GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


hi can anyone help re aa virus trojan called security tool

2 posters

descriptionhi can anyone help re aa virus trojan called security tool Emptyhi can anyone help re aa virus trojan called security tool14th February 2010, 10:08 pm

more_horiz
i am not a computer savvy person but one of my kids went onto something online and its showing on my oc as security tool ive managed somehow through the task manager to close one of the offending items down and it seems to have stoppeded all the bleeping and pop ups for now.
it has a picture of a shield if thats any help and it keeps asking to register for the security tool itself meanwhile popu ups keep saying this or that programme is blocked and trying to transmit information. but it looks like ive stopped that for now.

any help out there would be much apprecieated thanks

all i can tell you is im on xp

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool14th February 2010, 10:11 pm

more_horiz
am also running an malwarewarebytes anti malware at the moment

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool14th February 2010, 10:42 pm

more_horiz
Okay, standing by, please post the MBAM log once completed.

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool14th February 2010, 10:44 pm

more_horiz
Thank you i will post as soon as i have the information

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool14th February 2010, 10:54 pm

more_horiz
Malwarebytes' Anti-Malware 1.44
Database version: 3739
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/02/2010 22:52:39
mbam-log-2010-02-14 (22-52-24).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 229616
Time elapsed: 1 hour(s), 15 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 48
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 31
Files Infected: 60

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8c788aa2-7530-43be-97b7-4d491f13bea3} (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ErrorSmart (Rogue.ErrorSmart) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\EvidenceEraser (Rogue.EvidenceEraser) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MacroVirus (Rogue.MacroVirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RegSweep (Rogue.RegSweep) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MacroVirus (Rogue.MacroVirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Error Nuker (Rogue.ErrorNuker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.79.0 (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\63056424 (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\92618329 (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\zango@zango.com (Adware.Zango) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
D:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\ErrorSmart (Rogue.ErrorSmart) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\ErrorSmart\Log (Rogue.ErrorSmart) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\ErrorSmart\Registry Backups (Rogue.ErrorSmart) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Registry Backups (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Settings (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegSweep (Rogue.RegSweep) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegSweep\Log (Rogue.RegSweep) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegSweep\Registry Backups (Rogue.RegSweep) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot (Rogue.SpywareBot) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\Quarantine (Rogue.SpywareBot) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\Registry Backups (Rogue.SpywareBot) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\WeatherDPA (Adware.Hotbar) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\WeatherDPA\Weather (Adware.Hotbar) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\WeatherDPA\Weather\WeatherDPA (Adware.Hotbar) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> No action taken.

