Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help With "http://url[dot]urtbk[dot]com" Spyware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby Shane284 » February 18th, 2010, 1:55 am

Hello Malware community,

My computer has recently been infected with spyware, I receive a warning from my third party security software (Trend Micro) when I search websites on firefox, The warning displays "http://url[dot]urtbk[dot]com" even tho I haven't been redirected to that site. I came here to hopefully get this problem resolved. (btw thank you admins for the link to the "posting guide" thread)

Hijackthis Log Below,
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:19 PM, on 2/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 6077 bytes

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Uninstall List Below
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
7-Zip 4.65
AC3Filter (remove only)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 9
Adobe Shockwave Player 11.5
Algodoo Phun edition v5.28
ASIO4ALL
Atheros Client Installation Program
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audiosurf
BitComet 1.16
Brother MFL-Pro Suite
Catalyst Control Center - Branding
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
dBpoweramp DSP Effects
dBpoweramp m4a Codec
dBpoweramp Music Converter
dBpoweramp Windows Media Audio 10 Codec
Deutz Engine
Diablo II
Drug Lord 2
FL Studio 9
GOM Player
Google SketchUp Pro 7
Guitar Pro 5.2
Half-Life
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HTC Driver
HTC Sync
IL Download Manager
Insaniquarium Deluxe 1.1
Java(TM) 6 Update 17
JDownloader
LimeWire 5.3.6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Premium
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Web Publishing Wizard 1.53
mIRC
Mozilla Firefox (3.5.7)
MSVCRT
Natural Selection 3.2
Nero OEM
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
PC Connectivity Solution
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.1 Watermoose
PFPortChecker 1.0.32
Plants vs. Zombies
PoiZone
PowerISO
Project64 1.6
Sawer
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
SketchyPhysics3x
Sound Blaster Audigy
Starcraft
Steam
The HSC Assistant SDD
TMPGEnc Authoring Works 4
Toxic Biohazard
Transport Tycoon Deluxe
Trend Micro PC-cillin Internet Security 2007
Trend Micro PC-cillin Internet Security 2007
Ultima Online: Mondain's Legacy
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Winamp
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

Thank you,

Shane
Shane284
Active Member
 
Posts: 9
Joined: February 17th, 2010, 6:50 pm
Advertisement
Register to Remove

Re: Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby MWR 3 day Mod » February 21st, 2010, 3:04 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby deltalima » February 25th, 2010, 6:21 am

Hi Shane284,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby deltalima » February 25th, 2010, 6:49 am

Hi Shane284,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    LimeWire 5.3.6
    BitComet 1.16


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Now please post a new uninstall list.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby Shane284 » February 26th, 2010, 9:44 pm

Hi Deltalima,

Thank you for responding to my thread. I have worked on my computer myself since infection and from what I can see I have rid my computer of the malware. I no longer get pop ups and my hardware no longer uninstalls its self on shut down, requiring re-installation on reboot. Are there any steps I can take in clarifying with you that my system is clean as the computer appears to be cleaned but I'm not 100% sure.

As Requested, Uninstall list below.

7-Zip 4.65
AC3Filter (remove only)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 9
Adobe Shockwave Player 11.5
Algodoo Phun edition v5.28
ASIO4ALL
Atheros Client Installation Program
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audiosurf
Brother MFL-Pro Suite
Catalyst Control Center - Branding
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
dBpoweramp DSP Effects
dBpoweramp m4a Codec
dBpoweramp Music Converter
dBpoweramp Windows Media Audio 10 Codec
Deutz Engine
Diablo II
Diner Dash Series
Drug Lord 2
FL Studio 9
GOM Player
Google SketchUp Pro 7
Guitar Pro 5.2
Half-Life
Hamachi 1.0.3.0
Heroes of Newerth
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
HTC Driver
HTC Sync
ICCup Launcher
IL Download Manager
Insaniquarium Deluxe 1.1
Java(TM) 6 Update 17
JDownloader
LoudMo Contextual Ad Assistant
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Premium
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Web Publishing Wizard 1.53
Mozilla Firefox (3.5.8)
MSVCRT
Natural Selection 3.2
Nero OEM
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
PC Connectivity Solution
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.1 Watermoose
PFPortChecker 1.0.32
Plants vs. Zombies
PoiZone
PowerISO
Project64 1.6
Sawer
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SketchyPhysics3x
Sound Blaster Audigy
Starcraft
Steam
The HSC Assistant SDD
TMPGEnc Authoring Works 4
Toxic Biohazard
Transport Tycoon Deluxe
Trend Micro PC-cillin Internet Security 2007
Trend Micro PC-cillin Internet Security 2007
Tweak UI
Ultima Online: Mondain's Legacy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Winamp
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

