What a great resource a site like this is and people like you. The on;y thing which appears different on my system is that when I start up, a pop up comes up saying that some start up programmes have been blocked -there is a little white box in the icon tray with a no entry style sign in the bottom left corner. When I click on it andother pop up offers options - "show or remove blocked start up programmes", "Run blocked programe", "view help" and "exit". If I click on the show and remove option I get a system configuration menu which opens at "start up" and a list of programmes and option to enable all or disable all etc. Not sure what that is all about but I take it it is nothing sinister? Anything else I should do or do you think I am good to go? Any other advise aside from avoiding UTorrent and similar file sharing software? Thanks again.
- April 29, 2011
- 21 replies
Online banking hacked

Nick147 replied to Nick147's topic in Tech Support & Discussions Forum

Hi - thanks - I have done that and the log is below. If you do happen to reply before morning, am I ok to switch the machine off and pick up next steps tomorrow, or should I keep the machine running? If you don't reply, I will keep it running to be on the safe side! Log: ComboFix 11-04-28.01 - Hawthorn 29/04/2011 0:17.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1981 [GMT 1:00] Running from: c:\users\Hawthorn\Desktop\Combo-Fix1.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Hawthorn\hosts c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 ))))))))))))))))))))))))))))))) . . 2011-04-28 22:38 . 2011-04-28 22:38 5472 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2011-04-28 22:32 . 2011-04-28 22:32 -------- d-----w- C:\_OTL 2011-04-28 21:35 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4600B408-173A-414E-9DAE-FC23F72DD493}\mpengine.dll 2011-04-27 22:11 . 2011-04-28 21:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-04-27 22:11 . 2011-04-28 17:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-04-27 21:44 . 2011-04-27 21:44 388096 ----a-r- c:\users\Hawthorn\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-04-27 21:44 . 2011-04-27 21:44 -------- d-----w- c:\program files\Trend Micro 2011-04-27 21:23 . 2011-04-27 21:23 -------- d-----w- c:\users\Hawthorn\AppData\Local\Mozilla 2011-04-27 07:56 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-04-27 07:56 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-04-27 07:56 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-04-23 10:54 . 2011-04-23 10:54 -------- d-----w- c:\program files\iPod 2011-04-23 10:52 . 2011-04-23 10:52 -------- d-----w- c:\program files\Bonjour 2011-04-13 19:31 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll 2011-04-13 19:31 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-04-12 07:41 . 2011-04-12 07:41 -------- d-----w- c:\windows\SysWOW64 2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-04-05 17:09 . 2011-01-26 19:01 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D44C2CF-979D-4F7D-855F-F63DF4A88AE8}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-11 07:04 . 2010-12-07 07:50 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-03-03 15:40 . 2011-04-27 07:56 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 15:40 . 2011-04-27 07:56 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 15:40 . 2011-04-27 07:56 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 15:40 . 2011-04-27 07:56 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2011-02-22 14:13 . 2011-03-22 18:26 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-22 13:33 . 2011-03-22 18:26 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-02-22 13:33 . 2011-03-22 18:26 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-02-18 16:36 . 2011-02-18 16:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-03-18 17:57 . 2011-04-27 21:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-11-30 289584] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-22 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-09 185640] "hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-17 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-17 173592] "HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 143360] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-17 150552] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 MpKslbc782ccd;MpKslbc782ccd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4600B408-173A-414E-9DAE-FC23F72DD493}\MpKslbc782ccd.sys [x] R1 MpKslf8e16574;MpKslf8e16574;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4600B408-173A-414E-9DAE-FC23F72DD493}\MpKslf8e16574.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360] R3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc.pkms [2009-02-02 20848] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Contents of the 'Scheduled Tasks' folder . 2011-04-15 c:\windows\Tasks\HPCeeScheduleForHawthorn.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-06-16 17:17] . 2011-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 19:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=Pavilion&pf=cndt IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100728060044 FF - ProfilePath - c:\users\Hawthorn\AppData\Roaming\Mozilla\Firefox\Profiles\bv2rwo3p.default\ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SmartMenu - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{4F253FFC-7957E8FC-06000000}_0] "ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc.pkms" . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe c:\windows\system32\igfxsrvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\progra~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE c:\windows\system32\wbem\unsecapp.exe c:\program files\iPod\bin\iPodService.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2011-04-29 00:31:27 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-28 23:30 . Pre-Run: 419,468,144,640 bytes free Post-Run: 419,078,832,128 bytes free . - - End Of File - - 03CEED81ED15F251FC19FB41F46AB874
- April 28, 2011
- 21 replies
Online banking hacked