Files Infected:
D:\Documents and Settings\All Users\Application Data\THIS IS THE VIRUS AND TROJAN remove\63056424.exe (Rogue.Security.Tool) -> No action taken.
D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP1251\A0431742.exe (Rogue.Security.Tool) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\ErrorSmart\Log\2008 Jul 20 - 06_54_45 PM_031.log (Rogue.ErrorSmart) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\ErrorSmart\Registry Backups\2008-07-20_18-58-50.reg (Rogue.ErrorSmart) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\DataBase.ref (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 27 - 03_11_59 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 27 - 03_12_01 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 27 - 03_12_02 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 27 - 03_37_42 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 27 - 03_49_17 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 27 - 03_53_41 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 28 - 01_31_48 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 28 - 01_31_49 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 28 - 10_30_34 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 28 - 12_40_09 AM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 29 - 01_59_30 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 29 - 01_59_32 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 29 - 03_03_23 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 29 - 03_03_24 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 29 - 04_56_55 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 29 - 11_41_07 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 29 - 11_50_59 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 29 - 11_55_57 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2007 Jul 29 - 11_58_05 PM.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2008 Jul 18 - 10_01_25 PM_609.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2008 Jul 18 - 10_01_30 PM_562.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2008 Jul 18 - 10_01_30 PM_953.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Log\2008 Jul 18 - 11_20_46 PM_171.log (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Settings\CustomScan.stg (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Settings\IgnoreList.stg (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Settings\ScanInfo.stg (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Settings\SelectedFolders.stg (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\EvidenceEraser\Settings\Settings.stg (Rogue.EvidenceEraser) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegistrySmart\Log\2007 Jun 28 - 11_34_15 PM_625.log (Rogue.RegistrySmart) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegistrySmart\Log\2007 Jun 28 - 11_34_16 PM_406.log (Rogue.RegistrySmart) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegistrySmart\Registry Backups\2007-06-28_23-36-53.reg (Rogue.RegistrySmart) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegSweep\Errors.stg (Rogue.RegSweep) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegSweep\Results.stg (Rogue.RegSweep) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegSweep\Log\2007 Jun 28 - 12_52_49 PM.log (Rogue.RegSweep) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegSweep\Log\2007 Jun 28 - 12_52_50 PM.log (Rogue.RegSweep) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\RegSweep\Registry Backups\2007-06-28_12-54-42.reg (Rogue.RegSweep) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\DataBase.ref (Rogue.SpywareBot) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\rs.dat (Rogue.SpywareBot) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\Log\2007 Sep 13 - 09_23_46 PM_453.log (Rogue.SpywareBot) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\Log\2007 Sep 13 - 09_23_48 PM_671.log (Rogue.SpywareBot) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\Log\2007 Sep 13 - 10_29_20 PM_234.log (Rogue.SpywareBot) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\Settings\CustomScan.stg (Rogue.SpywareBot) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\Settings\IgnoreList.stg (Rogue.SpywareBot) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\Settings\ScanInfo.stg (Rogue.SpywareBot) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\Settings\ScanResults.stg (Rogue.SpywareBot) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\Settings\SelectedFolders.stg (Rogue.SpywareBot) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\SpywareBot\Settings\Settings.stg (Rogue.SpywareBot) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
D:\Documents and Settings\Sexy Litle Numbers\Application Data\WeatherDPA\Weather\WeatherStartup.xml (Adware.Hotbar) -> No action taken.

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool15th February 2010, 11:10 pm

more_horiz
Hello.
Did you remove what was found? the log says no action was taken.

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool15th February 2010, 11:29 pm

more_horiz
hi thanks yes i clciked remove i have rescanned again today and it says i still have vundo trojan also in the task bar i can see something called googlecrash which ive closed via the task bar

this is the updated MBAM log
Malwarebytes' Anti-Malware 1.44
Database version: 3739
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/02/2010 23:17:59
mbam-log-2010-02-15 (23-17-59).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 231269
Time elapsed: 56 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool16th February 2010, 9:42 pm

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool20th February 2010, 11:29 pm

more_horiz
OTL logfile created on: 20/02/2010 23:24:06 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = D:\Documents and Settings\Sexy Litle Numbers\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

959.00 Mb Total Physical Memory | 285.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 15.38 Gb Free Space | 51.29% Space Free | Partition Type: NTFS
Drive D: | 111.24 Gb Total Space | 104.00 Gb Free Space | 93.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SN049688620668
Current User Name: Sexy Litle Numbers
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/20 23:23:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\OTL.exe
PRC - [2010/02/11 18:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 18:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/05 00:21:57 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/05 00:21:56 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/05 00:21:54 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/05 00:21:53 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/05 00:21:53 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/05 00:21:52 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/02 11:23:05 | 000,054,608 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL 9.1 Betaa\shellmon.exe
PRC - [2010/02/02 11:15:22 | 000,033,792 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL 9.1 Betaa\waol.exe
PRC - [2010/01/10 20:17:09 | 000,136,176 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Sexy Litle Numbers\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/06 15:09:14 | 001,447,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2009/12/06 15:09:14 | 000,972,008 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2009/12/04 13:37:12 | 000,340,312 | ---- | M] () -- C:\Program Files\Iconix\OEAddOn\OEdmn_5.exe
PRC - [2009/12/04 13:37:04 | 000,282,968 | ---- | M] () -- C:\Program Files\Common Files\Iconix\IconixService.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 17:16:08 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1250073252\ee\aolsoftware.exe
PRC - [2007/01/09 17:11:20 | 000,118,784 | ---- | M] (OptionNV) -- C:\WINDOWS\system32\Gtdetectsc.exe
PRC - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2006/10/13 23:18:24 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
PRC - [2005/08/03 23:02:58 | 000,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/05/11 13:52:04 | 000,737,381 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005/05/11 13:52:00 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005/05/11 13:50:34 | 000,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2005/05/11 13:50:14 | 000,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2005/02/26 00:28:03 | 000,212,992 | ---- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2005/01/07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/02/20 23:23:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\OTL.exe
MOD - [2009/12/04 13:37:14 | 000,311,640 | ---- | M] () -- C:\Program Files\Iconix\OEAddOn\OEldr_6.dll
MOD - [2009/11/26 17:57:22 | 000,484,584 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/10/22 19:59:13 | 000,006,144 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1 Betaa\idleproc.dll
MOD - [2008/04/13 17:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2007/03/21 19:33:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCR71.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/02/11 18:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 18:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 18:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/05 00:21:52 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/06 15:09:14 | 000,972,008 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/12/04 13:37:04 | 000,282,968 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Iconix\IconixService.exe -- (IconixService)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/01/09 17:11:20 | 000,118,784 | ---- | M] (OptionNV) [Auto | Running] -- C:\WINDOWS\system32\Gtdetectsc.exe -- (gtdetectsc)
SRV - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/08/03 23:02:58 | 000,380,928 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/05/11 13:52:00 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/05/11 13:50:34 | 000,110,672 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/05/11 13:50:14 | 000,221,266 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/01/07 11:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2010/02/11 18:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 18:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 18:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 18:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 18:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 18:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/05 00:22:21 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/05 00:22:16 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/05 00:22:14 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/06 15:09:34 | 000,337,000 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2009/12/06 15:09:34 | 000,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2009/08/27 08:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 10:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/08 12:12:42 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/03/26 14:18:00 | 000,020,352 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swivspnt.sys -- (swivsp)
DRV - [2005/10/26 16:08:26 | 003,786,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/03 23:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/12/02 16:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/10/21 02:03:00 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/04 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/03 22:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2003/08/20 17:34:50 | 000,548,952 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2003/07/16 12:30:26 | 000,221,736 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2003/07/02 16:26:36 | 001,301,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/07/02 16:24:36 | 000,086,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2003/07/02 16:12:52 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/07/02 15:57:10 | 000,167,384 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2003/01/10 21:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk
IE - HKCU\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/12/01 10:43:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\Mozilla\Extensions
[2009/10/05 15:04:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/14 23:57:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\Mozilla\Firefox\extensions
[2010/02/14 23:57:22 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (IconixBHOClass Class) - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll ()
O2 - BHO: (AOL Broadband Toolbar Loader) - {776a9d06-e178-4aa0-aee4-b4de3a64ad28} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {e6ed7f95-e571-4f81-8757-5eb11252703d} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1250073252\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [IconixOEAddOn] C:\Program Files\Iconix\OEAddOn\OEdmn_5.exe ()
O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe (Sammsoft)
O4 - HKCU..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Google Update] D:\Documents and Settings\Sexy Litle Numbers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe File not found
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not found
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - D:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll ()