Regards,

Shane
Shane284
Active Member
 
Posts: 9
Joined: February 17th, 2010, 6:50 pm

Re: Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby deltalima » February 27th, 2010, 7:03 am

Hi Shane284,

Are there any steps I can take in clarifying with you that my system is clean as the computer appears to be cleaned


Sure, we will give the computer a full check up to make sure it's clean.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby Shane284 » February 28th, 2010, 2:46 am

As requested,

Extras.Txt

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
OTL Extras logfile created on: 2/28/2010 12:22:45 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Shane Frazz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 672.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.97 Gb Free Space | 5.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 304.48 Gb Free Space | 65.37% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHANE
Current User Name: Shane Frazz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-839522115-1770027372-2147011267-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"14004:TCP" = 14004:TCP:*:Enabled:BitComet 14004 TCP
"14004:UDP" = 14004:UDP:*:Enabled:BitComet 14004 UDP
"49155:TCP" = 49155:TCP:*:Enabled:BitComet 49155 TCP
"49155:UDP" = 49155:UDP:*:Enabled:BitComet 49155 UDP
"50505:TCP" = 50505:TCP:*:Enabled:BitComet 50505 TCP
"50505:UDP" = 50505:UDP:*:Enabled:BitComet 50505 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{426F4A60-F14C-4050-91D1-B206341BEC8F}" = Plants vs. Zombies
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver
"{7448C481-9F9D-4F4F-88DB-FA5C5EA2E800}" = TMPGEnc Authoring Works 4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{984EB237-BE28-43AF-A271-4DF0CCADA341}" = Diner Dash Series
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{BB4B6355-D38A-492C-873B-A1B2CF6C3832}" = Trend Micro PC-cillin Internet Security 2007
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D5AF36E3-D72D-4E30-AB64-48A98BDDEE73}" = HTC Sync
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}" = Ultima Online: Mondain's Legacy
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"Deutz Engine" = Deutz Engine
"Diablo II" = Diablo II
"Drug Lord 2" = Drug Lord 2
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"feym6ia" = LoudMo Contextual Ad Assistant
"FL Studio 9" = FL Studio 9
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"GOM Player" = GOM Player
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ICCup Launcher_is1" = ICCup Launcher
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"Insaniquarium Deluxe 1.1" = Insaniquarium Deluxe 1.1
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Natural Selection_is1" = Natural Selection 3.2
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nokia PC Suite" = Nokia PC Suite
"Pcsx2_is1" = Pcsx2 0.9.1 Watermoose
"PCSX2-beta-r1888" = PCSX2 - Playstation 2 Emulator
"PFPortChecker" = PFPortChecker 1.0.32
"Phun_is1" = Algodoo Phun edition v5.28
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"Sawer" = Sawer
"SketchyPhysics3_is1" = SketchyPhysics3x
"ST6UNST #1" = The HSC Assistant SDD
"Starcraft" = Starcraft
"Steam App 70" = Half-Life
"SysInfo" = Creative System Information
"TmPcc" = Trend Micro PC-cillin Internet Security 2007
"Toxic Biohazard" = Toxic Biohazard
"Tweak UI 2.10" = Tweak UI
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/13/2009 12:21:03 AM | Computer Name = SHANE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/14/2009 12:32:36 AM | Computer Name = SHANE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/25/2009 7:27:55 AM | Computer Name = SHANE | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module nevideo.ax, version 2.0.0.17, fault address 0x00034836.

Error - 6/25/2009 7:33:48 AM | Computer Name = SHANE | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module nevideo.ax, version 2.0.0.17, fault address 0x00034836.

