Bowler Posted June 6, 2010 Posted June 6, 2010 Hi Guys, I,m using Windows XP. I have done a Hijackthis scan and have been advised by PC Plodder to remove all of the 01 host items as he seems to think that they should not be there. I ran the scan, ticked all the boxes and hit the Fix Checked button. On the next scan, they were still there. I tried resarting the pc after fixing but they came back. I've tried several times to remove them but they keep coming back. Could someone please take a look at my Hijackthis scan and let me know if these items, or any other items should not be there. If PC Plodder is correct and they shouldn't be there, could you please tell me how to delete them. Your help would be very much appreciated. Thanks Nicky Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:53:28, on 06/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS.1\System32\smss.exe C:\WINDOWS.1\system32\winlogon.exe C:\WINDOWS.1\system32\services.exe C:\WINDOWS.1\system32\lsass.exe C:\WINDOWS.1\system32\nvsvc32.exe C:\WINDOWS.1\system32\svchost.exe C:\WINDOWS.1\System32\svchost.exe C:\WINDOWS.1\system32\spoolsv.exe C:\WINDOWS.1\system32\dldncoms.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Kontiki\KService.exe C:\WINDOWS.1\system32\svchost.exe C:\WINDOWS.1\system32\SearchIndexer.exe C:\WINDOWS.1\Explorer.EXE C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS.1\RTHDCPL.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS.1\system32\RUNDLL32.EXE C:\WINDOWS.1\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS.1\system32\msiexec.exe C:\WINDOWS.1\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe C:\WINDOWS.1\system32\SearchProtocolHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 Secure-plus-payments.com - Secure-plus-payments and Payment System O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.com O1 - Hosts: 173.236.107.243 google.com.au O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.be O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.com.br O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.ca O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.ch O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.de O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.dk O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.fr O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.ie O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.it O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.co.jp O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.nl O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.no O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.co.nz O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.pl O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.se O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.co.uk O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.co.za O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 Google Analytics | Official Website O1 - Hosts: 173.236.107.243 Bing O1 - Hosts: 173.236.107.243 search.yahoo.com O1 - Hosts: 173.236.107.243 Yahoo! Search - Web Search O1 - Hosts: 173.236.107.243 uk.search.yahoo.com O1 - Hosts: 173.236.107.243 ca.search.yahoo.com O1 - Hosts: 173.236.107.243 de.search.yahoo.com O1 - Hosts: 173.236.107.243 fr.search.yahoo.com O1 - Hosts: 173.236.107.243 au.search.yahoo.com O1 - Hosts: 74.125.45.100 4-open-davinci.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.1\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.1\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.1\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.1\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.1\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.1\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.1\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://yahoouk.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.1\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.1\system32\browseui.dll O23 - Service: dldnCATSCustConnectService - Unknown owner - C:\WINDOWS.1\System32\spool\DRIVERS\W32X86\3\\dldnserv.exe O23 - Service: dldn_device - - C:\WINDOWS.1\system32\dldncoms.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS.1\system32\nvsvc32.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 8942 bytes Quote
Bowler Posted June 6, 2010 Author Posted June 6, 2010 Re:- Hijack this Hi Guys, I have done scans using Superantispyware, Malwarebytes and Eset. Superantispyware picked up and deleted something called Antivirus 7. Before this was deleted I was getting a lot of trouble with security pop ups telling me that my computer was severely infected and I was unable to update Spywareblaster. Since this hase been removed, I have had no more pop ups and can get into Spywareblaster. Thanks Nicky Quote
Starbuck Posted June 6, 2010 Posted June 6, 2010 Hi Bowler, Let's have a look and see if there's any leftovers and then we can reset your host file. Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. If the 2 reports are too big to post, just add them as attachments. Thanks Quote Member of:UNITE
Bowler Posted June 6, 2010 Author Posted June 6, 2010 Starbuck, Thanks for your help. Weill send results of scans as requested Quote
Bowler Posted June 6, 2010 Author Posted June 6, 2010 OTL Extras logfile created on: 06/06/2010 19:49:34 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.1 | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 205.30 Gb Free Space | 88.16% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ELONEX Current User Name: The Prout Family Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS.1\system32\dldncoms.exe" = C:\WINDOWS.1\system32\dldncoms.exe:*:Enabled:V105 Server -- ( ) "C:\WINDOWS.1\system32\spool\drivers\w32x86\3\dldnpswx.exe" = C:\WINDOWS.1\system32\spool\drivers\w32x86\3\dldnpswx.exe:*:Enabled:Printer Status Window Interface -- () "C:\WINDOWS.1\system32\spool\drivers\w32x86\3\dldnjswx.exe" = C:\WINDOWS.1\system32\spool\drivers\w32x86\3\dldnjswx.exe:*:Enabled:Job Status Window Interface -- () "C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- () "C:\Program Files\Dell V105\dldnmon.exe" = C:\Program Files\Dell V105\dldnmon.exe:*:Enabled:Printer Device Monitor -- () "C:\Program Files\Dell V105\frun.exe" = C:\Program Files\Dell V105\frun.exe:*:Enabled:Printing Application -- () "C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2\MS7f1e.exe" = C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2\MS7f1e.exe:*:Enabled:My Security Engine -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{55FFA15B-4B16-4E17-AD8B-95EC3C793DE3}" = ESET Smart Security "{6202DCFE-2F03-445C-9885-CB54B062BC0F}" = Trainz Paint Shed "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}" = Trainz "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AuranTS2009_is1" = Trainz Simulator 2009: World Builder Edition "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Dell V105" = Dell V105 "Entriq MediaSphere_is1" = Uninstall Entriq MediaSphere "ie8" = Windows Internet Explorer 8 "KeyScrambler" = KeyScrambler "KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Basic) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "SpywareBlaster_is1" = SpywareBlaster 4.3 "SystemRequirementsLab" = System Requirements Lab "WebSTAR Uninstall" = Scientific Atlanta WebSTAR 100 & 200 series Cable Modem "Window Washer" = Window Washer "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20/03/2010 13:16:26 | Computer Name = ELONEX | Source = Application Hang | ID = 1002 Description = Hanging application SUPERAntiSpyware.exe, version 4.33.0.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 26/03/2010 06:47:40 | Computer Name = ELONEX | Source = Userenv | ID = 1508 Description = Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights. DETAIL - The process cannot access the file because it is being used by another process. for C:\Documents and Settings\The Prout Family.ELONEX.000\ntuser.dat Error - 26/03/2010 06:47:50 | Computer Name = ELONEX | Source = Userenv | ID = 1502 Description = Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator. DETAIL - The process cannot access the file because it is being used by another process. Error - 26/03/2010 06:47:50 | Computer Name = ELONEX | Source = Userenv | ID = 1515 Description = Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on. Error - 26/03/2010 06:47:51 | Computer Name = ELONEX | Source = Userenv | ID = 1511 Description = Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error - 26/03/2010 06:48:36 | Computer Name = ELONEX | Source = Windows Search Service | ID = 3024 Description = The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog Error - 26/03/2010 07:05:34 | Computer Name = ELONEX | Source = Windows Search Service | ID = 3024 Description = The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog Error - 04/04/2010 17:11:13 | Computer Name = ELONEX | Source = Application Error | ID = 1000 Description = Faulting application OneClick.exe, version 9.0.2000.16, faulting module rtl120.bpl, version 12.0.3210.17555, fault address 0x000087c9. Error - 16/04/2010 10:22:22 | Computer Name = ELONEX | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 22/05/2010 11:18:32 | Computer Name = ELONEX | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.100.2 on the Network Card with network address 00407B7E5C29. Error - 22/05/2010 16:23:09 | Computer Name = ELONEX | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the dldnCATSCustConnectService service to connect. Error - 22/05/2010 16:23:09 | Computer Name = ELONEX | Source = Service Control Manager | ID = 7000 Description = The dldnCATSCustConnectService service failed to start due to the following error: %%1053 Error - 22/05/2010 19:42:12 | Computer Name = ELONEX | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the dldnCATSCustConnectService service to connect. Error - 22/05/2010 19:42:12 | Computer Name = ELONEX | Source = Service Control Manager | ID = 7000 Description = The dldnCATSCustConnectService service failed to start due to the following error: %%1053 Error - 22/05/2010 21:30:38 | Computer Name = ELONEX | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.100.2 on the Network Card with network address 00407B7E5C29. Error - 23/05/2010 06:11:41 | Computer Name = ELONEX | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the dldnCATSCustConnectService service to connect. Error - 23/05/2010 06:11:41 | Computer Name = ELONEX | Source = Service Control Manager | ID = 7000 Description = The dldnCATSCustConnectService service failed to start due to the following error: %%1053 Error - 23/05/2010 06:54:30 | Computer Name = ELONEX | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the dldnCATSCustConnectService service to connect. Error - 23/05/2010 06:54:30 | Computer Name = ELONEX | Source = Service Control Manager | ID = 7000 Description = The dldnCATSCustConnectService service failed to start due to the following error: %%1053 < End of report > Quote
Bowler Posted June 6, 2010 Author Posted June 6, 2010 OTL logfile created on: 06/06/2010 19:49:34 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.1 | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 205.30 Gb Free Space | 88.16% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ELONEX Current User Name: The Prout Family Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\WINDOWS.1\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Kontiki\KService.exe () PRC - C:\WINDOWS.1\system32\dldncoms.exe ( ) PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET) PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.) PRC - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS.1\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET) SRV - (KService) -- C:\Program Files\Kontiki\KService.exe () SRV - (dldnCATSCustConnectService) -- C:\WINDOWS.1\System32\spool\DRIVERS\W32X86\3\\dldnserv.exe () SRV - (dldn_device) -- C:\WINDOWS.1\System32\dldncoms.exe ( ) SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET) SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.) ========== Driver Services (SafeList) ========== DRV - (nv) -- C:\WINDOWS.1\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (KeyScrambler) -- C:\WINDOWS.1\system32\drivers\keyscrambler.sys (QFX Software Corporation) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (pavboot) -- C:\WINDOWS.1\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (epfwtdi) -- C:\WINDOWS.1\system32\drivers\epfwtdi.sys (ESET) DRV - (Epfwndis) -- C:\WINDOWS.1\system32\drivers\epfwndis.sys (ESET) DRV - (epfw) -- C:\WINDOWS.1\system32\drivers\epfw.sys (ESET) DRV - (easdrv) -- C:\WINDOWS.1\system32\drivers\easdrv.sys (ESET) DRV - (eamon) -- C:\WINDOWS.1\system32\drivers\eamon.sys (ESET) DRV - (nvnetbus) -- C:\WINDOWS.1\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS.1\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (HDAudBus) -- C:\WINDOWS.1\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (AmdPPM) -- C:\WINDOWS.1\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS.1\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (WebSTARXP) -- C:\WINDOWS.1\system32\drivers\SACMXP1.sys (Scientific Atlanta) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [2009/09/02 18:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2010/05/24 15:09:13 | 000,002,112 | RHS- | M]) - C:\WINDOWS.1\system32\drivers\etc\hosts O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 Secure-plus-payments.com - Secure-plus-payments and Payment System O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.com O1 - Hosts: 173.236.107.243 google.com.au O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.be O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.com.br O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.ca O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.ch O1 - Hosts: 37 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS.1\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.1\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.1\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] File not found O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.) O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://yahoouk.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.1\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/07/25 19:50:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS.1\system32\ias [2010/02/10 15:14:58 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS.1\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS.1\system32\ias [2010/02/10 15:14:58 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS.1\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2010/06/06 19:46:16 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop\OTL.exe [2010/06/05 16:27:44 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS.1\System32\drivers\pavboot.sys [2010/06/05 15:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2010/05/24 00:48:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MSOJPXFRBE [2010/05/20 20:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ThumbnailCache4R [2010/05/20 20:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\Dell Imaging Toolbox [2010/05/20 20:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Dl_cats [2010/05/10 19:05:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2 [2008/01/23 21:48:59 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnpmui.dll [2008/01/23 21:45:57 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnserv.dll [2008/01/23 21:42:42 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnlmpm.dll [2008/01/23 21:42:39 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldniesc.dll [2008/01/23 21:42:28 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldncomm.dll [2008/01/23 21:41:26 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnhbn3.dll [2008/01/23 21:40:59 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnusb1.dll [2008/01/23 21:40:29 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldncomc.dll [2008/01/23 21:39:23 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnprox.dll [2008/01/23 21:37:30 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldninpa.dll [4 C:\WINDOWS.1\*.tmp files -> C:\WINDOWS.1\*.tmp -> ] [1 C:\WINDOWS.1\System32\*.tmp files -> C:\WINDOWS.1\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/06 19:48:13 | 000,000,489 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.1\DG21FF1.A00 [2010/06/06 19:46:22 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop\OTL.exe [2010/06/06 19:41:58 | 000,276,202 | ---- | M] () -- C:\WINDOWS.1\System32\NvApps.xml [2010/06/06 19:41:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.1\tasks\SA.DAT [2010/06/06 19:41:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS.1\bootstat.dat [2010/06/06 14:57:07 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\NTUSER.DAT [2010/06/06 14:57:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\ntuser.ini [2010/06/06 13:30:37 | 000,001,494 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\etc\hosts.new [2010/06/06 10:56:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS.1\System32\wpa.dbl [2010/05/30 14:24:02 | 000,000,985 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\malwarebytes log [2010/05/27 09:20:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS.1\imsins.BAK [2010/05/24 15:09:13 | 000,002,112 | RHS- | M] () -- C:\WINDOWS.1\System32\drivers\etc\hosts [2010/05/22 17:08:34 | 000,000,754 | ---- | M] () -- C:\WINDOWS.1\WORDPAD.INI [2010/05/20 20:36:59 | 000,001,706 | ---- | M] () -- C:\WINDOWS.1\System32\LexFiles.ulf [2010/05/19 12:01:36 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/14 09:06:29 | 000,866,722 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting005.jpg [2010/05/14 09:05:59 | 000,904,019 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\microlight4.jpg [2010/05/14 09:05:24 | 001,004,698 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting003.jpg [2010/05/14 09:05:01 | 000,826,529 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting002.jpg [2010/05/14 09:04:36 | 000,766,449 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\mircolight.jpg [4 C:\WINDOWS.1\*.tmp files -> C:\WINDOWS.1\*.tmp -> ] [1 C:\WINDOWS.1\System32\*.tmp files -> C:\WINDOWS.1\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/30 14:24:02 | 000,000,985 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\malwarebytes log [2010/05/14 09:06:28 | 000,866,722 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting005.jpg [2010/05/14 09:05:58 | 000,904,019 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\microlight4.jpg [2010/05/14 09:05:23 | 001,004,698 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting003.jpg [2010/05/14 09:05:00 | 000,826,529 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting002.jpg [2010/05/14 09:04:35 | 000,766,449 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\mircolight.jpg [2010/03/28 21:57:20 | 000,000,754 | ---- | C] () -- C:\WINDOWS.1\WORDPAD.INI [2010/03/06 13:04:18 | 000,178,176 | ---- | C] () -- C:\WINDOWS.1\System32\unrar.dll [2010/02/15 17:17:18 | 000,360,448 | R--- | C] () -- C:\WINDOWS.1\System32\dldncoin.dll [2010/02/15 17:17:17 | 000,077,906 | ---- | C] () -- C:\WINDOWS.1\System32\dldncfg.dll [2008/02/11 04:13:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS.1\System32\dldninsr.dll [2008/02/11 04:13:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS.1\System32\dldncur.dll [2008/02/11 04:12:39 | 000,143,360 | ---- | C] () -- C:\WINDOWS.1\System32\dldnjswr.dll [2008/02/11 04:09:53 | 000,176,128 | ---- | C] () -- C:\WINDOWS.1\System32\dldninsb.dll [2008/02/11 04:09:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS.1\System32\dldncub.dll [2008/02/11 04:07:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS.1\System32\dldncu.dll [2008/02/11 04:07:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS.1\System32\dldnins.dll [2008/02/11 04:05:20 | 000,520,192 | ---- | C] () -- C:\WINDOWS.1\System32\dldnutil.dll [2008/02/11 04:04:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS.1\System32\dldngrd.dll [2008/01/29 21:49:04 | 000,782,336 | ---- | C] () -- C:\WINDOWS.1\System32\dldndrs.dll [2008/01/23 13:08:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS.1\System32\dldncaps.dll [2007/10/02 15:51:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS.1\System32\dldncnv4.dll [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS.1\System32\idxcntrs.ini [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS.1\System32\gsrvctr.ini [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS.1\System32\gthrctr.ini [2007/04/28 15:41:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS.1\System32\dldnvs.dll ========== LOP Check ========== [2010/05/24 15:10:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2 [2010/03/16 21:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Entriq [2010/02/10 16:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ESET [2010/03/16 21:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Kontiki [2010/05/24 00:48:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MSOJPXFRBE [2010/06/06 10:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP [2010/03/17 13:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\The Mirror Mysteries [2010/05/20 20:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ThumbnailCache4R [2010/06/06 13:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TuneUp Software [2010/02/10 18:52:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010/02/10 16:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\ESET [2010/02/10 20:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\InterTrust [2010/06/06 13:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\TuneUp Software [2010/02/23 10:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\Windows Desktop Search [2010/03/03 11:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\Windows Search ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > [2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2008/08/30 10:28:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.0\$NtServicePackUninstall$\sp3.cab:AGP440.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp2.cab:AGP440.sys [2008/08/30 10:28:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp3.cab:AGP440.sys [2008/08/30 10:28:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.0\ServicePackFiles\i386\sp3.cab:AGP440.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS.1\Driver Cache\i386\sp2.cab:AGP440.sys [2010/02/10 15:56:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.1\Driver Cache\i386\sp3.cab:AGP440.sys [2010/02/10 15:56:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.1\ServicePackFiles\i386\sp3.cab:AGP440.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS.0\ERDNT\cache\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS.0\ServicePackFiles\i386\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS.0\system32\drivers\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS.1\ServicePackFiles\i386\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS.1\system32\drivers\agp440.sys [2004/08/04 13:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2008/08/30 10:28:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.0\$NtServicePackUninstall$\sp3.cab:atapi.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp2.cab:atapi.sys [2008/08/30 10:28:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp3.cab:atapi.sys [2008/08/30 10:28:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.0\ServicePackFiles\i386\sp3.cab:atapi.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS.1\Driver Cache\i386\sp2.cab:atapi.sys [2010/02/10 15:56:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.1\Driver Cache\i386\sp3.cab:atapi.sys [2010/02/10 15:56:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.1\ServicePackFiles\i386\sp3.cab:atapi.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS.0\ServicePackFiles\i386\atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS.1\ServicePackFiles\i386\atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS.1\system32\drivers\atapi.sys [2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS.0\$NtServicePackUninstall$\atapi.sys [2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS.1\$NtServicePackUninstall$\atapi.sys [2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS.0\ERDNT\cache\eventlog.dll [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS.0\ServicePackFiles\i386\eventlog.dll [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS.0\system32\eventlog.dll [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS.1\ServicePackFiles\i386\eventlog.dll [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS.1\system32\eventlog.dll [2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS.0\$NtServicePackUninstall$\eventlog.dll [2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS.1\$NtServicePackUninstall$\eventlog.dll [2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS.0\ERDNT\cache\netlogon.dll [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS.0\ServicePackFiles\i386\netlogon.dll [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS.0\system32\netlogon.dll [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS.1\ServicePackFiles\i386\netlogon.dll [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS.1\system32\netlogon.dll [2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS.0\$NtServicePackUninstall$\netlogon.dll [2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS.1\$NtServicePackUninstall$\netlogon.dll [2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll [2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVATA.SYS > [2006/06/28 10:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\$WIN_NT$.~BT\nvata.sys [2006/06/28 10:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\WINDOWS\system32\drivers\nvata.sys < MD5 for: SCECLI.DLL > [2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS.0\$NtServicePackUninstall$\scecli.dll [2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS.1\$NtServicePackUninstall$\scecli.dll [2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll [2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS.0\ERDNT\cache\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS.0\ServicePackFiles\i386\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS.0\system32\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS.1\ServicePackFiles\i386\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS.1\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS.1\system32\dxtmsft.dll [2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS.1\system32\dxtrans.dll [1 C:\WINDOWS.1\system32\*.tmp files -> C:\WINDOWS.1\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < > < > < %SYSTEMDRIVE%\*.exe > [2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2008/08/30 10:28:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.0\$NtServicePackUninstall$\sp3.cab:AGP440.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp2.cab:AGP440.sys [2008/08/30 10:28:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp3.cab:AGP440.sys [2008/08/30 10:28:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.0\ServicePackFiles\i386\sp3.cab:AGP440.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS.1\Driver Cache\i386\sp2.cab:AGP440.sys [2010/02/10 15:56:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.1\Driver Cache\i386\sp3.cab:AGP440.sys [2010/02/10 15:56:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.1\ServicePackFiles\i386\sp3.cab:AGP440.