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} https://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139090187515 (MUWebControl Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://sexydresses.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game08.zylom.com/activex/zylomgamesplayer.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} http://www.rockyou.com/RockYouImageUploader.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} https://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (Reg Error: Key error.)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () - http://www.pleaserusa.com/img/Background_Corp_center.png
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\Shell - "" = AutoRun
O33 - MountPoints2\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/20 23:23:47 | 000,549,376 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\OTL.exe
[2010/02/15 23:39:35 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/15 23:39:34 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/15 23:39:34 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/15 23:39:32 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/15 23:39:31 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/15 23:39:31 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/15 23:39:30 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/15 23:39:07 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/15 23:39:07 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/15 23:38:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/15 23:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/15 20:35:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/15 17:41:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\NDP WATERMARKED AND RESIZED
[2010/02/15 17:17:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\NOM DE P RESIZED
[2010/02/14 23:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2010/02/14 23:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Optimizer
[2010/02/14 21:33:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\Malwarebytes
[2010/02/14 21:33:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/14 21:33:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/14 21:33:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/14 21:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/14 19:07:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Local Settings\Application Data\Threat Expert
[2010/02/14 16:44:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/02/13 21:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/02/13 01:35:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\NOM DE PLUME RESIZED
[2010/02/08 23:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/02/08 23:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.1 Betaa
[2010/02/06 19:00:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\BORDELLO FOOTWEAR
[2010/02/05 00:22:34 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/05 00:22:22 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/05 00:22:21 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/05 00:22:15 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/05 00:22:14 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/05 00:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/05 00:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/05 00:21:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\avg9
[2010/02/05 00:08:43 | 000,891,208 | ---- | C] (AVG Technologies) -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\avg_free_stb_en_9_40.exe
[2010/02/04 23:22:56 | 000,000,000 | ---D | C] -- C:\KAV
[2010/02/04 23:06:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\Uniblue
[2010/02/03 17:21:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\henry kay
[2010/01/31 19:22:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\WEDDING DRESSES RESIZED
[2010/01/29 19:29:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\REGTOOL5.DLL
[2010/01/27 18:16:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\new wedding dresses pictures
[2010/01/27 13:11:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2010/01/27 13:11:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/27 13:11:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/27 13:11:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/25 22:37:06 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Sexy Litle Numbers\My Documents\avatars etc
[2010/01/25 00:08:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\Pleaser_Logos
[2010/01/22 23:26:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\NOVEMBER INVOICES
[2009/02/14 22:45:23 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/02/14 22:45:23 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/14 22:45:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/14 22:44:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/23 16:12:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/08/23 16:12:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Application Data\Adobe
[2006/03/02 18:55:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Application Data\Symantec
[2005/12/20 15:36:20 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[1980/01/01 00:00:00 | 001,301,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[1980/01/01 00:00:00 | 000,548,952 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[1980/01/01 00:00:00 | 000,221,736 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1980/01/01 00:00:00 | 000,167,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[1980/01/01 00:00:00 | 000,086,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/20 23:23:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\OTL.exe
[2010/02/20 23:22:00 | 000,001,028 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3476259568-820065448-607964368-1006UA.job
[2010/02/20 21:53:57 | 055,963,047 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/20 21:51:32 | 000,000,588 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/20 21:51:20 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{230A6A4B-C6DF-43B6-978A-B81048E0A7AB}.job
[2010/02/20 21:50:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/20 21:48:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/20 21:48:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/20 21:48:15 | 1006,030,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/19 23:02:19 | 009,175,040 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\ntuser.dat
[2010/02/19 23:02:19 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\ntuser.ini
[2010/02/19 23:02:09 | 004,314,166 | -H-- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Local Settings\Application Data\IconCache.db
[2010/02/19 20:22:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3476259568-820065448-607964368-1006Core.job
[2010/02/17 23:08:46 | 000,000,436 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\My Documents\Chrystals Fashion Boutique cpy file.lnk
[2010/02/17 12:29:47 | 000,013,356 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\wklnhst.dat
[2010/02/15 23:39:35 | 000,001,589 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/02/15 23:39:31 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/15 20:39:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/14 23:57:20 | 000,001,603 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\Check PC For Errors.lnk
[2010/02/14 21:33:33 | 000,000,581 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/14 19:33:41 | 000,006,656 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/12 12:23:11 | 000,002,383 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\Google Chrome.lnk
