asmoeone

Thanks guys. I don't fancy trying to sort out the partitioning/restore, so I'm tracking down some disks. In the meantime I've discovered an apparent issue with performance on the router's LAN ports. I might well be back...

Hello, It's a beautiful sunny day here. Unfortunately I've spent most of it unsuccessfully trying to fix my father's Dell Dimension 3000 (Win XP), which has gradually become unusably slow for web browsing. I've tried most of the things I can think of to speed it up (see below), without any success. Finally I've tried and failed to restore the machine to factory state using the Dell PC Restore process. I would really appreciate some advice with either - 1. fixing the slow internet issue directly, and/or 2. restoring the machine to factory status -------- Actions/Observations/Clues: All browsers are running slow on this PC. Other apps seem fine. Another PC using the same modem/router and internet connection runs fine. I tried running Firefox with all add-ons disabled. I reinstalled Firefox I checked Windows is up to date I uninstalled extraneous software I installed and ran CCleaner, (removed unused files, cleaned registry, disabled unrequired startup processes) I ran disk defrag I uninstalled McAfee security software (using their own uninstaller, not without issue) and replaced with MS Security Essentials I noted in Device manager that there are still several entries for McAfee Core NDIS Intermediate Filter Miniports with status disabled. I installed MBAM and ran full scan I updated the network adapter driver I upgraded RAM from 512 to 1Gb, since available physical memory showed only around 15-20%. This sped up PC, but not browser. I uninstalled all AOL software (7 programs!) Finally, I tried to access Dell PC Restore via Ctrl+F11 on Dell startup screen. I noted no such Dell startup screen is displayed, but managed to access it anyway. Received message that restore could not be done because of a system change. I found a useful resource here that seems to explain this as being caused by changes having been made to the hard disk partitions (changes apparently made ages ago by some passing acquaintance of my Dad's e.g. setting up extended partition with swap and temp drives etc.). I looked at partitions in Explorer. I noticed there is a "Ghost" partition (seemingly empty), some Norton Ghost 2003 files (seemingly only installation files), and no entry for Ghost in add/remove programs, so it doesn't appear to me that Ghost2003 is active. I looked at partitions in Windows Disk management. The partition in position 4 shows as FAT32, 2.75Gb, 30%free, whilst the same partition shows in PartitionMagic as Local Disk, CP/M, Concurrent DOS, CTOS, 2.8Gb, unused=0 I don't understand what this partition is. I hope it contains the image for the Dell PC Restore, but I don't know how to confirm this and it would be good to know that's what it is before I embark on trying to get the Dell PC Restore working again, if that's even a good idea. Thanks for taking the time, John

Hello, I'm fairly new to networks of any kind, and struggling a bit with my early stages research, so any pointers are welcome. Currently my father has a desktop, in the study, with an ethernet connection to a (wireless-enabled) broadband router. He also has a netbook that he'd like to use wirelessly, in other downstairs rooms, but the walls in his house are too thick. My mother wants to get a computer that she'd also use in the study. And the lodger would like to use the internet connection from the attic. The primary requirement is for shared use of the internet connection, but other network benefits (printer, shared files) could be a secondary benefit. My thinking so far is going like this - To enable the netbook with wireless, downstairs, I was wondering if I could use a powerline network with a wireless adapter (range extender) in each room. It sounds good to me, though Netgear and others seem to be discontinuing them. To enable my mother's new computer, I'm considering using a direct ethernet connection to the broadband router. To enable the lodger in the attic (which is probably on a different power circuit to downstairs) I'm wondering if I could use some kind of phoneline or (TV coax) network, so I don't have to rewire the house (HomePNA sounds promising). All these seem like they might be possible, but I'm not sure I'm on the best track and can't quite figure out what products I'd need to connect it all together, particuarly how the phone extension in the attic would connect to the broadband router (preferably without needing to rely on going via the desktop). I'm already thinking my plan sounds expensive with all these different types of network... Thanks for any advice.

Done. Many, many thanks for your help. The process has been a pleasure for me and I'm frankly amazed to have received such professional and timely assistance, all volunteered for nothing. I shall be visiting the donation page for the site.

Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4274 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 04/07/2010 14:17:19 mbam-log-2010-07-04 (14-17-19).txt Scan type: Full scan (C:\|) Objects scanned: 163170 Time elapsed: 50 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

I'm embarrassed to admit that when I opened my browser I realised my wireless connection was still disabled. Could have had something to do with the update problem... Anyway, MBAM reinstalled. Scan run. "no malicious items were detected".

I'd understood that having an open internet connection without a firewall was very risky, even for a short period? Well I guess I trust you because I tried it. The update gave the same error. I checked the MBAM forums, and they seem to point to an uninstall / "mbam-clean.exe" utility / reinstall. Heard of it?

I can, of course, bear with it. And I'm glad you can too. When trying to update MBAM, I get the error message - "An error has occurred. Please report this error code to our support team. MBAM_ERROR_UPDATING (12007,0,WinHttpSendRequest)". I suppose this could be malware related. I tried disabling MS Security Essentials, but this made no difference. What do you reckon?

Indeed it does. As far as I can see things are completely back to normal. It looks like our work here is finished?

Doh. Let's try this one... ---------------------- All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Chunky ->Temp folder emptied: 48966 bytes ->Temporary Internet Files folder emptied: 552062 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 22037488 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 2286 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2089 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 2258 bytes Total Files Cleaned = 22.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Chunky ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.7.0 log created on 07032010_165308 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

Oh, and fyi, uTorrent client is now uninstalled. I tried this recently to see what torrenting was all about (yes, I'm that far behind the curve). I'd pretty much decided not to use it further, so you helped me nail that coffin shut.

Things are looking much better... EST scan found nothing, zilch, hence no log. OTL fix report below... ----------------------------------- OTL logfile created on: 03/07/2010 15:06:16 - Run 2 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Chunky\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,023.00 Mb Total Physical Memory | 615.00 Mb Available Physical Memory | 60.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 20.93 Gb Free Space | 56.18% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: 9FDD52CB Current User Name: Chunky Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Chunky\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Documents and Settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Chunky\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) ========== Driver Services (SafeList) ========== DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.) DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (OZSCR) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro) DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.startup.homepage: "http://mail.yahoo.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 41 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 12:07:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 21:19:46 | 000,000,000 | ---D | M] [2008/08/16 16:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Extensions [2010/06/28 14:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions [2010/06/06 23:26:10 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010/05/01 09:59:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/08/28 22:10:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/06/28 14:08:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/20 11:48:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll [2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll [2008/12/10 10:32:56 | 000,091,520 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/06/07 18:09:44 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010/04/20 11:27:52 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/04/20 11:27:52 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/04/20 11:27:52 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/04/20 11:27:52 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/07/03 13:27:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Chunky\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKCU\..Trusted Domains: internet ([]about in Internet) O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218572172906 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/11 23:45:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/03 13:39:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/07/03 13:37:27 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\OTL.exe [2010/07/03 13:37:21 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\TFC.exe [2010/07/03 08:57:53 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/07/03 08:45:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/07/03 08:45:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/07/03 08:45:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/07/03 08:45:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/07/03 08:45:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/07/03 08:43:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/07/02 20:43:27 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Chunky\Desktop\TDSSKiller.exe [2010/07/01 12:24:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/07/01 12:24:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/07/01 12:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/07/01 11:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010/07/01 08:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/07/01 08:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/06/25 08:24:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/06/25 08:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Local Settings\Application Data\PCHealth [2010/06/25 08:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2010/06/20 17:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Local Settings\Application Data\Spotify [2010/06/20 17:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Application Data\Spotify [2010/06/20 17:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify [2010/06/17 11:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Local Settings\Application Data\Bit Computing [2010/06/09 10:14:23 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010/06/07 18:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\My Documents\Downloads [2010/06/07 18:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software ========== Files - Modified Within 30 Days ========== [2010/07/03 14:56:06 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/07/03 13:46:29 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/07/03 13:41:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/07/03 13:40:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/07/03 13:40:45 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/07/03 13:40:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/07/03 13:40:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/07/03 13:39:34 | 003,993,600 | ---- | M] () -- C:\Documents and Settings\Chunky\ntuser.dat [2010/07/03 13:39:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chunky\ntuser.ini [2010/07/03 13:35:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\OTL.exe [2010/07/03 13:32:58 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\TFC.exe [2010/07/03 13:27:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/07/03 13:27:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/07/03 08:58:40 | 000,315,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/07/03 08:58:40 | 000,041,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/07/03 08:58:38 | 000,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/07/03 08:58:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010/07/02 20:43:30 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Chunky\Desktop\TDSSKiller.exe [2010/07/02 20:40:06 | 003,725,496 | R--- | M] () -- C:\Documents and Settings\Chunky\Desktop\Combo-Fix.exe [2010/07/02 20:39:30 | 000,981,780 | ---- | M] () -- C:\Documents and Settings\Chunky\Desktop\tdsskiller.zip [2010/07/01 11:38:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/30 18:12:04 | 000,033,148 | ---- | M] () -- C:\Documents and Settings\Chunky\Desktop\Inventory.docx [2010/06/20 17:10:29 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Chunky\Desktop\Spotify.lnk [2010/06/09 12:38:33 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/09 11:25:19 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK ========== Files Created - No Company Name ========== [2010/07/03 08:58:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/07/03 08:57:58 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/07/03 08:45:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/07/03 08:45:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/07/03 08:45:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/07/03 08:45:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/07/03 08:45:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/07/02 20:49:13 | 003,725,496 | R--- | C] () -- C:\Documents and Settings\Chunky\Desktop\Combo-Fix.exe [2010/07/02 20:42:26 | 000,981,780 | ---- | C] () -- C:\Documents and Settings\Chunky\Desktop\tdsskiller.zip [2010/06/29 11:22:18 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/06/27 16:12:49 | 000,033,148 | ---- | C] () -- C:\Documents and Settings\Chunky\Desktop\Inventory.docx [2010/06/24 22:35:03 | 003,993,600 | ---- | C] () -- C:\Documents and Settings\Chunky\ntuser.dat [2010/06/20 17:10:29 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Chunky\Desktop\Spotify.lnk [2010/06/13 14:31:07 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009/04/20 10:57:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2009/02/01 21:24:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2008/08/12 19:56:57 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2008/08/12 19:56:57 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll ========== Custom Scans ========== < :Otl > < IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found > < > < :commands > < [emptytemp] > < [purity] > < [RESETHOSTS] > < [EMPTYFLASH] > < End of report >

OTL Extras ------------------ OTL Extras logfile created on: 03/07/2010 13:54:51 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Chunky\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,023.00 Mb Total Physical Memory | 658.00 Mb Available Physical Memory | 64.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 20.92 Gb Free Space | 56.16% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: 9FDD52CB Current User Name: Chunky Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Documents and Settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- () "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 20 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver "{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Email Configuration Tool "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "BTHomeHub" = BTHomeHub "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem "ENTERPRISE" = Microsoft Office Enterprise 2007 "Foxit Reader" = Foxit Reader "Google Updater" = Google Updater "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft Security Essentials" = Microsoft Security Essentials "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OpenAL" = OpenAL "Spotify" = Spotify "Stellarium_is1" = Stellarium 0.10.2 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.0.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01/07/2010 12:56:05 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = Error - 01/07/2010 15:56:05 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = Error - 01/07/2010 16:56:05 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = Error - 02/07/2010 10:31:04 | Computer Name = 9FDD52CB | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL. Error - 02/07/2010 10:31:05 | Computer Name = 9FDD52CB | Source = MSSecurityEssentials | ID = 5000 Description = Error - 02/07/2010 13:15:45 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = Error - 02/07/2010 15:04:58 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = Error - 02/07/2010 15:56:08 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = Error - 02/07/2010 16:56:05 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = Error - 03/07/2010 08:56:05 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = [ System Events ] Error - 02/07/2010 10:19:58 | Computer Name = 9FDD52CB | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 02/07/2010 10:20:00 | Computer Name = 9FDD52CB | Source = Service Control Manager | ID = 7023 Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: %%2 Error - 02/07/2010 10:31:02 | Computer Name = 9FDD52CB | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.1058.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 02/07/2010 15:54:42 | Computer Name = 9FDD52CB | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 02/07/2010 15:54:45 | Computer Name = 9FDD52CB | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: PCIIde Error - 03/07/2010 03:59:52 | Computer Name = 9FDD52CB | Source = Service Control Manager | ID = 7034 Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). Error - 03/07/2010 08:22:51 | Computer Name = 9FDD52CB | Source = Service Control Manager | ID = 7034 Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). Error - 03/07/2010 08:38:46 | Computer Name = 9FDD52CB | Source = Service Control Manager | ID = 7034 Description = The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s). Error - 03/07/2010 08:38:46 | Computer Name = 9FDD52CB | Source = Service Control Manager | ID = 7031 Description = The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. Error - 03/07/2010 08:38:47 | Computer Name = 9FDD52CB | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). < End of report >

OTL.txt ------------ OTL logfile created on: 03/07/2010 13:54:51 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Chunky\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,023.00 Mb Total Physical Memory | 658.00 Mb Available Physical Memory | 64.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 20.92 Gb Free Space | 56.16% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: 9FDD52CB Current User Name: Chunky Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Chunky\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Documents and Settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Chunky\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) ========== Driver Services (SafeList) ========== DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.) DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (OZSCR) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro) DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.startup.homepage: "http://mail.yahoo.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 41 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 12:07:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 21:19:46 | 000,000,000 | ---D | M] [2008/08/16 16:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Extensions [2010/06/28 14:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions [2010/06/06 23:26:10 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010/05/01 09:59:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/08/28 22:10:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/06/28 14:08:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/20 11:48:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll [2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll [2008/12/10 10:32:56 | 000,091,520 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/06/07 18:09:44 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010/04/20 11:27:52 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/04/20 11:27:52 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/04/20 11:27:52 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/04/20 11:27:52 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/07/03 13:27:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Chunky\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKCU\..Trusted Domains: internet ([]about in Internet) O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218572172906 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/11 23:45:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/11 23:44:50 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2010/07/03 13:39:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/07/03 13:37:27 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\OTL.exe [2010/07/03 13:37:21 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\TFC.exe [2010/07/03 08:57:53 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/07/03 08:45:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/07/03 08:45:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/07/03 08:45:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/07/03 08:45:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/07/03 08:45:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/07/03 08:43:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/07/02 20:43:27 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Chunky\Desktop\TDSSKiller.exe [2010/07/01 12:24:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/07/01 12:24:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/07/01 12:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/07/01 11:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010/07/01 08:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/07/01 08:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/06/25 08:24:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/06/25 08:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Local Settings\Application Data\PCHealth [2010/06/25 08:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2010/06/20 17:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Local Settings\Application Data\Spotify [2010/06/20 17:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Application Data\Spotify [2010/06/20 17:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify [2010/06/17 11:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Local Settings\Application Data\Bit Computing [2010/06/09 10:14:23 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010/06/07 18:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\My Documents\Downloads [2010/06/07 18:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software ========== Files - Modified Within 30 Days ========== [2010/07/03 13:56:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/07/03 13:46:29 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/07/03 13:41:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/07/03 13:40:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/07/03 13:40:45 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/07/03 13:40:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/07/03 13:40:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/07/03 13:39:34 | 003,993,600 | ---- | M] () -- C:\Documents and Settings\Chunky\ntuser.dat [2010/07/03 13:39:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chunky\ntuser.ini [2010/07/03 13:35:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\OTL.exe [2010/07/03 13:32:58 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\TFC.exe [2010/07/03 13:27:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/07/03 13:27:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/07/03 08:58:40 | 000,315,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/07/03 08:58:40 | 000,041,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/07/03 08:58:38 | 000,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/07/03 08:58:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010/07/02 20:43:30 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Chunky\Desktop\TDSSKiller.exe [2010/07/02 20:40:06 | 003,725,496 | R--- | M] () -- C:\Documents and Settings\Chunky\Desktop\Combo-Fix.exe [2010/07/02 20:39:30 | 000,981,780 | ---- | M] () -- C:\Documents and Settings\Chunky\Desktop\tdsskiller.zip [2010/07/01 11:38:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/30 18:12:04 | 000,033,148 | ---- | M] () -- C:\Documents and Settings\Chunky\Desktop\Inventory.docx [2010/06/20 17:10:29 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Chunky\Desktop\Spotify.lnk [2010/06/09 12:38:33 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/09 11:25:19 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK ========== Files Created - No Company Name ========== [2010/07/03 08:58:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/07/03 08:57:58 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/07/03 08:45:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/07/03 08:45:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/07/03 08:45:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/07/03 08:45:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/07/03 08:45:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/07/02 20:49:13 | 003,725,496 | R--- | C] () -- C:\Documents and Settings\Chunky\Desktop\Combo-Fix.exe [2010/07/02 20:42:26 | 000,981,780 | ---- | C] () -- C:\Documents and Settings\Chunky\Desktop\tdsskiller.zip [2010/06/29 11:22:18 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/06/27 16:12:49 | 000,033,148 | ---- | C] () -- C:\Documents and Settings\Chunky\Desktop\Inventory.docx [2010/06/24 22:35:03 | 003,993,600 | ---- | C] () -- C:\Documents and Settings\Chunky\ntuser.dat [2010/06/20 17:10:29 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Chunky\Desktop\Spotify.lnk [2010/06/13 14:31:07 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009/04/20 10:57:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2009/02/01 21:24:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2008/08/12 19:56:57 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2008/08/12 19:56:57 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll ========== LOP Check ========== [2010/04/12 12:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2009/01/24 00:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2009/10/20 15:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\.GrapplingHookDemo [2009/11/27 01:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\AVG9 [2010/07/03 13:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\Dropbox [2008/08/24 12:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\SecondLife [2010/06/24 23:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\Spotify [2009/12/04 03:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\Stellarium [2010/06/10 16:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\uTorrent [2010/07/03 13:46:29 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/08/12 21:42:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/08/12 21:42:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\AGP440.SYS < MD5 for: ATAPI.SYS > [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/08/12 21:42:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/08/12 21:42:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2005/04/25 16:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys < MD5 for: NETLOGON.DLL > [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: NVATABUS.SYS > [2005/05/17 23:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys [2005/05/17 23:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys < MD5 for: SCECLI.DLL > [2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < End of report >