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS.0\ERDNT\cache\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS.0\ServicePackFiles\i386\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS.0\system32\drivers\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS.1\ServicePackFiles\i386\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS.1\system32\drivers\agp440.sys [2004/08/04 13:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2008/08/30 10:28:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.0\$NtServicePackUninstall$\sp3.cab:atapi.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp2.cab:atapi.sys [2008/08/30 10:28:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp3.cab:atapi.sys [2008/08/30 10:28:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.0\ServicePackFiles\i386\sp3.cab:atapi.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS.1\Driver Cache\i386\sp2.cab:atapi.sys [2010/02/10 15:56:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.1\Driver Cache\i386\sp3.cab:atapi.sys [2010/02/10 15:56:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.1\ServicePackFiles\i386\sp3.cab:atapi.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS.0\ServicePackFiles\i386\atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS.1\ServicePackFiles\i386\atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS.1\system32\drivers\atapi.sys [2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS.0\$NtServicePackUninstall$\atapi.sys [2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS.1\$NtServicePackUninstall$\atapi.sys [2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS.0\ERDNT\cache\eventlog.dll [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS.0\ServicePackFiles\i386\eventlog.dll [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS.0\system32\eventlog.dll [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS.1\ServicePackFiles\i386\eventlog.dll [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS.1\system32\eventlog.dll [2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS.0\$NtServicePackUninstall$\eventlog.dll [2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS.1\$NtServicePackUninstall$\eventlog.dll [2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS.0\ERDNT\cache\netlogon.dll [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS.0\ServicePackFiles\i386\netlogon.dll [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS.0\system32\netlogon.dll [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS.1\ServicePackFiles\i386\netlogon.dll [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS.1\system32\netlogon.dll [2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS.0\$NtServicePackUninstall$\netlogon.dll [2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS.1\$NtServicePackUninstall$\netlogon.dll [2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll [2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVATA.SYS > [2006/06/28 10:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\$WIN_NT$.~BT\nvata.sys [2006/06/28 10:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\WINDOWS\system32\drivers\nvata.sys < MD5 for: SCECLI.DLL > [2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS.0\$NtServicePackUninstall$\scecli.dll [2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS.1\$NtServicePackUninstall$\scecli.dll [2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll [2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS.0\ERDNT\cache\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS.0\ServicePackFiles\i386\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS.0\system32\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS.1\ServicePackFiles\i386\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS.1\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS.1\system32\dxtmsft.dll [2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS.1\system32\dxtrans.dll [1 C:\WINDOWS.1\system32\*.tmp files -> C:\WINDOWS.1\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:8BBD1F9A @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:5C321E34 < End of report > Quote
Starbuck Posted June 6, 2010 Posted June 6, 2010 Hi Bowler Step 1 Optional. SuperAntiSpyware doesn't need to start when Windows starts. You can start it manually when you need to do a scan. To change this: Restart SuperAntiSpyware... Then from the main page, Click on the Preferences button....then untick... 'Start SuperAntiSpyware when Windows starts'. Then click Close. and then Close on the next screen to exit the program. Step 2 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl O4 - HKLM..\Run: [nwiz] File not found O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) [2010/05/10 19:05:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2 [2010/05/24 00:48:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MSOJPXFRBE @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:8BBD1F9A @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:5C321E34 :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 3 Please let me have a fresh OTL report so that i can double check the Host file has been reset properly. Just start OTL again and click on the scan button. It'll only produce one report this time. In your next reply, please submit: Otl fix report New Otl report Thanks. Quote Member of:UNITE
Bowler Posted June 6, 2010 Author Posted June 6, 2010 Hi Starbuck, This is the new report. Sorry, but what or where is the otl fix report? OTL logfile created on: 06/06/2010 20:28:30 - Run 2 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop\maitenance tools Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.1 | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 205.27 Gb Free Space | 88.14% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ELONEX Current User Name: The Prout Family Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop\maitenance tools\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\WINDOWS.1\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Kontiki\KService.exe () PRC - C:\WINDOWS.1\system32\dldncoms.exe ( ) PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET) PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.) PRC - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop\maitenance tools\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS.1\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET) SRV - (KService) -- C:\Program Files\Kontiki\KService.exe () SRV - (dldnCATSCustConnectService) -- C:\WINDOWS.1\System32\spool\DRIVERS\W32X86\3\\dldnserv.exe () SRV - (dldn_device) -- C:\WINDOWS.1\System32\dldncoms.exe ( ) SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET) SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.) ========== Driver Services (SafeList) ========== DRV - (nv) -- C:\WINDOWS.1\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (KeyScrambler) -- C:\WINDOWS.1\system32\drivers\keyscrambler.sys (QFX Software Corporation) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (pavboot) -- C:\WINDOWS.1\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (epfwtdi) -- C:\WINDOWS.1\system32\drivers\epfwtdi.sys (ESET) DRV - (Epfwndis) -- C:\WINDOWS.1\system32\drivers\epfwndis.sys (ESET) DRV - (epfw) -- C:\WINDOWS.1\system32\drivers\epfw.sys (ESET) DRV - (easdrv) -- C:\WINDOWS.1\system32\drivers\easdrv.sys (ESET) DRV - (eamon) -- C:\WINDOWS.1\system32\drivers\eamon.sys (ESET) DRV - (nvnetbus) -- C:\WINDOWS.1\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS.1\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (HDAudBus) -- C:\WINDOWS.1\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (AmdPPM) -- C:\WINDOWS.1\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS.1\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (WebSTARXP) -- C:\WINDOWS.1\system32\drivers\SACMXP1.sys (Scientific Atlanta) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [2009/09/02 18:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2010/05/24 15:09:13 | 000,002,112 | RHS- | M]) - C:\WINDOWS.1\system32\drivers\etc\hosts O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 Secure-plus-payments.com - Secure-plus-payments and Payment System O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.com O1 - Hosts: 173.236.107.243 google.com.au O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.be O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.com.br O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.ca O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.ch O1 - Hosts: 37 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS.1\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.1\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.1\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] File not found O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.) O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://yahoouk.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.1\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/07/25 19:50:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/05 16:27:44 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS.1\System32\drivers\pavboot.sys [2010/06/05 15:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2010/05/24 00:48:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MSOJPXFRBE [2010/05/20 20:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ThumbnailCache4R [2010/05/20 20:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\Dell Imaging Toolbox [2010/05/20 20:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Dl_cats [2010/05/10 19:05:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2 [2008/01/23 21:48:59 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnpmui.dll [2008/01/23 21:45:57 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnserv.dll [2008/01/23 21:42:42 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnlmpm.dll [2008/01/23 21:42:39 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldniesc.dll [2008/01/23 21:42:28 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldncomm.dll [2008/01/23 21:41:26 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnhbn3.dll [2008/01/23 21:40:59 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnusb1.dll [2008/01/23 21:40:29 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldncomc.dll [2008/01/23 21:39:23 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnprox.dll [2008/01/23 21:37:30 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldninpa.dll [4 C:\WINDOWS.1\*.tmp files -> C:\WINDOWS.1\*.tmp -> ] [1 C:\WINDOWS.1\System32\*.tmp files -> C:\WINDOWS.1\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/06 19:48:13 | 000,000,489 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.1\DG21FF1.A00 [2010/06/06 19:41:58 | 000,276,202 | ---- | M] () -- C:\WINDOWS.1\System32\NvApps.xml [2010/06/06 19:41:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.1\tasks\SA.DAT [2010/06/06 19:41:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS.1\bootstat.dat [2010/06/06 14:57:07 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\NTUSER.DAT [2010/06/06 14:57:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\ntuser.ini [2010/06/06 13:30:37 | 000,001,494 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\etc\hosts.new [2010/06/06 10:56:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS.1\System32\wpa.dbl [2010/05/30 14:24:02 | 000,000,985 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\malwarebytes log [2010/05/27 09:20:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS.1\imsins.BAK [2010/05/24 15:09:13 | 000,002,112 | RHS- | M] () -- C:\WINDOWS.1\System32\drivers\etc\hosts [2010/05/22 17:08:34 | 000,000,754 | ---- | M] () -- C:\WINDOWS.1\WORDPAD.INI [2010/05/20 20:36:59 | 000,001,706 | ---- | M] () -- C:\WINDOWS.1\System32\LexFiles.ulf [2010/05/19 12:01:36 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/14 09:06:29 | 000,866,722 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting005.jpg [2010/05/14 09:05:59 | 000,904,019 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\microlight4.jpg [2010/05/14 09:05:24 | 001,004,698 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting003.jpg [2010/05/14 09:05:01 | 000,826,529 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting002.jpg [2010/05/14 09:04:36 | 000,766,449 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\mircolight.jpg [4 C:\WINDOWS.1\*.tmp files -> C:\WINDOWS.1\*.tmp -> ] [1 C:\WINDOWS.1\System32\*.tmp files -> C:\WINDOWS.1\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/30 14:24:02 | 000,000,985 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\malwarebytes log [2010/05/14 09:06:28 | 000,866,722 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting005.jpg [2010/05/14 09:05:58 | 000,904,019 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\microlight4.jpg [2010/05/14 09:05:23 | 001,004,698 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting003.jpg [2010/05/14 09:05:00 | 000,826,529 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting002.jpg [2010/05/14 09:04:35 | 000,766,449 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\mircolight.jpg [2010/03/28 21:57:20 | 000,000,754 | ---- | C] () -- C:\WINDOWS.1\WORDPAD.INI [2010/03/06 13:04:18 | 000,178,176 | ---- | C] () -- C:\WINDOWS.1\System32\unrar.dll [2010/02/15 17:17:18 | 000,360,448 | R--- | C] () -- C:\WINDOWS.1\System32\dldncoin.dll [2010/02/15 17:17:17 | 000,077,906 | ---- | C] () -- C:\WINDOWS.1\System32\dldncfg.dll [2008/02/11 04:13:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS.1\System32\dldninsr.dll [2008/02/11 04:13:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS.1\System32\dldncur.dll [2008/02/11 04:12:39 | 000,143,360 | ---- | C] () -- C:\WINDOWS.1\System32\dldnjswr.dll [2008/02/11 04:09:53 | 000,176,128 | ---- | C] () -- C:\WINDOWS.1\System32\dldninsb.dll [2008/02/11 04:09:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS.1\System32\dldncub.dll [2008/02/11 04:07:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS.1\System32\dldncu.dll [2008/02/11 04:07:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS.1\System32\dldnins.dll [2008/02/11 04:05:20 | 000,520,192 | ---- | C] () -- C:\WINDOWS.1\System32\dldnutil.dll [2008/02/11 04:04:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS.1\System32\dldngrd.dll [2008/01/29 21:49:04 | 000,782,336 | ---- | C] () -- C:\WINDOWS.1\System32\dldndrs.dll [2008/01/23 13:08:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS.1\System32\dldncaps.dll [2007/10/02 15:51:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS.1\System32\dldncnv4.dll [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS.1\System32\idxcntrs.ini [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS.1\System32\gsrvctr.ini [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS.1\System32\gthrctr.ini [2007/04/28 15:41:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS.1\System32\dldnvs.dll ========== LOP Check ========== [2010/05/24 15:10:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2 [2010/03/16 21:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Entriq [2010/02/10 16:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ESET [2010/03/16 21:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Kontiki [2010/05/24 00:48:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MSOJPXFRBE [2010/06/06 10:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP [2010/03/17 13:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\The Mirror Mysteries [2010/05/20 20:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ThumbnailCache4R [2010/06/06 13:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TuneUp Software [2010/02/10 18:52:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010/02/10 16:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\ESET [2010/02/10 20:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\InterTrust [2010/06/06 13:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\TuneUp Software [2010/02/23 10:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\Windows Desktop Search [2010/03/03 11:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\Windows Search ========== Purity Check ========== ========== Custom Scans ========== < :Otl > < O4 - HKLM..\Run: [nwiz] File not found > < O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) > Invalid Switch: gp.cab (Reg Error: Key error.) < [2010/05/10 19:05:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2 > Invalid Switch: 10 19:05:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2 < [2010/05/24 00:48:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MSOJPXFRBE > Invalid Switch: 24 00:48:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MSOJPXFRBE < @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:8BBD1F9A > < @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:5C321E34 > < > < :commands > < [emptytemp] > < [purity] > < [RESETHOSTS] > < [EMPTYFLASH] > ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:8BBD1F9A @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:5C321E34 < End of report > Quote
Bowler Posted June 6, 2010 Author Posted June 6, 2010 Hi Starbuck, This is the new report. Sorry, but what or where is the otl fix report? OTL logfile created on: 06/06/2010 20:28:30 - Run 2 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop\maitenance tools Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.1 | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 205.27 Gb Free Space | 88.14% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ELONEX Current User Name: The Prout Family Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop\maitenance tools\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\WINDOWS.1\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Kontiki\KService.exe () PRC - C:\WINDOWS.1\system32\dldncoms.exe ( ) PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET) PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.) PRC - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop\maitenance tools\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS.1\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET) SRV - (KService) -- C:\Program Files\Kontiki\KService.exe () SRV - (dldnCATSCustConnectService) -- C:\WINDOWS.1\System32\spool\DRIVERS\W32X86\3\\dldnserv.exe () SRV - (dldn_device) -- C:\WINDOWS.1\System32\dldncoms.exe ( ) SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET) SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.) ========== Driver Services (SafeList) ========== DRV - (nv) -- C:\WINDOWS.1\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (KeyScrambler) -- C:\WINDOWS.1\system32\drivers\keyscrambler.sys (QFX Software Corporation) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (pavboot) -- C:\WINDOWS.1\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (epfwtdi) -- C:\WINDOWS.1\system32\drivers\epfwtdi.sys (ESET) DRV - (Epfwndis) -- C:\WINDOWS.1\system32\drivers\epfwndis.sys (ESET) DRV - (epfw) -- C:\WINDOWS.1\system32\drivers\epfw.sys (ESET) DRV - (easdrv) -- C:\WINDOWS.1\system32\drivers\easdrv.sys (ESET) DRV - (eamon) -- C:\WINDOWS.1\system32\drivers\eamon.sys (ESET) DRV - (nvnetbus) -- C:\WINDOWS.1\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS.1\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (HDAudBus) -- C:\WINDOWS.1\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (AmdPPM) -- C:\WINDOWS.1\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS.1\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (WebSTARXP) -- C:\WINDOWS.1\system32\drivers\SACMXP1.sys (Scientific Atlanta) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [2009/09/02 18:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2010/05/24 15:09:13 | 000,002,112 | RHS- | M]) - C:\WINDOWS.1\system32\drivers\etc\hosts O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 Secure-plus-payments.com - Secure-plus-payments and Payment System O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.com O1 - Hosts: 173.236.107.243 google.com.au O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.be O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.com.br O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.ca O1 - Hosts: 173.236.107.243 Google O1 - Hosts: 173.236.107.243 google.ch O1 - Hosts: 37 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS.1\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.1\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.1\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] File not found O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.) O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://yahoouk.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.1\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/07/25 19:50:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/05 16:27:44 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS.1\System32\drivers\pavboot.sys [2010/06/05 15:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2010/05/24 00:48:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MSOJPXFRBE [2010/05/20 20:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ThumbnailCache4R [2010/05/20 20:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\Dell Imaging Toolbox [2010/05/20 20:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Dl_cats [2010/05/10 19:05:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2 [2008/01/23 21:48:59 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnpmui.dll [2008/01/23 21:45:57 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnserv.dll [2008/01/23 21:42:42 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnlmpm.dll [2008/01/23 21:42:39 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldniesc.dll [2008/01/23 21:42:28 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldncomm.dll [2008/01/23 21:41:26 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnhbn3.dll [2008/01/23 21:40:59 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnusb1.dll [2008/01/23 21:40:29 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldncomc.dll [2008/01/23 21:39:23 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnprox.dll [2008/01/23 21:37:30 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldninpa.dll [4 C:\WINDOWS.1\*.tmp files -> C:\WINDOWS.1\*.tmp -> ] [1 C:\WINDOWS.1\System32\*.tmp files -> C:\WINDOWS.1\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/06 19:48:13 | 000,000,489 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.1\DG21FF1.A00 [2010/06/06 19:41:58 | 000,276,202 | ---- | M] () -- C:\WINDOWS.1\System32\NvApps.xml [2010/06/06 19:41:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.1\tasks\SA.DAT [2010/06/06 19:41:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS.1\bootstat.dat [2010/06/06 14:57:07 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\NTUSER.DAT [2010/06/06 14:57:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\ntuser.ini [2010/06/06 13:30:37 | 000,001,494 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\etc\hosts.new [2010/06/06 10:56:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS.1\System32\wpa.dbl [2010/05/30 14:24:02 | 000,000,985 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\malwarebytes log [2010/05/27 09:20:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS.1\imsins.BAK [2010/05/24 15:09:13 | 000,002,112 | RHS- | M] () -- C:\WINDOWS.1\System32\drivers\etc\hosts [2010/05/22 17:08:34 | 000,000,754 | ---- | M] () -- C:\WINDOWS.1\WORDPAD.INI [2010/05/20 20:36:59 | 000,001,706 | ---- | M] () -- C:\WINDOWS.1\System32\LexFiles.ulf [2010/05/19 12:01:36 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/14 09:06:29 | 000,866,722 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting005.jpg [2010/05/14 09:05:59 | 000,904,019 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\microlight4.jpg [2010/05/14 09:05:24 | 001,004,698 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting003.jpg [2010/05/14 09:05:01 | 000,826,529 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting002.jpg [2010/05/14 09:04:36 | 000,766,449 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\mircolight.jpg [4 C:\WINDOWS.1\*.tmp files -> C:\WINDOWS.1\*.tmp -> ] [1 C:\WINDOWS.1\System32\*.tmp files -> C:\WINDOWS.1\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/30 14:24:02 | 000,000,985 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\malwarebytes log [2010/05/14 09:06:28 | 000,866,722 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting005.jpg [2010/05/14 09:05:58 | 000,904,019 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\microlight4.jpg [2010/05/14 09:05:23 | 001,004,698 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting003.jpg [2010/05/14 09:05:00 | 000,826,529 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting002.jpg [2010/05/14 09:04:35 | 000,766,449 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\mircolight.jpg [2010/03/28 21:57:20 | 000,000,754 | ---- | C] () -- C:\WINDOWS.1\WORDPAD.INI [2010/03/06 13:04:18 | 000,178,176 | ---- | C] () -- C:\WINDOWS.1\System32\unrar.dll [2010/02/15 17:17:18 | 000,360,448 | R--- | C] () -- C:\WINDOWS.1\System32\dldncoin.dll [2010/02/15 17:17:17 | 000,077,906 | ---- | C] () -- C:\WINDOWS.1\System32\dldncfg.dll [2008/02/11 04:13:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS.1\System32\dldninsr.dll [2008/02/11 04:13:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS.1\System32\dldncur.dll [2008/02/11 04:12:39 | 000,143,360 | ---- | C] () -- C:\WINDOWS.1\System32\dldnjswr.dll [2008/02/11 04:09:53 | 000,176,128 | ---- | C] () -- C:\WINDOWS.1\System32\dldninsb.dll [2008/02/11 04:09:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS.1\System32\dldncub.dll [2008/02/11 04:07:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS.1\System32\dldncu.dll [2008/02/11 04:07:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS.1\System32\dldnins.dll [2008/02/11 04:05:20 | 000,520,192 | ---- | C] () -- C:\WINDOWS.1\System32\dldnutil.dll [2008/02/11 04:04:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS.1\System32\dldngrd.dll [2008/01/29 21:49:04 | 000,782,336 | ---- | C] () -- C:\WINDOWS.1\System32\dldndrs.dll [2008/01/23 13:08:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS.1\System32\dldncaps.dll [2007/10/02 15:51:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS.1\System32\dldncnv4.dll [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS.1\System32\idxcntrs.ini [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS.1\System32\gsrvctr.ini [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS.1\System32\gthrctr.ini [2007/04/28 15:41:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS.1\System32\dldnvs.dll ========== LOP Check ========== [2010/05/24 15:10:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2 [2010/03/16 21:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Entriq [2010/02/10 16:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ESET [2010/03/16 21:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Kontiki [2010/05/24 00:48:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MSOJPXFRBE [2010/06/06 10:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP [2010/03/17 13:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\The Mirror Mysteries [2010/05/20 20:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ThumbnailCache4R [2010/06/06 13:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TuneUp Software [2010/02/10 18:52:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010/02/10 16:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\ESET [2010/02/10 20:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\InterTrust [2010/06/06 13:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\TuneUp Software [2010/02/23 10:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\Windows Desktop Search [2010/03/03 11:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\Windows Search ========== Purity Check ========== ========== Custom Scans ========== < :Otl > < O4 - HKLM..\Run: [nwiz] File not found > < O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) > Invalid Switch: gp.cab (Reg Error: Key error.) < [2010/05/10 19:05:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2 > Invalid Switch: 10 19:05:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2 < [2010/05/24 00:48:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MSOJPXFRBE > Invalid Switch: 24 00:48:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MSOJPXFRBE < @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:8BBD1F9A > < @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:5C321E34 > < > < :commands > < [emptytemp] > < [purity] > < [RESETHOSTS] > < [EMPTYFLASH] > ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:8BBD1F9A @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:5C321E34 < End of report > Quote
Starbuck Posted June 6, 2010 Posted June 6, 2010 Hi Bowler, Ok, i can see why the fix didn't work. You clicked the scan button instead of the fix button: Here's the fix again: Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl O4 - HKLM..\Run: [nwiz] File not found O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) [2010/05/10 19:05:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2 [2010/05/24 00:48:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MSOJPXFRBE @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:8BBD1F9A @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:5C321E34 :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Quote Member of:UNITE
Bowler Posted June 6, 2010 Author Posted June 6, 2010 OOPS! Hope this is right! All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS.1\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2\Quarantine Items folder moved successfully. C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2\MSESys folder moved successfully. C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2\BackUp folder moved successfully. C:\Documents and Settings\All Users.WINDOWS.1\Application Data\7f1e7c2 folder moved successfully. C:\Documents and Settings\All Users.WINDOWS.1\Application Data\MSOJPXFRBE folder moved successfully. ADS C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:8BBD1F9A deleted successfully. ADS C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP:5C321E34 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: All Users.WINDOWS.0 User: All Users.WINDOWS.1 User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User.WINDOWS.0 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User.WINDOWS.1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Elonex Admin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService.NT AUTHORITY ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService.NT AUTHORITY.000 ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: NetworkService.NT AUTHORITY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService.NT AUTHORITY.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: The prout family ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 3081116 bytes ->Flash cache emptied: 560 bytes User: The Prout Family.ELONEX ->Temp folder emptied: 9227684 bytes ->Temporary Internet Files folder emptied: 1082806 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1777 bytes User: The Prout Family.ELONEX.000 ->Temp folder emptied: 17329 bytes ->Temporary Internet Files folder emptied: 11243782 bytes ->Flash cache emptied: 2103559 bytes User: THEPRO~1~000 %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 7861 bytes Total Files Cleaned = 28.00 mb C:\WINDOWS.1\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: Administrator User: All Users User: All Users.WINDOWS.0 User: All Users.WINDOWS.1 User: Default User User: Default User.WINDOWS.0 User: Default User.WINDOWS.1 ->Flash cache emptied: 0 bytes User: Elonex Admin User: LocalService User: LocalService.NT AUTHORITY User: LocalService.NT AUTHORITY.000 User: NetworkService User: NetworkService.NT AUTHORITY User: NetworkService.NT AUTHORITY.000 User: The prout family ->Flash cache emptied: 0 bytes User: The Prout Family.ELONEX ->Flash cache emptied: 0 bytes User: The Prout Family.ELONEX.000 ->Flash cache emptied: 0 bytes User: THEPRO~1~000 Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.5.3 log created on 06062010_214157 Files\Folders moved on Reboot... C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Temporary Internet Files\Content.IE5\3UWZLEZZ\ads[1].htm moved successfully. C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Temporary Internet Files\Content.IE5\0IW10JBM\9853-hijackthis-log[1].html moved successfully. C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Temporary Internet Files\Content.IE5\0IW10JBM\ads[1].htm moved successfully. Registry entries deleted on Reboot... Quote
Starbuck Posted June 6, 2010 Posted June 6, 2010 Hope this is right! Yep http://fc07.deviantart.net/images3/i/2004/146/9/1/Two_thumbs_up.gif Now run OTL again and just click on the scan button. Let me have the new report and let me know how the system is running now. Thanks. Quote Member of:UNITE
Bowler Posted June 6, 2010 Author Posted June 6, 2010 Hi Starbuck. pc seems to be running fine. OTL logfile created on: 06/06/2010 22:07:04 - Run 3 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop\maitenance tools Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.1 | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 205.28 Gb Free Space | 88.15% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ELONEX Current User Name: The Prout Family Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop\maitenance tools\OTL.exe (OldTimer Tools) PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\WINDOWS.1\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Kontiki\KService.exe () PRC - C:\WINDOWS.1\system32\dldncoms.exe ( ) PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET) PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.) PRC - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\The Prout Family.ELONEX.000\Desktop\maitenance tools\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS.1\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET) SRV - (KService) -- C:\Program Files\Kontiki\KService.exe () SRV - (dldnCATSCustConnectService) -- C:\WINDOWS.1\System32\spool\DRIVERS\W32X86\3\\dldnserv.exe () SRV - (dldn_device) -- C:\WINDOWS.1\System32\dldncoms.exe ( ) SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET) SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.) ========== Driver Services (SafeList) ========== DRV - (nv) -- C:\WINDOWS.1\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (KeyScrambler) -- C:\WINDOWS.1\system32\drivers\keyscrambler.sys (QFX Software Corporation) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (pavboot) -- C:\WINDOWS.1\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (epfwtdi) -- C:\WINDOWS.1\system32\drivers\epfwtdi.sys (ESET) DRV - (Epfwndis) -- C:\WINDOWS.1\system32\drivers\epfwndis.sys (ESET) DRV - (epfw) -- C:\WINDOWS.1\system32\drivers\epfw.sys (ESET) DRV - (easdrv) -- C:\WINDOWS.1\system32\drivers\easdrv.sys (ESET) DRV - (eamon) -- C:\WINDOWS.1\system32\drivers\eamon.sys (ESET) DRV - (nvnetbus) -- C:\WINDOWS.1\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS.1\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (HDAudBus) -- C:\WINDOWS.1\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (AmdPPM) -- C:\WINDOWS.1\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS.1\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (WebSTARXP) -- C:\WINDOWS.1\system32\drivers\SACMXP1.sys (Scientific Atlanta) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.1\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [2009/09/02 18:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2010/06/06 21:42:32 | 000,000,098 | ---- | M]) - C:\WINDOWS.1\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS.1\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.1\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.1\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.) O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://yahoouk.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.1\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/07/25 19:50:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/06 21:41:57 | 000,000,000 | ---D | C] -- C:\_OTL [2010/06/05 16:27:44 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS.1\System32\drivers\pavboot.sys [2010/06/05 15:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2010/05/20 20:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ThumbnailCache4R [2010/05/20 20:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\Dell Imaging Toolbox [2010/05/20 20:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Dl_cats [2008/01/23 21:48:59 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnpmui.dll [2008/01/23 21:45:57 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnserv.dll [2008/01/23 21:42:42 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnlmpm.dll [2008/01/23 21:42:39 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldniesc.dll [2008/01/23 21:42:28 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldncomm.dll [2008/01/23 21:41:26 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnhbn3.dll [2008/01/23 21:40:59 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnusb1.dll [2008/01/23 21:40:29 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldncomc.dll [2008/01/23 21:39:23 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldnprox.dll [2008/01/23 21:37:30 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS.1\System32\dldninpa.dll ========== Files - Modified Within 30 Days ========== [2010/06/06 21:44:28 | 000,276,202 | ---- | M] () -- C:\WINDOWS.1\System32\NvApps.xml [2010/06/06 21:43:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.1\tasks\SA.DAT [2010/06/06 21:43:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS.1\bootstat.dat [2010/06/06 21:42:40 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\NTUSER.DAT [2010/06/06 21:42:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\ntuser.ini [2010/06/06 21:42:32 | 000,000,098 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\etc\Hosts [2010/06/06 19:48:13 | 000,000,489 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.1\DG21FF1.A00 [2010/06/06 13:30:37 | 000,001,494 | ---- | M] () -- C:\WINDOWS.1\System32\drivers\etc\hosts.new [2010/06/06 10:56:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS.1\System32\wpa.dbl [2010/05/30 14:24:02 | 000,000,985 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\malwarebytes log [2010/05/27 09:20:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS.1\imsins.BAK [2010/05/22 17:08:34 | 000,000,754 | ---- | M] () -- C:\WINDOWS.1\WORDPAD.INI [2010/05/20 20:36:59 | 000,001,706 | ---- | M] () -- C:\WINDOWS.1\System32\LexFiles.ulf [2010/05/19 12:01:36 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/14 09:06:29 | 000,866,722 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting005.jpg [2010/05/14 09:05:59 | 000,904,019 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\microlight4.jpg [2010/05/14 09:05:24 | 001,004,698 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting003.jpg [2010/05/14 09:05:01 | 000,826,529 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting002.jpg [2010/05/14 09:04:36 | 000,766,449 | ---- | M] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\mircolight.jpg ========== Files Created - No Company Name ========== [2010/05/30 14:24:02 | 000,000,985 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\malwarebytes log [2010/05/14 09:06:28 | 000,866,722 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting005.jpg [2010/05/14 09:05:58 | 000,904,019 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\microlight4.jpg [2010/05/14 09:05:23 | 001,004,698 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting003.jpg [2010/05/14 09:05:00 | 000,826,529 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\Microlighrting002.jpg [2010/05/14 09:04:35 | 000,766,449 | ---- | C] () -- C:\Documents and Settings\The Prout Family.ELONEX.000\My Documents\mircolight.jpg [2010/03/28 21:57:20 | 000,000,754 | ---- | C] () -- C:\WINDOWS.1\WORDPAD.INI [2010/03/06 13:04:18 | 000,178,176 | ---- | C] () -- C:\WINDOWS.1\System32\unrar.dll [2010/02/15 17:17:18 | 000,360,448 | R--- | C] () -- C:\WINDOWS.1\System32\dldncoin.dll [2010/02/15 17:17:17 | 000,077,906 | ---- | C] () -- C:\WINDOWS.1\System32\dldncfg.dll [2008/02/11 04:13:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS.1\System32\dldninsr.dll [2008/02/11 04:13:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS.1\System32\dldncur.dll [2008/02/11 04:12:39 | 000,143,360 | ---- | C] () -- C:\WINDOWS.1\System32\dldnjswr.dll [2008/02/11 04:09:53 | 000,176,128 | ---- | C] () -- C:\WINDOWS.1\System32\dldninsb.dll [2008/02/11 04:09:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS.1\System32\dldncub.dll [2008/02/11 04:07:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS.1\System32\dldncu.dll [2008/02/11 04:07:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS.1\System32\dldnins.dll [2008/02/11 04:05:20 | 000,520,192 | ---- | C] () -- C:\WINDOWS.1\System32\dldnutil.dll [2008/02/11 04:04:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS.1\System32\dldngrd.dll [2008/01/29 21:49:04 | 000,782,336 | ---- | C] () -- C:\WINDOWS.1\System32\dldndrs.dll [2008/01/23 13:08:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS.1\System32\dldncaps.dll [2007/10/02 15:51:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS.1\System32\dldncnv4.dll [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS.1\System32\idxcntrs.ini [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS.1\System32\gsrvctr.ini [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS.1\System32\gthrctr.ini [2007/04/28 15:41:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS.1\System32\dldnvs.dll ========== LOP Check ========== [2010/03/16 21:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Entriq [2010/02/10 16:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ESET [2010/03/16 21:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Kontiki [2010/06/06 10:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP [2010/03/17 13:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\The Mirror Mysteries [2010/05/20 20:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ThumbnailCache4R [2010/06/06 13:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TuneUp Software [2010/02/10 18:52:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010/02/10 16:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\ESET [2010/02/10 20:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\InterTrust [2010/06/06 13:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\TuneUp Software [2010/02/23 10:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\Windows Desktop Search [2010/03/03 11:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Prout Family.ELONEX.000\Application Data\Windows Search ========== Purity Check ========== < End of report > Quote
Starbuck Posted June 6, 2010 Posted June 6, 2010 Hi Bowler, O1 HOSTS File: ([2010/06/06 21:42:32 | 000,000,098 | ---- | M]) - C:\WINDOWS.1\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost That looks more like it. Everything looks good now. If you are happy with how the system is running, we'll finish off the cleaning and remove OTL. Step 1 Please double-click OTL.exe to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will remove any programs we have asked you to download along with there associated folders.. plus itself. Note: MBAM will not be removed Step 2 Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then go to Start > Run and type: Cleanmgr Click "OK". Select the drive for cleaning then click OK (usually 'C' drive) Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. To find out how you may have been infected....read this topic: So how did i get infected? Not all of the following information will be applicable to you, but it's still best to read it all. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Avira AntiVir Avast free Bitdefender Free MS Security Essentials ... see note* Note*: Upon installation MS Security Essentials will check that your OS is a legal copy. Only install one AntiVirus program [*]Update your AntiVirus Software regularly [*]Use a 3rd party Firewall Online Armor Free ZoneAlarm ...Important note below Outpost Firewall Free Sunbelt Personal Firewall NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option. Only install one software Firewall Some 3rd party Firewalls will turn off the windows firewall when they are installed. It's always best to check that the Windows Firewall is turned off: How to turn off Windows Firewall: Start ... Control Panel ...click on 'Classic View'. now select Windows Firewall. When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. [*] Use an alternative browser: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera They offer better security, more stability, and better speed. [*]Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial [*]Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: CCleaner TFC by OldTimer ATF Cleaner [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using and installing SpywareBlaster [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
Bowler Posted June 6, 2010 Author Posted June 6, 2010 Starbuck, I am extremely grateful to you, your help has been greatly appreciated Thanks very much Quote
Starbuck Posted June 6, 2010 Posted June 6, 2010 You are more than welcome. Take care. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.