[2010/02/12 00:48:39 | 000,443,240 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/12 00:48:39 | 000,072,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/12 00:48:38 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/11 18:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 18:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 18:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 18:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 18:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 18:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 18:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 18:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 18:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/08 23:36:56 | 000,000,718 | ---- | M] () -- C:\WINDOWS\aolback.exe.lnk
[2010/02/08 23:36:55 | 000,000,557 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\AOL 9.1 Beta.lnk
[2010/02/06 20:06:43 | 004,131,233 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\Demonia_Price_List.pdf
[2010/02/06 19:44:08 | 002,497,356 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\Pleaser_Logos.zip
[2010/02/05 00:22:22 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/05 00:22:22 | 000,001,426 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/05 00:22:21 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/05 00:22:16 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/05 00:22:14 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/05 00:22:14 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/05 00:22:06 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/05 00:22:06 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/05 00:22:06 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/05 00:08:54 | 000,891,208 | ---- | M] (AVG Technologies) -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\avg_free_stb_en_9_40.exe
[2010/01/29 21:50:53 | 000,000,000 | -H-- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\My Documents\Default.rdp
[2010/01/27 18:23:10 | 000,001,461 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\CCleaner.lnk
[2010/01/23 22:40:06 | 000,047,201 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\csv_import_v2_1_3 to import csv files.zip
[2010/01/21 23:56:33 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI
[2010/01/21 23:32:59 | 000,000,204 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\http--www.pleaserusa.com-download-Inv_stat.csv.url
[2010/01/21 23:31:36 | 000,000,204 | ---- | M] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\http--www.pleaserusa.com-download-inv_item.csv.url
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/15 23:39:35 | 000,001,589 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/02/15 20:37:20 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/14 23:57:20 | 000,001,603 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\Check PC For Errors.lnk
[2010/02/14 21:33:33 | 000,000,581 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/14 19:51:49 | 1006,030,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/06 20:06:43 | 004,131,233 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\Demonia_Price_List.pdf
[2010/02/06 19:44:08 | 002,497,356 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\Pleaser_Logos.zip
[2010/02/05 00:22:22 | 000,001,426 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/05 00:22:14 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/05 00:22:06 | 055,963,047 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/05 00:22:06 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/05 00:22:06 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/05 00:22:06 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/29 21:50:53 | 000,000,000 | -H-- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\My Documents\Default.rdp
[2010/01/23 22:40:06 | 000,047,201 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\csv_import_v2_1_3 to import csv files.zip
[2010/01/21 23:32:59 | 000,000,204 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\http--www.pleaserusa.com-download-Inv_stat.csv.url
[2010/01/21 23:31:36 | 000,000,204 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Desktop\http--www.pleaserusa.com-download-inv_item.csv.url
[2009/06/06 07:59:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX200DEFGIPS.ini
[2009/05/22 08:41:35 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\XLSCX.INI
[2009/05/22 08:41:24 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2009/04/27 14:19:30 | 000,000,067 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\nero_photoshow_express.txt
[2009/04/27 14:06:46 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/01/08 22:19:47 | 000,000,024 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/10/25 20:42:21 | 000,000,130 | -H-- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\lakerda1967.sys
[2008/10/25 20:41:58 | 000,010,584 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\docXConverter (3).ini
[2008/05/15 11:04:38 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\.googlewebacchosts
[2008/03/31 23:16:08 | 000,761,050 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/01/26 22:19:22 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2007/12/25 13:45:05 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2007/07/13 00:21:32 | 000,006,656 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/07 02:22:08 | 000,000,141 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Local Settings\Application Data\fusioncache.dat
[2006/07/24 12:24:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/05/28 16:15:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/05/11 21:10:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/04/18 11:01:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/03/31 17:23:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/03/31 17:21:13 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX3800EFGIPSD.ini
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2006/03/02 23:15:14 | 000,000,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/07 14:17:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2005/12/31 18:04:47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC46Euro.ini
[2005/12/29 23:51:52 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2005/12/29 23:27:25 | 000,013,356 | ---- | C] () -- D:\Documents and Settings\Sexy Litle Numbers\Application Data\wklnhst.dat
[2005/12/20 16:14:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/20 16:02:47 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2005/12/20 15:58:33 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2005/12/20 15:52:46 | 000,007,584 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005/12/20 15:41:34 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/12/20 15:41:33 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/12/20 15:36:20 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/12/20 15:36:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/12/20 15:36:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2005/10/21 15:28:56 | 000,005,968 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/08/10 17:13:32 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/23 13:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1999/11/21 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 00:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[1980/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
@Alternate Data Stream - 116 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 116 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool20th February 2010, 11:54 pm

more_horiz
Please post the other log with it.

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool21st February 2010, 12:12 am

more_horiz
OTL Extras logfile created on: 20/02/2010 23:24:06 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = D:\Documents and Settings\Sexy Litle Numbers\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

959.00 Mb Total Physical Memory | 285.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 15.38 Gb Free Space | 51.29% Space Free | Partition Type: NTFS
Drive D: | 111.24 Gb Total Space | 104.00 Gb Free Space | 93.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SN049688620668
Current User Name: Sexy Litle Numbers
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BT Common Client\SwiApiMux.exe" = C:\Program Files\BT Common Client\SwiApiMux.exe:*:Enabled:SwiApiMux -- File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler -- (AOL LLC)
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Services -- (AOL LLC)
"C:\Program Files\AOL 9.0 VR\waol.exe" = C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1231534843\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1231534843\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found
"C:\Program Files\iWatermark\iWatermark.exe" = C:\Program Files\iWatermark\iWatermark.exe:*:Enabled:iWatermark 3.0.1 -- ()
"C:\Program Files\AOL 9.0 VRa\waol.exe" = C:\Program Files\AOL 9.0 VRa\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\1242042650\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1242042650\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Common Files\AOL\1242042650\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1242042650\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1249741902\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1249741902\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found
"C:\Program Files\Common Files\AOL\1249898734\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1249898734\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found
"C:\Program Files\AOL 9.0 VRb\waol.exe" = C:\Program Files\AOL 9.0 VRb\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\AOL 9.0 VRc\waol.exe" = C:\Program Files\AOL 9.0 VRc\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\1250073252\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1250073252\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.0 VRd\waol.exe" = C:\Program Files\AOL 9.0 VRd\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\AOL 9.1 Beta\waol.exe" = C:\Program Files\AOL 9.1 Beta\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AOL 9.1 Betaa\waol.exe" = C:\Program Files\AOL 9.1 Betaa\waol.exe:*:Enabled:AOL -- (AOL Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{2797D1CC-B68F-4098-96EF-E45700A3335C}" = DesignPro Business Cards SE
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.2
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.17
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a604316d-f407-4d88-a148-a90eb61db150}" = Nero 9 Trial
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C994D98C-293D-4825-958E-EB684B4D413F}" = MSN Toolbar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CEA5EF64-B694-4B79-9A2C-0FF738906A1D}" = DriverGuide Toolkit
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"AccessRT" = AccessRT
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"AOL Broadband Toolbar" = AOL Broadband Toolbar
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"Ask Toolbar_is1" = Ask Toolbar
"avast5" = avast! Free Antivirus
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual
"ESDX3800 User's Guide" = ESDX3800 User's Guide
"Iconix eMail ID" = Iconix®️ eMail ID
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2797D1CC-B68F-4098-96EF-E45700A3335C}" = DesignPro Business Cards SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nero PhotoShow Express" = Nero PhotoShow Express
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickTime" = QuickTime
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"ViviCam 8325 Digital Camera Driver" = ViviCam 8325 Digital Camera Driver
"ViviCam 8325 User's Manual" = ViviCam 8325 User's Manual
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winusb0100" = Microsoft WinUsb 1.0
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/01/2010 19:34:02 | Computer Name = SN049688620668 | Source = Application Error | ID = 1000
Description = Faulting application tl.exe, version 8.3.101.2, faulting module msvcr90.dll,
version 9.0.30729.4148, fault address 0x0006ccb5.

Error - 25/01/2010 20:22:14 | Computer Name = SN049688620668 | Source = Google Update | ID = 20
Description =

Error - 29/01/2010 18:31:31 | Computer Name = SN049688620668 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/01/2010 18:25:32 | Computer Name = SN049688620668 | Source = Application Error | ID = 1000
Description = Faulting application tl.exe, version 8.3.101.2, faulting module msvcr90.dll,
version 9.0.30729.4148, fault address 0x0006ccb5.

Error - 03/02/2010 18:19:40 | Computer Name = SN049688620668 | Source = Application Error | ID = 1000
Description = Faulting application tl.exe, version 8.3.101.2, faulting module msvcr90.dll,
version 9.0.30729.4148, fault address 0x0006ccb5.

Error - 03/02/2010 18:20:53 | Computer Name = SN049688620668 | Source = Application Error | ID = 1000
Description = Faulting application tl.exe, version 8.3.101.2, faulting module msvcr90.dll,
version 9.0.30729.4148, fault address 0x0006ccb5.

Error - 04/02/2010 19:50:22 | Computer Name = SN049688620668 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06/02/2010 16:17:58 | Computer Name = SN049688620668 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x62f54ae0.

Error - 10/02/2010 09:00:48 | Computer Name = SN049688620668 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/02/2010 14:58:40 | Computer Name = SN049688620668 | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8089.726, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 17/02/2010 08:09:48 | Computer Name = SN049688620668 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 0013D3B791C6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 17/02/2010 08:11:07 | Computer Name = SN049688620668 | Source = Service Control Manager | ID = 7000
Description = The BTWSp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 17/02/2010 16:57:51 | Computer Name = SN049688620668 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 0013D3B791C6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 17/02/2010 16:58:46 | Computer Name = SN049688620668 | Source = Service Control Manager | ID = 7000
Description = The BTWSp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 18/02/2010 06:08:58 | Computer Name = SN049688620668 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 0013D3B791C6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 18/02/2010 06:09:52 | Computer Name = SN049688620668 | Source = Service Control Manager | ID = 7000
Description = The BTWSp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 18/02/2010 08:59:06 | Computer Name = SN049688620668 | Source = Service Control Manager | ID = 7000
Description = The BTWSp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 18/02/2010 19:05:52 | Computer Name = SN049688620668 | Source = Service Control Manager | ID = 7000
Description = The BTWSp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 19/02/2010 10:59:58 | Computer Name = SN049688620668 | Source = Service Control Manager | ID = 7000
Description = The BTWSp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 20/02/2010 17:49:32 | Computer Name = SN049688620668 | Source = Service Control Manager | ID = 7000
Description = The BTWSp50 NDIS Protocol Driver service failed to start due to the
following error: %%2


< End of report >

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool21st February 2010, 1:41 am

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O33 - MountPoints2\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\Shell - "" = AutoRun
    O33 - MountPoints2\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool21st February 2010, 8:53 pm

more_horiz
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6832c580-d0ec-11dd-ade1-0013d3b791c6}\ not found.
File J:\AutoRun.exe not found.

OTL by OldTimer - Version 3.1.30.1 log created on 02212010_205127

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool22nd February 2010, 1:01 am

more_horiz
Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    J2SE Runtime Environment 5.0 Update 10
    Java Auto Updater
    Viewpoint Media Player

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
How is the machine running now?

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool22nd February 2010, 5:04 pm

more_horiz
was unable to remove Java Auto Updater

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool22nd February 2010, 5:07 pm

more_horiz
pc now running much much smoother and google crash hand no longer showing on the task manager

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool22nd February 2010, 8:59 pm

more_horiz
Please run one more MBAM scan just to be sure.

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool23rd February 2010, 4:01 pm

more_horiz
Malwarebytes' Anti-Malware 1.44
Database version: 3739
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/02/2010 15:23:05
mbam-log-2010-02-23 (15-23-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 229151
Time elapsed: 37 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool23rd February 2010, 8:25 pm

more_horiz
Okay, this looks good now.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool23rd February 2010, 10:43 pm

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=638181f3a131994598af5c2971101a14
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-23 09:50:55
# local_time=2010-02-23 09:50:55 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777175 100 0 684374 684374 0 0
# compatibility_mode=1024 16777215 100 0 1632201 1632201 0 0
# compatibility_mode=8192 67108863 100 0 3854 3854 0 0
# scanned=135903
# found=1
# cleaned=1
# scan_time=3959

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool25th February 2010, 12:20 am

more_horiz
Okay, this should be good now.

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool27th February 2010, 10:35 pm

more_horiz
thank you x

descriptionhi can anyone help re aa virus trojan called security tool EmptyRe: hi can anyone help re aa virus trojan called security tool

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum