Cannot shift RLVKLNG.exe MSVCR71.exe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Jason-m

Thread Starter
Joined
Apr 14, 2010
Messages
9
Had a relevant knowledge problem recently, everytime i bootup i antimalware bytes asks me if i want to quarantine the following files c\programfiles\relevantknowledge\MSVCR71.exe and RLVKLNG.exe, i have used superantispyware ( now removed ) and antimalwarebytes but the problem still keeps happening, the relevant knowledge folder is not in c program files so i am guessing this is a registry entry that i need to delete, can anyone help me with a log and anything i else i need to do to remove it..?

Thanks

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:44:47, on 14/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Hijackthis\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll" (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091203144706
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-Us/wlscctrl2.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxcj_device - Unknown owner - C:\Windows\system32\lxcjcoms.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10260 bytes
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

Please do the following:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.
 

Jason-m

Thread Starter
Joined
Apr 14, 2010
Messages
9
Hello.
Thanks for the reply and your help..

I d/loaded to the desktop clicked run and the followed your instructions, it only saved a OTL.txt file though.
Here it is..

OTL logfile created on: 16/04/2010 12:37:52 - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Jason\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.45 Gb Total Space | 125.85 Gb Free Space | 44.24% Space Free | Partition Type: NTFS
Drive D: | 13.54 Gb Total Space | 2.36 Gb Free Space | 17.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEPC
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe File not found
PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe File not found
PRC - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV:64bit: - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (vvdsvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (lxcj_device) -- C:\Windows\SysNative\lxcjcoms.exe ( )
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (vvdsvc) -- C:\Windows\SysWOW64\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (VSS) -- C:\Windows\Vss [2009/07/14 04:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 04:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/05 18:16:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/11 14:28:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/11 18:57:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/15 12:39:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2010/01/06 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2009/10/28 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/04/16 12:09:18 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions
[2010/01/06 19:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2010/03/28 20:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions\staged-xpis
[2010/03/28 20:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions\[email protected]
[2010/04/11 21:52:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/16 12:38:04 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/16 12:38:04 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/16 12:38:04 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/16 12:38:04 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/10/27 16:07:21 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.binweevils.com
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091203144706 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-Us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\Shell - "" = AutoRun
O33 - MountPoints2\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\Shell\AutoRun\command - "" = L:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/14 04:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/16 12:30:53 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/04/14 19:06:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\New folder
[2010/04/14 14:43:53 | 000,000,000 | ---D | C] -- C:\Hijackthis
[2010/04/14 14:10:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\ImgBurn
[2010/04/14 14:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2010/04/13 19:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/04/13 19:05:29 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010/04/13 16:23:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Timesheets
[2010/04/12 16:04:46 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/04/12 16:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/04/12 16:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/11 21:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/11 21:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/11 18:56:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\vlc
[2010/04/11 16:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/11 16:20:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\SUPERAntiSpyware.com
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/16 12:39:20 | 003,407,872 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT
[2010/04/16 12:30:54 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/04/16 12:19:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1651461192-4009384162-1331592290-1000UA.job
[2010/04/16 12:03:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/16 08:19:00 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1651461192-4009384162-1331592290-1000Core.job
[2010/04/16 08:13:46 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/16 08:13:46 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/16 08:10:31 | 003,755,768 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/16 08:10:31 | 001,658,618 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/16 08:10:31 | 000,004,526 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/16 08:05:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/16 08:05:35 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/15 22:01:40 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2010/04/15 22:01:25 | 007,428,378 | -H-- | M] () -- C:\Users\Jason\AppData\Local\IconCache.db
[2010/04/15 12:43:07 | 000,011,293 | ---- | M] () -- C:\Users\Jason\Desktop\Weekly Shift.docx
[2010/04/15 12:05:48 | 000,019,016 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/04/14 14:43:54 | 000,002,955 | ---- | M] () -- C:\Users\Jason\Desktop\HiJackThis.lnk
[2010/04/14 14:42:45 | 001,401,344 | ---- | M] () -- C:\HijackThis.msi
[2010/04/12 16:04:46 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/04/12 16:00:30 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/04/12 10:18:57 | 000,007,168 | ---- | M] () -- C:\Windows\SysWow64\drivers\utq3ntez.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/14 14:43:54 | 000,002,955 | ---- | C] () -- C:\Users\Jason\Desktop\HiJackThis.lnk
[2010/04/14 14:42:44 | 001,401,344 | ---- | C] () -- C:\HijackThis.msi
[2010/04/12 16:00:45 | 000,019,016 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/04/12 16:00:30 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/04/12 10:18:21 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\utq3ntez.sys
[2010/02/09 20:53:17 | 000,000,632 | RHS- | C] () -- C:\Users\Jason\ntuser.pol
[2010/02/08 18:49:04 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2010/01/30 15:43:20 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/01/30 12:17:49 | 000,000,000 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ab_bl.sig
[2009/12/27 10:08:31 | 000,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/26 13:47:56 | 000,003,584 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/23 23:08:07 | 000,000,020 | ---- | C] () -- C:\Windows\NNS.INI
[2009/12/12 22:11:37 | 000,023,034 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/12/01 17:31:04 | 000,000,140 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\wklnhst.dat
[2009/11/07 10:06:21 | 000,000,083 | ---- | C] () -- C:\Windows\VSWizard.ini
[2009/10/26 14:14:16 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/10/26 14:13:28 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2009/10/26 14:13:18 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/10/26 12:35:29 | 003,407,872 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT
[2009/10/26 12:35:29 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009/10/26 12:35:29 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009/10/26 12:35:29 | 000,262,144 | -HS- | C] () -- C:\Users\Jason\ntuser.dat.LOG1
[2009/10/26 12:35:29 | 000,065,536 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009/10/26 12:35:29 | 000,000,020 | -HS- | C] () -- C:\Users\Jason\ntuser.ini
[2009/10/26 12:35:29 | 000,000,000 | -HS- | C] () -- C:\Users\Jason\ntuser.dat.LOG2
[2009/10/22 20:15:56 | 000,146,098 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009/10/22 20:01:22 | 004,426,841 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2009/10/17 00:58:06 | 000,176,640 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2009/10/17 00:57:06 | 000,117,760 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2009/10/17 00:04:24 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2009/10/17 00:04:08 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2009/10/17 00:03:48 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2009/10/17 00:03:44 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2009/10/17 00:03:40 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2009/10/16 23:10:10 | 000,256,512 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2009/10/16 21:53:32 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2009/10/16 21:53:20 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/16 20:40:42 | 000,849,136 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2009/10/16 20:38:20 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/10/16 20:35:50 | 000,237,056 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2009/10/16 20:08:54 | 000,557,469 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2009/10/16 20:04:28 | 001,391,379 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2009/07/15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2007/07/10 18:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