New ComboFix.txt ---------------------------- ComboFix 10-07-01.02 - Chunky 03/07/2010 13:23:12.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.636 [GMT 1:00] Running from: c:\documents and settings\Chunky\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Chunky\Desktop\CFScript.txt AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Chunky\Application Data\Onotzy c:\documents and settings\Chunky\Application Data\Urydi c:\documents and settings\Chunky\Application Data\Urydi\ryyte.tmp . ((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 ))))))))))))))))))))))))))))))) . 2010-07-01 11:24 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-01 11:24 . 2010-07-01 11:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-01 11:24 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-29 07:08 . 2010-06-29 07:08 69232 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-25 07:27 . 2010-06-25 07:27 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-25 07:20 . 2010-06-25 07:20 -------- d-----w- c:\documents and settings\Chunky\Local Settings\Application Data\PCHealth 2010-06-25 07:20 . 2010-06-25 07:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-06-20 16:10 . 2010-06-24 22:59 -------- d-----w- c:\documents and settings\Chunky\Local Settings\Application Data\Spotify 2010-06-20 16:10 . 2010-06-24 22:59 -------- d-----w- c:\documents and settings\Chunky\Application Data\Spotify 2010-06-20 16:10 . 2010-06-20 16:10 655360 ----a-w- c:\documents and settings\Chunky\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll 2010-06-20 16:10 . 2010-06-20 16:10 282624 ----a-w- c:\documents and settings\Chunky\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll 2010-06-20 16:10 . 2010-06-20 16:10 208896 ----a-w- c:\documents and settings\Chunky\Application Data\Spotify\Gracenote\gnsdk_dsp.dll 2010-06-20 16:10 . 2010-06-20 16:10 -------- d-----w- c:\program files\Spotify 2010-06-17 10:22 . 2010-06-17 10:22 -------- d-----w- c:\documents and settings\Chunky\Local Settings\Application Data\Bit Computing 2010-06-09 09:14 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-07 17:10 . 2010-06-07 17:10 -------- d-----w- c:\program files\Foxit Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-03 12:16 . 2010-01-02 14:46 -------- d-----w- c:\documents and settings\Chunky\Application Data\Dropbox 2010-07-02 19:54 . 2004-08-04 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-07-02 17:21 . 2009-01-04 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-07-01 10:38 . 2010-04-21 07:43 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-29 07:08 . 2010-04-12 12:08 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-06-23 00:13 . 2009-07-21 20:57 -------- d-----w- c:\documents and settings\Chunky\Application Data\vlc 2010-06-10 15:53 . 2010-04-26 19:09 -------- d-----w- c:\documents and settings\Chunky\Application Data\uTorrent 2010-06-09 10:25 . 2008-08-12 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-05 00:56 . 2009-02-09 21:28 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-01 19:34 . 2010-06-01 19:34 503808 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54817dde-n\msvcp71.dll 2010-06-01 19:34 . 2010-06-01 19:34 499712 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54817dde-n\jmc.dll 2010-06-01 19:34 . 2010-06-01 19:34 348160 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54817dde-n\msvcr71.dll 2010-06-01 19:34 . 2010-06-01 19:34 61440 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24eb3439-n\decora-sse.dll 2010-06-01 19:34 . 2010-06-01 19:34 12800 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24eb3439-n\decora-d3d.dll 2010-06-01 17:37 . 2010-04-12 12:10 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-18 23:24 . 2010-04-26 19:10 -------- d-----w- c:\program files\uTorrent 2010-05-09 22:53 . 2009-01-04 15:36 -------- d-----w- c:\program files\Google 2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 10:48 . 2010-04-20 10:48 503808 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b516f6b-n\msvcp71.dll 2010-04-20 10:48 . 2010-04-20 10:48 499712 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b516f6b-n\jmc.dll 2010-04-20 10:48 . 2010-04-20 10:48 348160 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b516f6b-n\msvcr71.dll 2010-04-20 10:48 . 2010-04-20 10:48 61440 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ec28388-n\decora-sse.dll 2010-04-20 10:48 . 2010-04-20 10:48 12800 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ec28388-n\decora-d3d.dll 2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-13 18:10 . 2010-04-13 18:10 152576 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2010-04-13 18:10 . 2010-04-12 12:08 79488 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-12 16:29 . 2010-04-20 10:48 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-12 16:29 . 2008-08-12 20:12 69232 ----a-w- c:\documents and settings\Chunky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-11 16:36 . 2010-04-11 16:36 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-11 16:36 . 2010-04-11 16:36 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys 2010-04-11 16:36 . 2010-04-11 16:36 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys 2010-04-11 16:32 . 2010-01-02 14:46 91696 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\bin\Uninstall.exe 2010-04-11 16:31 . 2010-04-11 16:31 13264416 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe 2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2010-07-03_08.03.42 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-03 12:16 . 2010-07-03 12:16 16384 c:\windows\Temp\Perflib_Perfdata_7e8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\Chunky\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\Chunky\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [12/08/2008 21:05 92550] S2 gupdate1c985eb53826ce0;Google Update Service (gupdate1c985eb53826ce0);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2009 11:36 133104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-07-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-04 17:49] 2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 10:36] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 10:36] 2010-07-03 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: motive.com\pbttbc.bt FF - ProfilePath - c:\documents and settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\ FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/ ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-03 13:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(668) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . Completion time: 2010-07-03 13:29:28 ComboFix-quarantined-files.txt 2010-07-03 12:29 ComboFix2.txt 2010-07-03 08:05 Pre-Run: 22,370,041,856 bytes free Post-Run: 22,359,855,104 bytes free - - End Of File - - 0871E0342639E1CD57A1FB2A0F3413C3