Nick147 replied to Nick147's topic in Tech Support & Discussions Forum

By the way, thanks for that advise on the P2P - I had no idea that was the case - I won't be downloading files using that method anymore as I used UTorrent for the first time in ages a week or so ago, just before this started so it looks like that may well have been the route. I have turned it off and will dis-install once/if I get through all this!
- April 28, 2011
- 21 replies
Online banking hacked

Nick147 replied to Nick147's topic in Tech Support & Discussions Forum

Done that, cheers - here are the two reports - new MBAM: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6467 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 28/04/2011 23:27:56 mbam-log-2011-04-28 (23-27-56).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Objects scanned: 327280 Time elapsed: 59 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F3479133-218F-D79A-E856-E82540F0D7A2} (Trojan.ZbotR.Gen) -> Value: {F3479133-218F-D79A-E856-E82540F0D7A2} -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Hawthorn\AppData\Roaming\Byyf\eknyv.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully. And the OTL fix report: All processes killed ========== OTL ========== Error: No service named rpcapd) Remote Packet Capture Protocol v.0 (experimental was found to stop! Service\Driver key rpcapd) Remote Packet Capture Protocol v.0 (experimental not found. File File not found not found. Error: No service named Norton Internet Security was found to stop! Service\Driver key Norton Internet Security not found. File File not found not found. Error: No service named gupdate) Google Update Service (gupdate was found to stop! Service\Driver key gupdate) Google Update Service (gupdate not found. File File not found not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{081230F8-EA50-42A9-983C-D22ABC2EED3B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{F3479133-218F-D79A-E856-E82540F0D7A2} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3479133-218F-D79A-E856-E82540F0D7A2}\ not found. File C:\Users\Hawthorn\AppData\Roaming\Byyf\eknyv.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\{F3479133-218F-D79A-E856-E82540F0D7A2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3479133-218F-D79A-E856-E82540F0D7A2}\ not found. ADS C:\ProgramData\Temp:30FD0CBD deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Hawthorn\Desktop\cmd.bat deleted successfully. C:\Users\Hawthorn\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Hawthorn ->Temp folder emptied: 18142648 bytes ->Temporary Internet Files folder emptied: 4723383 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 8305507 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 3051 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 5472 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17036 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 30.00 mb HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Default User: Default User User: Hawthorn ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04282011_233217 Files\Folders moved on Reboot... C:\Users\Hawthorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OJV3LO75\ads[2].htm moved successfully. C:\Users\Hawthorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OJV3LO75\r[1].htm moved successfully. C:\Users\Hawthorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OJV3LO75\search[1].htm moved successfully. C:\Users\Hawthorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\37B8702E\11638-Online-banking-hacked[1].htm moved successfully. C:\Users\Hawthorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\37B8702E\ads[2].htm moved successfully. C:\Users\Hawthorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot...
- April 28, 2011
- 21 replies
Online banking hacked

Nick147 replied to Nick147's topic in Tech Support & Discussions Forum

One other thing - the MBAM scan came up blank - but I did run that last night before finiding this forum, and it found these two files which I removed. But the virus is still there, hence this thread! The details were: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4213 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 27/04/2011 19:10:06 mbam-log-2011-04-27 (19-10-06).txt Scan type: Quick scan Objects scanned: 124424 Time elapsed: 7 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Hawthorn\AppData\Local\Temp\0.11445688886370697.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Hawthorn\AppData\Local\Temp\0.9443521808165434.exe (Trojan.Dropper) -
- April 28, 2011
- 21 replies
Online banking hacked

Nick147 replied to Nick147's topic in Tech Support & Discussions Forum

Hi Starbuck - here are the two OTL reports: OTL logfile created on: 28/04/2011 19:34:58 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Hawthorn\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 583.19 Gb Total Space | 390.85 Gb Free Space | 67.02% Space Free | Partition Type: NTFS Drive D: | 12.98 Gb Total Space | 1.82 Gb Free Space | 14.00% Space Free | Partition Type: NTFS Computer Name: HAWTHORNE-PC | User Name: Hawthorn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hawthorn\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files\u*******\u*******.exe (Bit*******, Inc.) PRC - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) PRC - C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe () PRC - C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) ========== Modules (SafeList) ========== MOD - C:\Users\Hawthorn\Desktop\OTL.scr (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found SRV - (Norton Internet Security) -- File not found SRV - (gupdate) Google Update Service (gupdate) -- File not found SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MpKsldf9da8da) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{93B5EE4A-B332-4A14-B789-7506D439D251}\MpKsldf9da8da.sys (Microsoft Corporation) DRV - (MpKsl59506e51) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{93B5EE4A-B332-4A14-B789-7506D439D251}\MpKsl59506e51.sys (Microsoft Corporation) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (PCDSRVC{4F253FFC-7957E8FC-06000000}_0) -- c:\Program Files\PC-Doctor for Windows\pcdsrvc.pkms (PC-Doctor, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\Windows\System32\drivers\alcan5wn.sys (THOMSON) DRV - (alcaudsl) -- C:\Windows\System32\drivers\alcaudsl.sys (THOMSON) DRV - (ASPI32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/27 22:23:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 22:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hawthorn\AppData\Roaming\mozilla\Extensions [2011/04/27 22:23:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2009/12/03 00:03:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/03/18 18:57:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml Hosts file not found O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe () O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4 - HKLM..\Run: [updateLBPShortCut] c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{F3479133-218F-D79A-E856-E82540F0D7A2}] C:\Users\Hawthorn\AppData\Roaming\Byyf\eknyv.exe () O4 - HKCU..\Run: [u*******] C:\Program Files\u*******\u*******.exe (Bit*******, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100728060044 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Hawthorn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Hawthorn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) MsConfig - StartUpReg: {F3479133-218F-D79A-E856-E82540F0D7A2} - hkey= - key= - C:\Users\Hawthorn\AppData\Roaming\Byyf\eknyv.exe () MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/04/28 19:32:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Hawthorn\Desktop\OTL.scr [2011/04/28 17:59:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Hawthorn\Desktop\TFC.exe [2011/04/27 23:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011/04/27 23:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011/04/27 22:44:14 | 000,000,000 | ---D | C] -- C:\Users\Hawthorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011/04/27 22:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/04/27 22:23:39 | 000,000,000 | ---D | C] -- C:\Users\Hawthorn\AppData\Roaming\Mozilla [2011/04/27 22:23:39 | 000,000,000 | ---D | C] -- C:\Users\Hawthorn\AppData\Local\Mozilla [2011/04/27 22:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011/04/27 22:22:58 | 012,399,552 | ---- | C] (Mozilla) -- C:\Users\Hawthorn\Desktop\Firefox Setup 4.0.exe [2011/04/27 08:56:29 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011/04/27 08:56:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011/04/27 08:56:15 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011/04/23 11:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/04/23 11:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/04/23 11:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011/04/13 20:31:03 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011/04/13 20:31:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011/04/13 20:30:58 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/04/13 20:30:58 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011/04/13 20:30:58 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/04/13 20:30:58 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/04/13 20:30:58 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/04/13 20:30:58 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/04/13 20:30:57 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/04/13 20:30:57 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/04/13 20:30:57 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/04/13 20:30:57 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/04/13 20:30:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/04/13 20:30:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/04/13 20:30:57 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/04/13 20:30:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/04/13 20:30:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/04/13 20:30:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/04/13 20:30:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/04/13 20:30:53 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011/04/13 20:30:52 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011/04/13 20:30:48 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011/04/13 20:30:46 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/04/13 20:30:44 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/04/13 20:30:44 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011/04/12 08:41:22 | 000,000,000 | ---D | C] -- C:\Users\Hawthorn\Documents\Wondershare Streaming Video Recorder [2011/04/12 08:41:09 | 000,034,064 | ---- | C] (CACE Technologies) -- C:\Windows\System32\drivers\npf.sys [2011/04/12 08:41:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWOW64 [2011/04/12 08:41:08 | 000,240,248 | ---- | C] (CACE Technologies) -- C:\Windows\System32\wpcap.dll [2011/04/12 08:41:08 | 000,088,704 | ---- | C] (CACE Technologies) -- C:\Windows\System32\Packet.dll [2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll [2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Hawthorn\Desktop\*.tmp files -> C:\Users\Hawthorn\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/28 19:32:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Hawthorn\Desktop\OTL.scr [2011/04/28 19:00:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/04/28 18:06:32 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/04/28 18:05:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/04/28 18:05:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/04/28 18:05:05 | 3207,802,880 | -HS- | M] () -- C:\hiberfil.sys [2011/04/28 17:59:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Hawthorn\Desktop\TFC.exe [2011/04/28 06:56:53 | 000,002,529 | ---- | M] () -- C:\Users\Hawthorn\Desktop\HiJackThis.lnk [2011/04/27 22:43:14 | 001,402,880 | ---- | M] () -- C:\Users\Hawthorn\Desktop\HijackThis.msi [2011/04/27 22:23:36 | 000,000,872 | ---- | M] () -- C:\Users\Hawthorn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/04/27 22:23:36 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/04/27 22:23:16 | 012,399,552 | ---- | M] (Mozilla) -- C:\Users\Hawthorn\Desktop\Firefox Setup 4.0.exe [2011/04/24 08:34:13 | 000,006,028 | ---- | M] () -- C:\Users\Hawthorn\AppData\Roaming\wklnhst.dat [2011/04/23 11:54:49 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/04/15 11:16:02 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHawthorn.job [2011/04/14 07:56:31 | 000,317,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll [2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Hawthorn\Desktop\*.tmp files -> C:\Users\Hawthorn\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/27 22:44:14 | 000,002,529 | ---- | C] () -- C:\Users\Hawthorn\Desktop\HiJackThis.lnk [2011/04/27 22:43:03 | 001,402,880 | ---- | C] () -- C:\Users\Hawthorn\Desktop\HijackThis.msi [2011/04/27 22:23:36 | 000,000,872 | ---- | C] () -- C:\Users\Hawthorn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/04/27 22:23:36 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/04/27 22:23:36 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/04/23 11:54:49 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/04/12 08:41:08 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2011/01/11 00:20:37 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2010/11/20 22:09:38 | 000,001,649 | ---- | C] () -- C:\Users\Hawthorn\AppData\Roaming\dvdae.config [2010/11/20 22:04:59 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini [2010/11/20 22:04:21 | 000,000,034 | ---- | C] () -- C:\Users\Hawthorn\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2010/06/30 01:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL [2010/01/01 20:19:26 | 000,028,731 | ---- | C] () -- C:\Users\Hawthorn\AppData\Roaming\UserTile.png [2009/12/13 20:05:40 | 000,006,028 | ---- | C] () -- C:\Users\Hawthorn\AppData\Roaming\wklnhst.dat [2009/12/04 11:42:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/12/04 11:42:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/11/30 18:14:47 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009/11/30 13:15:07 | 000,071,168 | ---- | C] () -- C:\Users\Hawthorn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/30 13:06:43 | 000,005,606 | ---- | C] () -- C:\Windows\System32\stci.dll [2009/11/30 13:04:01 | 000,000,680 | ---- | C] () -- C:\Users\Hawthorn\AppData\Local\d3d9caps.dat [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/06/16 19:30:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/06/16 11:52:01 | 000,009,300 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2009/06/16 11:01:08 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll [2009/06/16 11:01:08 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll [2006/11/02 13:47:37 | 000,317,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005/02/04 04:59:48 | 000,118,784 | ---- | C] () -- C:\Windows\System32\metaflac.exe [2005/02/04 04:59:44 | 000,217,088 | ---- | C] () -- C:\Windows\System32\flac.exe ========== LOP Check ========== [2009/12/25 19:14:05 | 000,000,000 | ---D | M] -- C:\Users\Hawthorn\AppData\Roaming\Amazon [2009/11/30 21:15:08 | 000,000,000 | ---D | M] -- C:\Users\Hawthorn\AppData\Roaming\Broad Intelligence [2010/02/24 22:22:31 | 000,000,000 | ---D | M] -- C:\Users\Hawthorn\AppData\Roaming\Byyf [2010/06/19 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\Hawthorn\AppData\Roaming\Doctor Who [2011/04/28 17:58:47 | 000,000,000 | ---D | M] -- C:\Users\Hawthorn\AppData\Roaming\Epeve [2010/01/01 20:19:26 | 000,000,000 | ---D | M] -- C:\Users\Hawthorn\AppData\Roaming\PeerNetworking [2009/12/13 20:05:41 | 000,000,000 | ---D | M] -- C:\Users\Hawthorn\AppData\Roaming\Template [2011/04/28 19:36:53 | 000,000,000 | ---D | M] -- C:\Users\Hawthorn\AppData\Roaming\u******* [2009/11/30 19:20:06 | 000,000,000 | ---D | M] -- C:\Users\Hawthorn\AppData\Roaming\WildTangent [2010/12/05 11:07:31 | 000,000,000 | ---D | M] -- C:\Users\Hawthorn\AppData\Roaming\WinBatch [2011/01/11 00:25:26 | 000,000,000 | ---D | M] -- C:\Users\Hawthorn\AppData\Roaming\Xilisoft [2011/04/18 15:01:59 | 000,000,000 | ---D | M] -- C:\Users\Hawthorn\AppData\Roaming\_MDLogs [2011/02/28 19:55:38 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2011/04/28 18:04:18 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009/11/30 20:17:03 | 000,001,278 | ---- | M] () -- C:\Ask & Record Toolbar Setup Log.txt [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2009/06/16 19:23:11 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010/12/12 12:17:43 | 000,000,375 | ---- | M] () -- C:\FINIS_IT.TXT [2011/04/28 18:05:05 | 3207,802,880 | -HS- | M] () -- C:\hiberfil.sys [2011/04/28 18:05:04 | 3523,690,496 | -HS- | M] () -- C:\pagefile.sys [2011/04/27 22:56:24 | 000,000,403 | ---- | M] () -- C:\rkill.log [2009/06/16 11:36:45 | 000,000,349 | ---- | M] () -- C:\updatedatfix.log [2008/08/26 13:37:52 | 000,000,458 | ---- | M] () -- C:\Windows Sidebar < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\MpNWMon.sys < %systemroot%\system32\*.exe /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\* > [2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/18 18:57:04 | 000,711,624 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/18 18:57:04 | 000,711,624 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/18 18:57:04 | 000,711,624 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/18 18:57:02 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/18 18:57:02 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/18 18:57:02 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/02/22 05:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/02/22 05:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/02/22 05:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/22 07:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/02/22 07:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/18 18:57:04 | 000,711,624 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/18 18:57:04 | 000,711,624 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/18 18:57:04 | 000,711,624 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/18 18:57:02 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/18 18:57:02 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/18 18:57:02 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/02/22 05:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/02/22 05:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/02/22 05:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/22 07:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/02/22 07:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== And: OTL Extras logfile created on: 28/04/2011 19:34:58 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Hawthorn\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 583.19 Gb Total Space | 390.85 Gb Free Space | 67.02% Space Free | Partition Type: NTFS Drive D: | 12.98 Gb Total Space | 1.82 Gb Free Space | 14.00% Space Free | Partition Type: NTFS Computer Name: HAWTHORNE-PC | User Name: Hawthorn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{086C0AF9-53AF-41CF-AC1F-32B48D4C7B6A}" = lport=139 | protocol=6 | dir=in | app=system | "{109696BE-3E83-40C1-8D42-180C36F47B1A}" = lport=445 | protocol=6 | dir=in | app=system | "{25DB9E11-4D0E-4DE0-A3D3-C6883CF357F7}" = rport=139 | protocol=6 | dir=out | app=system | "{28BF3C60-F019-45F9-8FE2-5D73EC2F3E9C}" = rport=137 | protocol=17 | dir=out | app=system | "{2B082DF2-8C68-4F80-A1F9-F153232575D2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5AAA6247-14C2-44B7-B785-33A0B18807C7}" = rport=445 | protocol=6 | dir=out | app=system | "{AD2DA5E0-353F-49C1-B4A5-5161339EFA3F}" = lport=137 | protocol=17 | dir=in | app=system | "{BE88A68A-D301-4295-BC6C-B8DD374879C5}" = lport=138 | protocol=17 | dir=in | app=system | "{C38C16C1-AECB-47B8-BFB9-40C4236B786C}" = rport=138 | protocol=17 | dir=out | app=system | "{C3F41F2D-CD08-460E-A5B7-C74A9E599AEF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1065F8B4-7B97-420D-A4D9-25F5C0A00E96}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{14F40AEB-F7AA-4CC0-9E2C-4CEEF409216A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{15C17941-A575-4917-92DD-CF7D6F88767B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{308BB295-DC95-46CC-A780-6DD5652E82F1}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{33DA1158-4DB3-41E5-B9A7-0B78A4370CEE}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{361FBC7E-AB26-446F-A57A-AEB4AB0FDAC5}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{3D64A585-B95D-40A8-B731-EEAC9B02FF3F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{427F587D-D3A6-4142-A128-AF392E63E65F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{4FE38CF0-677C-4D27-BB2B-E2822C610876}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{53436E19-E608-4DC3-945F-E057C12F0094}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{5A431749-C09B-4EE9-B7C3-7031C00A5E2A}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{68925BD8-593D-4E32-B21A-F88C26CDDC92}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{6D49EA74-8D0B-422F-BA9A-5F6D11886588}" = protocol=17 | dir=in | app=c:\users\hawthorn\desktop\audioconverter_setup.exe | "{70A77100-15DC-4FEB-9A3A-8D8B234B5AE9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7CBA89ED-4BDE-43FF-948D-5C93995A3BD4}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{8217C5BF-BC73-4BB6-B795-2B9728E595BC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{85B5B1CD-68EF-40F2-82D7-12792B1EC125}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{973A0764-472F-4098-A79C-C6F044B5F8AE}" = protocol=17 | dir=in | app=c:\program files\u*******\u*******.exe | "{9FA36AE3-D53F-4522-B87D-6019E75B492D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{A0ED2407-3306-49AE-BAEC-83C98D2B94E0}" = dir=in | app=c:\program files\itunes\itunes.exe | "{AEF51EE7-D43D-42A8-8840-C4C873156A6F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | "{AF4C6573-9B35-4CAE-8DB6-3A72C8F21AAE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B2B89773-6AAE-415B-88B4-E09CF192B502}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{C40678ED-2B59-4351-B12F-C6032034750C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CE5DD0AA-B329-430C-B492-9E4D90A453E6}" = protocol=6 | dir=in | app=c:\program files\u*******\u*******.exe | "{D34FB656-88AC-4170-8342-804B8155F3D3}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe | "{D8880645-3237-4B58-ACF6-9A5499F4DA26}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | "{DAF2B2F5-288F-40EF-844F-EB02231BAB1D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{E656437E-D496-4FA9-8FC3-FB833CBD91EF}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | "{E855CC10-9B5D-4FEF-8ED7-6AC1922F1B88}" = protocol=6 | dir=in | app=c:\users\hawthorn\desktop\audioconverter_setup.exe | "{EAC67776-0C17-40B0-9F15-30105F153D05}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | "TCP Query User{112E744C-D470-412A-89FE-81F79790F220}C:\program files\speedtouch\dr speedtouch\drst.exe" = protocol=6 | dir=in | app=c:\program files\speedtouch\dr speedtouch\drst.exe | "TCP Query User{892652AF-2D7A-4B94-8777-1CF509364A67}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{CF6948CF-1694-4505-8C3B-B4AD5587A1C1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{F546FB83-0CEB-428E-ACB1-8FA20AD90B3E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{2624E9A8-B13D-4B27-A493-F5BE0C196680}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{6A90F574-282B-4591-91DF-4CEF336F57EA}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{6DF8F322-7557-4E17-8C73-44C760F0EA2C}C:\program files\speedtouch\dr speedtouch\drst.exe" = protocol=17 | dir=in | app=c:\program files\speedtouch\dr speedtouch\drst.exe | "UDP Query User{DC2043D5-CCF0-4A33-8234-D49FB4491905}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18 "{290CA856-3737-4874-864B-BA142F4823C8}_is1" = HP MediaSmart Demo "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FAB9CD-D1A8-44DC-9B61-38B135E26E67}_is1" = Ask Default Search "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client "{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software "{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1 "{9F73FDEF-DDC1-4307-9D96-13AB3254641A}_is1" = Doctor Who: The Adventure Games "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS "{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FF202088-CF66-4DCA-B1C3-185E7044CEE6}" = HP MediaSmart SmartMenu "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.57 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9 "AOL Toolbar" = AOL Toolbar 5.0 "BookSmart® 2.9.5 2.9.5" = BookSmart® 2.9.5 2.9.5 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EasyBits Magic Desktop" = Magic Desktop "FLAC" = FLAC Installer 1.1.2a (remove only) "HDMI" = Intel® Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaCoder Audio Edition" = MediaCoder Audio Edition 0.7.2.4530 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 4.0 (x86 en-GB)" = Mozilla Firefox 4.0 (x86 en-GB) "NewzToolz_is1" = NewzToolz v1.0.1 "OfficeTrial" = Microsoft Office Home and Student 60 day trial "PC-Doctor for Windows" = Hardware Diagnostic Tools "pywin32-py2.6" = Python 2.6 pywin32-212 "Security Task Manager" = Security Task Manager 1.8c "sp44626" = sp44626 "u*******" = µ******* "WildTangent hp Master Uninstall" = HP Games ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 25/04/2011 03:56:17 | Computer Name = Hawthorne-PC | Source = WinMgmt | ID = 10 Description = Error - 25/04/2011 09:52:24 | Computer Name = Hawthorne-PC | Source = WinMgmt | ID = 10 Description = Error - 25/04/2011 10:58:16 | Computer Name = Hawthorne-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.19048, time stamp 0x4d633f27, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x210fbdb5, process id 0xb10, application start time 0x01cc0351f7f4add2. Error - 25/04/2011 18:09:07 | Computer Name = Hawthorne-PC | Source = Application Hang | ID = 1002 Description = The program iTunes.exe version 10.2.2.12 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: e24 Start Time: 01cc0363418d7fb2 Termination Time: 5 Error - 26/04/2011 02:40:04 | Computer Name = Hawthorne-PC | Source = WinMgmt | ID = 10 Description = Error - 26/04/2011 19:15:42 | Computer Name = Hawthorne-PC | Source = WinMgmt | ID = 10 Description = Error - 27/04/2011 03:45:53 | Computer Name = Hawthorne-PC | Source = WinMgmt | ID = 10 Description = Error - 27/04/2011 04:43:03 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27/04/2011 04:43:03 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27/04/2011 04:43:41 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 27/04/2011 22:00:34 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 28/04/2011 08:43:17 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 28/04/2011 08:50:35 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28/04/2011 08:52:36 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28/04/2011 12:27:57 | Computer Name = Hawthorne-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 28/04/2011 12:56:37 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28/04/2011 12:58:37 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28/04/2011 13:00:48 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7031 Description = Error - 28/04/2011 13:05:35 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28/04/2011 13:07:36 | Computer Name = Hawthorne-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Also - here is the Log from the MBAM run: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4213 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 28/04/2011 19:19:15 mbam-log-2011-04-28 (19-19-15).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Objects scanned: 303839 Time elapsed: 1 hour(s), 10 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:30FD0CBD < End of report >
- April 28, 2011
- 21 replies
Online banking hacked

Nick147 replied to Nick147's topic in Tech Support & Discussions Forum

Many thanks Starbuck - I'll do that.
- April 28, 2011
- 21 replies
Online banking hacked

Nick147 posted a topic in Tech Support & Discussions Forum

Hello, my first post here, or on any PC help forum for that matter. I really hope some folks here may be able to help me. It appears that my online banking has been hacked. Suddenly, two days ago, the lloydstsb website (which was a favourite link) started asking me for more info than usual about me and my account. I phoned the bank and they said it was a hoax site which looks identical to thiers. It appears someone is waiting for me to input these details and "pharm" them etc. So - how do I get rid of it?! I saw the guide on this site and I will go through all of those steps when I get in tonight, but I thought it might be useful to say what I have done so far etc and prepare for some help! I deleted the link - tried keying in "http lloydstsb" etc but still got the hoax site. I tried opening up in Firefox instead of IE but still the same problem. I did a full scan using windows essentials and it found nothing. I did the same with malwarebytes thing and got nothing. I downloaded SpyBot and ran that and nothing. I poked about in start up and windows system32 files and found nothing. I downloaded a programme called HiJack this but couldn't make head nor tail of it! Still whenever I try and go to the lloyds site I only get the hoax site. I clearly have some sophisticated trojan/virus inbedded and I need some help to get rid of it. Any help much appreciated. I am at work at the moment so can't do anything on my home PC until tonight. I will go through the steps and create the logs detailed on this forum and post the details on this thread to help anyone who can try and help me. Cheers, Nick
- April 28, 2011
- 21 replies

Sign In

Nick147

Posts

Joined

Last visited

About Nick147

Tech Info

Nick147's Achievements

Newbie (1/14)

Reputation

Online banking hacked

Online banking hacked

Online banking hacked

Online banking hacked

Online banking hacked

Online banking hacked

Online banking hacked

Online banking hacked

Online banking hacked

Online banking hacked

Online banking hacked

Online banking hacked

Browse

Activity

Site Info