========== LOP Check ==========

[2010/01/23 13:53:37 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/03/21 21:47:51 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\BitDefender
[2009/10/26 13:42:27 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ESET
[2010/04/02 09:36:12 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\EurekaLog
[2010/04/14 14:15:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ImgBurn
[2009/12/12 22:25:03 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\NewSoft
[2010/03/20 14:14:31 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Samsung
[2010/02/02 13:05:53 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Softland
[2009/10/30 04:57:45 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Sports Interactive
[2009/12/01 17:31:04 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Template
[2009/10/26 15:25:03 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Thunderbird
[2009/10/28 18:44:31 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\TomTom
[2010/03/02 15:26:20 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Unity
[2010/04/13 19:16:55 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\uTorrent
[2009/11/24 18:14:10 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\WinBatch
[2010/03/31 11:30:25 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/02/22 05:25:34 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2010/03/21 22:03:39 | 000,001,024 | ---- | M] () MD5=231CD46A29C26A58BDE1C7146B702399 -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
[2007/05/17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
[2010/04/12 10:18:57 | 000,007,168 | ---- | M] () -- C:\Windows\SysWOW64\drivers\utq3ntez.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:CB0AACC9
< End of report >

 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

Please do the following:

Note: make sure teatimer is disabled, so the fix will take effect.

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :OTL
    FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O33 - MountPoints2\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\Shell\AutoRun\command - "" = L:\WD SmartWare.exe -- File not found
    [2010/04/12 10:18:57 | 000,007,168 | ---- | M] () -- C:\Windows\SysWow64\drivers\utq3ntez.sys
    
    :Commands
    [resethosts]
    [emptyflash]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
 

Jason-m

Thread Starter
Joined
Apr 14, 2010
Messages
9
Hi, Thanks for your help again, i have followed your instructions, here are the 2 logs..

OTL Log

All processes killed
========== OTL ==========
Prefs.js: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E19037A-12E3-4295-8915-ED48BC341614}\ not found.
File C:\Program Files (x86)\RelevantKnowledge not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb3cf392-d5a2-11de-9dce-002618f7f24c}\ not found.
File L:\WD SmartWare.exe not found.
C:\Windows\SysWOW64\drivers\utq3ntez.sys moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jason
->Flash cache emptied: 162781 bytes

User: Lewis
->Flash cache emptied: 42386 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jason
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 462461557 bytes
->Java cache emptied: 47322610 bytes
->FireFox cache emptied: 94958603 bytes
->Google Chrome cache emptied: 18494118 bytes
->Flash cache emptied: 0 bytes

User: Lewis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14308384 bytes
->Java cache emptied: 12118620 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 438816 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 271668478 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13126295 bytes
RecycleBin emptied: 17407161059 bytes

Total Files Cleaned = 17,492.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04162010_214833

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


MBAM Log

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3998

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16/04/2010 22:01:43
mbam-log-2010-04-16 (22-01-43).txt

Scan type: Quick scan
Objects scanned: 114793
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Please do the following:

**Vista users - right click on the IE icon and run as administrator

Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.


NEXT



Please advise how your computer is running and if there are any outstanding issues
 

Jason-m

Thread Starter
Joined
Apr 14, 2010
Messages
9
Hi..

Here is the log from ESET

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251

Have rebooted and Antimalware has not asked to quarantine the files
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

That ESET scan doesn't appear as if it scanned properly?

Did it download the definitions and scan your system properly?

Were there any infections found?

Please post a fresh OTL log and advise if there are any outstanding issues.
 

Jason-m

Thread Starter
Joined
Apr 14, 2010
Messages
9
Hi..

The Eset scan downloaded definitons, scanned and found 4 threats but that was all that was in the log..?
I have rebooted and it didn't ask to quarantine the files but puzzled by the 4 threats found in ESET scan.
Here is the OTL log

OTL logfile created on: 17/04/2010 22:02:53 - Run 3
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Jason\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.45 Gb Total Space | 142.88 Gb Free Space | 50.23% Space Free | Partition Type: NTFS
Drive D: | 13.54 Gb Total Space | 2.36 Gb Free Space | 17.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEPC
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe File not found
PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe File not found
PRC - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_46\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV:64bit: - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (vvdsvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (lxcj_device) -- C:\Windows\SysNative\lxcjcoms.exe ( )
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (vvdsvc) -- C:\Windows\SysWOW64\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (VSS) -- C:\Windows\Vss [2009/07/14 04:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 04:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (BDFM) -- C:\Windows\SysNative\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifimp) -- C:\Windows\SysNative\drivers\vwifimp.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (SRS_ViewSonic) -- C:\Windows\SysNative\drivers\SRS_ViewSonic_amd64.sys ()
DRV:64bit: - (FlyUsb) -- C:\Windows\SysNative\drivers\FlyUsb.sys (LeapFrog)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/05 18:16:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/11 14:28:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/11 18:57:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/15 12:39:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2010/01/06 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2009/10/28 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/04/17 09:05:10 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions
[2010/01/06 19:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2010/03/28 20:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions\staged-xpis
[2010/03/28 20:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\v57hvm2i.default\extensions\[email protected]
[2010/04/11 21:52:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/16 12:38:04 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/16 12:38:04 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/16 12:38:04 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/16 12:38:04 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/16 21:48:34 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091203144706 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-Us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/17 00:05:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/04/16 21:49:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\New folder (2)
[2010/04/16 21:48:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/16 12:30:53 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/04/14 14:43:53 | 000,000,000 | ---D | C] -- C:\Hijackthis
[2010/04/14 14:10:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\ImgBurn
[2010/04/14 14:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2010/04/13 19:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/04/13 18:23:09 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/13 18:23:09 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/13 18:22:56 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/13 18:22:56 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/13 18:22:43 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/13 18:22:43 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/04/13 18:22:42 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/04/13 18:22:34 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/13 18:22:34 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/13 16:23:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Timesheets
[2010/04/12 16:04:46 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/04/12 16:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/04/12 16:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/11 21:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/11 21:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/11 21:52:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/11 21:52:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/11 21:52:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/11 18:56:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\vlc
[2010/04/11 16:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/11 16:20:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/02 09:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2010/04/02 09:36:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\EurekaLog
[2010/04/02 09:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF
[2010/03/31 07:14:54 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/03/31 07:14:53 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/03/31 07:14:53 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/03/31 07:14:53 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/03/31 07:14:53 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/03/31 07:14:52 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/03/31 07:14:52 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/03/31 07:14:52 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/03/29 20:08:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\ATI
[2010/03/29 20:08:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\ATI
[2010/03/29 20:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/03/29 20:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010/03/29 20:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/03/29 20:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/03/29 20:03:04 | 000,000,000 | ---D | C] -- C:\ATI
[2010/03/22 05:37:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes
[2010/03/22 05:37:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/22 05:37:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/22 05:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/22 05:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/21 22:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/03/21 21:47:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\BitDefender
[2010/03/21 21:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010/03/20 14:42:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\NPS
[2010/03/20 14:15:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers
[2010/03/20 14:14:45 | 000,024,064 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2010/03/20 14:14:45 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2010/03/20 14:14:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\My NPS Files
[2010/03/20 14:14:31 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Samsung
[2010/03/20 14:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2010/03/20 14:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010/03/20 14:13:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2010/03/20 14:10:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Downloaded Installations

========== Files - Modified Within 30 Days ==========

[2010/04/17 22:04:50 | 003,407,872 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT
[2010/04/17 21:44:40 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1651461192-4009384162-1331592290-1000UA.job
[2010/04/17 21:44:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/17 08:19:03 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1651461192-4009384162-1331592290-1000Core.job
[2010/04/16 22:10:26 | 000,011,274 | ---- | M] () -- C:\Users\Jason\Desktop\Weekly Shift.docx
[2010/04/16 22:10:13 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/16 22:10:13 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/16 22:07:20 | 003,789,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/16 22:07:20 | 001,675,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/16 22:07:20 | 000,004,526 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/16 22:03:50 | 000,019,016 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/04/16 22:02:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/16 22:02:36 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/16 22:02:02 | 007,395,248 | -H-- | M] () -- C:\Users\Jason\AppData\Local\IconCache.db
[2010/04/16 21:53:18 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2010/04/16 21:48:34 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/04/16 12:30:54 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/04/14 14:43:54 | 000,002,955 | ---- | M] () -- C:\Users\Jason\Desktop\HiJackThis.lnk
[2010/04/14 14:42:45 | 001,401,344 | ---- | M] () -- C:\HijackThis.msi
[2010/04/12 16:04:46 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/04/01 14:35:22 | 000,347,336 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2010/03/31 11:30:25 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/03/30 13:08:14 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/21 22:35:45 | 000,000,132 | ---- | M] () -- C:\Windows\SysNative\rezumatenoi.dat
[2010/03/21 22:03:42 | 000,102,720 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\SysNative\drivers\bdhv.sys
[2010/03/21 22:03:41 | 000,163,936 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\SysNative\drivers\bdfm.sys
[2010/03/21 21:50:35 | 000,000,850 | ---- | M] () -- C:\Windows\SysNative\ProductTweaks.xml
[2010/03/21 21:50:35 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml

========== Files Created - No Company Name ==========

[2010/04/14 14:43:54 | 000,002,955 | ---- | C] () -- C:\Users\Jason\Desktop\HiJackThis.lnk
[2010/04/14 14:42:44 | 001,401,344 | ---- | C] () -- C:\HijackThis.msi
[2010/04/12 16:00:45 | 000,019,016 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/04/02 09:40:06 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\cpwmon64.dll
[2010/03/31 16:22:55 | 000,011,274 | ---- | C] () -- C:\Users\Jason\Desktop\Weekly Shift.docx
[2010/03/21 21:50:35 | 000,000,850 | ---- | C] () -- C:\Windows\SysNative\ProductTweaks.xml
[2010/03/21 21:50:35 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2010/02/09 20:53:17 | 000,000,632 | RHS- | C] () -- C:\Users\Jason\ntuser.pol
[2010/02/08 18:49:04 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2010/01/30 15:43:20 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/01/30 12:17:49 | 000,000,000 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ab_bl.sig
[2009/12/27 10:08:31 | 000,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/26 13:47:56 | 000,003,584 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/23 23:08:07 | 000,000,020 | ---- | C] () -- C:\Windows\NNS.INI
[2009/12/12 22:11:37 | 000,023,034 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/12/01 17:31:04 | 000,000,140 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\wklnhst.dat
[2009/11/07 10:06:21 | 000,000,083 | ---- | C] () -- C:\Windows\VSWizard.ini
[2009/10/26 14:14:16 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/10/26 14:13:28 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2009/10/26 14:13:18 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/10/26 12:35:29 | 003,407,872 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT
[2009/10/26 12:35:29 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009/10/26 12:35:29 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009/10/26 12:35:29 | 000,262,144 | -HS- | C] () -- C:\Users\Jason\ntuser.dat.LOG1
[2009/10/26 12:35:29 | 000,065,536 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009/10/26 12:35:29 | 000,000,020 | -HS- | C] () -- C:\Users\Jason\ntuser.ini
[2009/10/26 12:35:29 | 000,000,000 | -HS- | C] () -- C:\Users\Jason\ntuser.dat.LOG2
[2009/10/22 20:15:56 | 000,146,098 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009/10/22 20:01:22 | 004,426,841 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2009/10/17 00:58:06 | 000,176,640 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2009/10/17 00:57:06 | 000,117,760 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2009/10/17 00:04:24 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2009/10/17 00:04:08 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2009/10/17 00:03:48 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2009/10/17 00:03:44 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2009/10/17 00:03:40 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2009/10/16 23:10:10 | 000,256,512 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2009/10/16 21:53:32 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2009/10/16 21:53:20 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/16 20:40:42 | 000,849,136 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2009/10/16 20:38:20 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/10/16 20:35:50 | 000,237,056 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2009/10/16 20:08:54 | 000,557,469 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2009/10/16 20:04:28 | 001,391,379 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2009/07/15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2007/07/10 18:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:CB0AACC9
< End of report >
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

The ESET scan should allow you to save a log which would list those files found, can you please try it again and save a log of the scan.

Please do the following:


Press the windows key + R to open a run box, copy paste the following into the open run box >OK

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c del /f/a/q "C:\Windows\SysNative\rezumatenoi.dat"

NEXT


Visit ADOBEand download the latest version of Acrobat Reader (version 9.3)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT



Go to windows key + R to open a run box > copy/paste the following text into the open run box > javacpl.cpl
> Press Enter > Select the Update tab > Click Update now


How is the computer running? Are there any outstanding issues?
 

Jason-m

Thread Starter
Joined
Apr 14, 2010
Messages
9
Did the first steps but when i paste javacpl.cpl
i get windows cannot find javacpl.cpl
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Please do it this way then

Java&#8482; 6 Update 19 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Now is the computer running? Are there any outstanding issues?
 

Jason-m

Thread Starter
Joined
Apr 14, 2010
Messages
9
Have updated Java, rebooted and it has not asked to qurantine the items, fingers crossed its gone....thanks for all the time and help you have given..
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
The items found by ESET haven't been addressed yet.

Were you able to note down what they were?

If not please rescan, see if you can save the log this time, if not, please note what the infections were so I can see if they need to be deleted or are False Positives.

How is the computer running?
 

Jason-m

Thread Starter
Joined
Apr 14, 2010
Messages
9
Hello have rescanned with ESET and it found 4 threats again but they are not the relevant knowledge problem they have been on my pc for years

:\Tools\DBOX2\FlashFXP.v3.4.Build.1140.Final.WinALL.Regged-VDOWN\vd-fxp34.zip a variant of Win32/HackTool.Patcher.A application
C:\Tools\Movie Tools\Nero 9 with serial\nero9.iso Win32/Toolbar.AskSBar application
C:\Tools\System Tools\Old Tools\Nod32 3.0.621.0 Finally with a fix\NOD32_v3_FiX_1.1-TemDono.exe Win32/HackAV.AJ application
C:\Tools\System Tools\Old Tools\RegistryFix v3.0 + Key\registryfix.exe a variant of Win32/Adware.ErrorClean application

PC has been rebooted a few times now and not once has it asked for the relevant files to be quarantined, everything seems to be running fine apart from everythime i click a link in explorer now the screen flashes black
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top