Error - 6/25/2009 7:34:12 AM | Computer Name = SHANE | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module nevideo.ax, version 2.0.0.17, fault address 0x00034836.

Error - 6/25/2009 7:34:37 AM | Computer Name = SHANE | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module nevideo.ax, version 2.0.0.17, fault address 0x00034836.

Error - 6/25/2009 7:35:00 AM | Computer Name = SHANE | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module nevideo.ax, version 2.0.0.17, fault address 0x00034836.

[ System Events ]
Error - 2/25/2010 11:47:40 PM | Computer Name = SHANE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 2/25/2010 11:47:40 PM | Computer Name = SHANE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 2/26/2010 7:43:29 PM | Computer Name = SHANE | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2

Error - 2/26/2010 7:43:29 PM | Computer Name = SHANE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atitray i8042prt

Error - 2/27/2010 10:15:33 AM | Computer Name = SHANE | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2

Error - 2/27/2010 10:15:35 AM | Computer Name = SHANE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atitray i8042prt

Error - 2/27/2010 6:02:57 PM | Computer Name = SHANE | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2

Error - 2/27/2010 6:02:59 PM | Computer Name = SHANE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atitray i8042prt

Error - 2/27/2010 6:03:20 PM | Computer Name = SHANE | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.0.175. The machine with the IP address 192.168.0.120 did
not allow the name to be claimed by this machine.

Error - 2/27/2010 6:06:20 PM | Computer Name = SHANE | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.0.175. The machine with the IP address 192.168.0.120 did
not allow the name to be claimed by this machine.


< End of report >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

OTL.Txt

OTL logfile created on: 2/28/2010 12:22:45 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Shane Frazz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 672.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.97 Gb Free Space | 5.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 304.48 Gb Free Space | 65.37% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHANE
Current User Name: Shane Frazz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Shane Frazz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Shane Frazz\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- File not found
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (PcCtlCom) -- C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe (Trend Micro Inc.)
SRV - (Tmntsrv) -- C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe (Trend Micro Inc.)
SRV - (PcScnSrv) -- C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe (Trend Micro Inc.)
SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe (Trend Micro Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe (Trend Micro Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (cdrbsdrv) -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (Tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (Vsapint) -- C:\WINDOWS\system32\drivers\VsapiNT.sys (Trend Micro Inc.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (tmmbd) -- C:\WINDOWS\system32\drivers\tm_mbd_c.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\System32\Drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (Point32) -- C:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\hpzid412.sys (HP)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-839522115-1770027372-2147011267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-839522115-1770027372-2147011267-1003\S-1-5-21-839522115-1770027372-2147011267-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://www3.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www3.iamwired.net/websearch.php?src=tops&search="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/22 12:31:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 18:58:28 | 000,000,000 | ---D | M]

[2009/10/30 18:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane Frazz\Application Data\Mozilla\Extensions
[2009/10/30 18:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane Frazz\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/28 01:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane Frazz\Application Data\Mozilla\Firefox\Profiles\0mv3ss3x.default\extensions
[2010/02/27 17:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shane Frazz\Application Data\Mozilla\Firefox\Profiles\0mv3ss3x.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/02/16 21:02:51 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Application Data\Mozilla\Firefox\Profiles\0mv3ss3x.default\searchplugins\Search.xml
[2010/02/28 01:27:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/17 19:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2003/04/01 01:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-839522115-1770027372-2147011267-1003..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-839522115-1770027372-2147011267-1003..\Run: [OE] C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1770027372-2147011267-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (athgina.dll) - C:\WINDOWS\System32\athgina.dll (Atheros)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/24 16:40:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 20:52:18 | 000,000,080 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/28 12:18:37 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shane Frazz\Desktop\OTL.exe
[2010/02/28 01:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server
[2010/02/27 17:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane Frazz\Desktop\New CD
[2010/02/24 17:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane Frazz\Desktop\Resume Stuff
[2010/02/23 17:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane Frazz\My Documents\Heroes of Newerth
[2010/02/23 17:39:52 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010/02/23 17:39:51 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010/02/23 17:39:46 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010/02/23 17:39:37 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010/02/23 17:39:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/02/21 21:16:54 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2010/02/20 22:48:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/02/20 22:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/02/20 22:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/02/20 22:47:36 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/02/20 22:47:36 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/02/20 22:47:36 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/02/20 22:47:36 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/02/20 22:47:35 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/02/20 22:47:35 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/02/19 03:02:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll
[2010/02/18 19:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane Frazz\Application Data\PlayFirst
[2010/02/18 19:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/02/18 14:29:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Shane Frazz\IECompatCache
[2010/02/18 09:51:29 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/02/18 09:50:07 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/02/18 09:50:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/02/18 07:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane Frazz\Application Data\Malwarebytes
[2010/02/18 07:42:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/18 07:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/18 07:41:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/18 07:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/13 07:44:30 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010/01/11 08:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2008/11/24 21:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/24 19:50:38 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2008/11/24 16:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/11/24 16:39:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/24 16:39:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/28 12:19:16 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Desktop\kwy7uzkc.exe
[2010/02/28 12:18:48 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shane Frazz\Desktop\OTL.exe
[2010/02/28 12:17:47 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfud.bin
[2010/02/28 11:12:24 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfss.bin
[2010/02/28 09:03:53 | 000,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/28 09:02:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/28 09:02:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 02:29:03 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\ntuser.dat
[2010/02/28 02:29:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Shane Frazz\ntuser.ini
[2010/02/28 02:10:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\BitComet.job
[2010/02/28 01:31:36 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/28 01:29:31 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/27 19:41:35 | 001,384,066 | -H-- | M] () -- C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\IconCache.db
[2010/02/27 19:41:09 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Desktop\UNI Timetable.xls
[2010/02/25 00:52:03 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\JDownloader.job
[2010/02/24 02:13:44 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/23 07:39:34 | 000,505,286 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/23 07:39:34 | 000,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/23 07:39:34 | 000,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/23 07:33:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/22 13:55:33 | 135,160,330 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Desktop\au_nsw_sydney-newcastle-wollongong_12-17.zip
[2010/02/22 08:43:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\housecall.guid.cache
[2010/02/22 08:15:06 | 000,118,284 | ---- | M] () -- C:\WINDOWS\System32\FeyM6iA.exe
[2010/02/21 22:33:29 | 000,044,464 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/21 20:55:13 | 000,198,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/19 03:14:22 | 000,000,932 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/19 03:02:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/02/18 16:50:00 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Desktop\HijackThis.lnk
[2010/02/18 07:42:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/13 11:57:55 | 000,032,490 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2010/02/13 11:57:52 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010/02/13 11:57:52 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2010/02/12 21:17:22 | 015,310,852 | ---- | M] () -- C:\WINDOWS\System32\Deutz Engine.002
[2010/02/12 21:17:22 | 000,501,760 | ---- | M] () -- C:\WINDOWS\System32\Deutz Engine.scr
[2010/02/12 21:17:22 | 000,501,760 | ---- | M] () -- C:\WINDOWS\System32\Deutz Engine.exe
[2010/02/12 21:17:22 | 000,001,350 | ---- | M] () -- C:\WINDOWS\System32\Deutz Engine.ssp
[2010/02/12 21:17:06 | 029,493,252 | ---- | M] () -- C:\WINDOWS\System32\Deutz Engine.001
[2010/02/12 21:16:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Deutz Engine.mda
[2010/02/08 15:22:41 | 000,046,288 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Desktop\Shane's WC3 Map.w3x
[2010/02/07 17:17:48 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/02/04 19:37:52 | 000,046,644 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Application Data\NMM-MetaData.db
[2010/02/02 15:33:43 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Desktop\MSY Email.doc
[2010/02/01 16:42:44 | 000,025,043 | ---- | M] () -- C:\Documents and Settings\Shane Frazz\Desktop\Shane's WC3 Map.w3m
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/28 12:19:10 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Desktop\kwy7uzkc.exe
[2010/02/22 13:19:17 | 135,160,330 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Desktop\au_nsw_sydney-newcastle-wollongong_12-17.zip
[2010/02/22 08:43:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\housecall.guid.cache
[2010/02/22 08:15:06 | 000,118,284 | ---- | C] () -- C:\WINDOWS\System32\FeyM6iA.exe
[2010/02/21 21:16:54 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010/02/19 03:02:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/02/18 09:39:51 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Desktop\HijackThis.lnk
[2010/02/18 07:42:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/13 07:44:31 | 000,032,490 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/02/13 07:44:30 | 000,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2010/02/12 21:17:22 | 000,501,760 | ---- | C] () -- C:\WINDOWS\System32\Deutz Engine.scr
[2010/02/12 21:17:22 | 000,501,760 | ---- | C] () -- C:\WINDOWS\System32\Deutz Engine.exe
[2010/02/12 21:17:22 | 000,001,350 | ---- | C] () -- C:\WINDOWS\System32\Deutz Engine.ssp
[2010/02/12 21:17:06 | 015,310,852 | ---- | C] () -- C:\WINDOWS\System32\Deutz Engine.002
[2010/02/12 21:16:31 | 029,493,252 | ---- | C] () -- C:\WINDOWS\System32\Deutz Engine.001
[2010/02/12 21:16:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Deutz Engine.mda
[2010/02/09 18:13:34 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Desktop\UNI Timetable.xls
[2010/02/02 15:33:43 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Desktop\MSY Email.doc
[2010/02/01 22:34:17 | 000,046,288 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Desktop\Shane's WC3 Map.w3x
[2010/02/01 16:42:43 | 000,025,043 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Desktop\Shane's WC3 Map.w3m
[2010/01/04 10:40:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2009/12/08 19:36:32 | 000,000,203 | ---- | C] () -- C:\WINDOWS\GSdx9 sse2.INI
[2009/11/12 10:11:06 | 000,000,203 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/12 10:09:34 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2009/07/19 00:20:24 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2009/07/19 00:19:22 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/07/17 12:22:15 | 000,138,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/07/06 19:17:35 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/07/06 19:17:35 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/07/06 19:17:00 | 000,000,226 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/07/06 19:17:00 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/07/06 19:16:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/06/26 17:04:46 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\fusioncache.dat
[2009/06/09 18:01:34 | 000,046,644 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Application Data\NMM-MetaData.db
[2009/05/29 20:01:30 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/05/23 23:39:18 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2009/05/22 20:33:15 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/05/22 20:33:15 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/05/22 20:33:15 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/04/21 16:56:56 | 000,000,206 | ---- | C] () -- C:\WINDOWS\custvoic.ini
[2009/03/12 15:24:51 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009/03/11 20:56:27 | 000,000,036 | ---- | C] () -- C:\WINDOWS\MixBKS.INI
[2009/03/11 15:55:48 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2009/03/11 15:55:48 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/01/05 17:17:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/05 16:21:31 | 000,000,580 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/12/25 20:36:47 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/12/23 21:09:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2008/12/12 21:56:02 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/28 16:14:42 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/25 18:27:13 | 000,138,240 | ---- | C] () -- C:\Documents and Settings\Shane Frazz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/24 20:22:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/11/24 19:50:38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/05/03 22:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/10/02 21:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/03/22 12:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/06/10 01:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\tasks\BitComet.job:SummaryInformation
< End of report >


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

GMER Results

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-28 17:29:12
Windows 5.1.2600 Service Pack 3
Running: kwy7uzkc.exe; Driver: C:\DOCUME~1\SHANEF~1\LOCALS~1\Temp\uxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwClose [0xA7D51CE0]
SSDT \SystemRoot\System32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwConnectPort [0xA7D51FB0]
SSDT \SystemRoot\System32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwCreateProcess [0xA7D51310]
SSDT \SystemRoot\System32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwCreateProcessEx [0xA7D515E0]
SSDT \SystemRoot\System32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwOpenProcess [0xA7D51840]
SSDT \SystemRoot\System32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwRequestWaitReplyPort [0xA7D52150]
SSDT \SystemRoot\System32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector/Trend Micro Inc.) ZwWriteVirtualMemory [0xA7D51E80]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 108 804E2774 1 Byte [10]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6E44000, 0x1C5D38, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs Tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Regards,

Shane
Shane284
Active Member
 
Posts: 9
Joined: February 17th, 2010, 6:50 pm

Re: Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby deltalima » February 28th, 2010, 9:50 am

Hi Shane284,

You are very short of disk space on drive C:, please free up some space if possible.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "14004:TCP" =-
    "14004:UDP" =-
    "49155:TCP" =-
    "49155:UDP" =-
    "50505:TCP" =-
    "50505:UDP" =-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] 
    "C:\Program Files\LimeWire\LimeWire.exe" =-
    "C:\Program Files\BitComet\BitComet.exe" =-
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 18.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version

Now please run Malwarebytes Antimalware, run an update and then a quick scan and post the log back here along with the report from OTL
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby Shane284 » March 3rd, 2010, 4:48 am

Those suggested programs have been installed/updated. Below are the logs requested.

========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\14004:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\14004:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\49155:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\49155:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\50505:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\50505:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe deleted successfully.

OTL by OldTimer - Version 3.1.30.3 log created on 03012010_185026


Malwarebytes' Anti-Malware 1.44
Database version: 3811
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/3/2010 7:47:05 PM
mbam-log-2010-03-03 (19-46-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 198703
Time elapsed: 1 hour(s), 13 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{57C94850-B7F8-4AD9-9A86-7EB67CE1B062}\RP437\A0066288.exe (Adware.AdRotator) -> No action taken.


Regards,

Shane
Shane284
Active Member
 
Posts: 9
Joined: February 17th, 2010, 6:50 pm

Re: Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby deltalima » March 3rd, 2010, 5:08 am

Hi Shane284,

Please run Malwarebytes Antimalware again and select Quick Scan – do NOT select Full scan, and then run a scan.

When the scan completes make sure that everything is checked, and click Remove Selected

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with the log from Malwarebytes
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby Shane284 » March 4th, 2010, 12:04 am

Malwarebytes' Anti-Malware 1.44
Database version: 3811
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/3/2010 9:28:36 PM
mbam-log-2010-03-03 (21-28-34).txt

Scan type: Quick Scan
Objects scanned: 120630
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, March 4, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, March 03, 2010 16:48:42
Records in database: 3699435
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 77388
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:18:04

No threats found. Scanned area is clean.

Selected area has been scanned.
Shane284
Active Member
 
Posts: 9
Joined: February 17th, 2010, 6:50 pm

Re: Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby deltalima » March 4th, 2010, 5:35 am

Hi Shane284,

The Malwarebytes log is still showing No action taken next to the two items that it has detected.

Please confirm that you have ensured both items are selected and then clicked the Remove Selected button at the bottom left hand side of the Malwarebytes window.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby Shane284 » March 4th, 2010, 5:42 am

Yes I have deleted those items that have no action written next to them. I saved the report before I clicked to remove them as I thought I would be taken away from the current panel after clicking remove and not been able to save the report. Could that have been the reason why it shows "no action taken" ? Should I run a quick scan again?

Regards,

Shane

I did the scan anyway,

Malwarebytes' Anti-Malware 1.44
Database version: 3811
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/4/2010 8:55:28 PM
mbam-log-2010-03-04 (20-55-28).txt

Scan type: Quick Scan
Objects scanned: 122736
Time elapsed: 11 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


What should I do next, thanks

Regards,

Shane
Shane284
Active Member
 
Posts: 9
Joined: February 17th, 2010, 6:50 pm

Re: Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby deltalima » March 4th, 2010, 6:37 am

Hi Shane284,

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Remove GMER

Delete the GMER icon from your desktop, it will be named kwy7uzkc.exe


Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.[/list]Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help With "http://url[dot]urtbk[dot]com" Spyware

Unread postby Shane284 » March 4th, 2010, 6:47 am

Thank you for all the help, It's good to know that my computers working malware free!
I will do the last few things you've told me to do and install the programs you've recommended.

Thank you once again for giving me your free time to solve my problem :)

Yours truly,

Shane
Shane284
Active Member
 
Posts: 9
Joined: February 17th, 2010, 6:50 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware