Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.ZbotR.Gen infection

Started by pmc66 , Sep 21 2010 03:09 PM

  • Please log in to reply

#31
pmc66
Posted 29 September 2010 - 05:39 PM

pmc66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Salagubang,

Thanks for this. Should I always be connected to the Internet when I run all these programs?
  • 0

Advertisements

#32
Salagubang
Posted 29 September 2010 - 07:36 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi pmc66,

The fix was designed to restore your internet connection. :D Tell me how thing goes.
  • 1

#33
pmc66
Posted 30 September 2010 - 06:41 AM

pmc66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Salagubang,

I have internet access again although I had to reset my router settings. Here are all the logs you requested. Please note that MBRCheck didn't find any infections - cheers.

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Txenukicuhu deleted successfully.
C:\WINDOWS\uwupoxub.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{5C1D79EB-D883-D799-9467-C9BC31E5F634} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C1D79EB-D883-D799-9467-C9BC31E5F634}\ not found.
C:\Documents and Settings\McCarthy\Application Data\Doziq\loom.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dfrgsnapnt.exe deleted successfully.
C:\Documents and Settings\McCarthy\Local Settings\temp\dfrgsnapnt.exe moved successfully.
C:\WINDOWS\Xzatecejo.bin moved successfully.
C:\WINDOWS\Vzadezu.dat moved successfully.
File C:\WINDOWS\Vzadezu.dat not found.
File C:\WINDOWS\Xzatecejo.bin not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\McCarthy\My Documents\Downloaded Installations\anti virus\new\cmd.bat deleted successfully.
C:\Documents and Settings\McCarthy\My Documents\Downloaded Installations\anti virus\new\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Caroline
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: McCarthy
->Temp folder emptied: 54537220 bytes
->Temporary Internet Files folder emptied: 6529305 bytes
->Java cache emptied: 12 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 40139 bytes
->Flash cache emptied: 38890 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32856 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 58.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Caroline
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: McCarthy
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.14.1 log created on 09302010_115155

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


OTL logfile created on: 30/09/2010 11:56:47 - Run 5
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\McCarthy\My Documents\Downloaded Installations\anti virus\new
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 255.74 Gb Free Space | 86.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ILOVECAROLINE
Current User Name: McCarthy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/21 17:51:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\McCarthy\My Documents\Downloaded Installations\anti virus\new\OTL.exe
PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/16 22:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/13 20:18:17 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2010/09/21 17:51:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\McCarthy\My Documents\Downloaded Installations\anti virus\new\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/13 13:08:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/13 20:24:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/05/13 20:18:18 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-010708-104812)
SRV - [2008/01/30 04:52:22 | 000,106,496 | ---- | M] (WDC) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/15 20:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007/12/10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007/12/10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007/12/10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007/12/10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007/12/10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007/12/10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007/10/01 15:17:34 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/08/28 20:52:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/08/28 20:52:10 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/19 22:10:10 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/07/19 18:26:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080514
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080514

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/04 14:09:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CD605AEE-83A8-4D85-89A7-6C3B4C9B098C}: C:\Documents and Settings\McCarthy\Local Settings\Application Data\{CD605AEE-83A8-4D85-89A7-6C3B4C9B098C} [2010/09/28 18:32:59 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/30 11:51:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [{5C1D79EB-D883-D799-9467-C9BC31E5F634}] C:\Documents and Settings\McCarthy\Application Data\Doziq\loom.exe File not found
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: alliance-leicester.co.uk ([www.mybank] https in Trusted sites)
O15 - HKCU\..Trusted Domains: britishgas.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: egg.com ([new] https in Trusted sites)
O15 - HKCU\..Trusted Domains: egg.com ([your] https in Trusted sites)
O15 - HKCU\..Trusted Domains: halifax-online.co.uk ([banking] https in Trusted sites)
O15 - HKCU\..Trusted Domains: halifax-online.co.uk ([credit-cards] https in Trusted sites)
O15 - HKCU\..Trusted Domains: halifax-online.co.uk ([online-documents] https in Trusted sites)
O15 - HKCU\..Trusted Domains: halifax-online.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ladbrokes.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: national-lottery.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: nwolb.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: vodafone.co.uk ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: vodaphone.co.uk ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\McCarthy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\McCarthy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/30 11:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\Desktop\otl custom fix to restore internet
[2010/09/29 00:31:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/28 18:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\DoctorWeb
[2010/09/28 18:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\Local Settings\Application Data\{CD605AEE-83A8-4D85-89A7-6C3B4C9B098C}
[2010/09/28 17:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\Desktop\tdsskiller
[2010/09/28 14:56:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/28 08:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/26 16:09:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/26 16:06:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/26 16:06:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/26 16:06:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/26 16:06:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/26 16:05:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/25 15:09:35 | 075,846,312 | ---- | C] ( ) -- C:\Documents and Settings\McCarthy\Desktop\setup_9.0.0.722_25.09.2010_16-28.exe
[2010/09/25 14:57:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/21 00:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/21 00:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/01 19:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\Application Data\BonkEnc
[2010/08/01 19:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\BonkEnc
[2010/08/01 19:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/08/01 19:05:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\Application Data\AVS4YOU
[2010/08/01 19:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/07/24 11:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\Local Settings\Application Data\Apple_Inc
[2010/07/24 11:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPhone Configuration Utility
[2010/07/07 18:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\My Documents\memory stick

========== Files - Modified Within 90 Days ==========

[2010/09/30 11:53:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/30 11:53:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/30 11:53:05 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/30 11:52:24 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\McCarthy\NTUSER.DAT
[2010/09/30 11:52:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\McCarthy\ntuser.ini
[2010/09/30 11:51:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/30 11:42:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/30 11:25:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\MBRCheck.exe
[2010/09/29 00:52:24 | 005,355,182 | -H-- | M] () -- C:\Documents and Settings\McCarthy\Local Settings\Application Data\IconCache.db
[2010/09/28 18:33:29 | 050,103,128 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\drweb-cureit.exe
[2010/09/28 18:28:49 | 050,103,128 | ---- | M] () -- C:\Documents and Settings\McCarthy\My Documents\drweb-cureit.exe
[2010/09/28 18:25:53 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\McCarthy\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/28 17:15:55 | 001,206,412 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\tdsskiller.zip
[2010/09/28 17:12:20 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to Windows Firewall.lnk
[2010/09/28 17:00:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/28 08:50:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/26 16:09:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/26 15:52:43 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\instruct.bmp
[2010/09/25 15:09:36 | 075,846,312 | ---- | M] ( ) -- C:\Documents and Settings\McCarthy\Desktop\setup_9.0.0.722_25.09.2010_16-28.exe
[2010/09/24 14:55:00 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/24 14:54:54 | 000,523,334 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/24 14:54:54 | 000,442,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/24 14:54:54 | 000,071,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/21 21:12:19 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to OTL.lnk
[2010/09/21 17:48:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to mbam.lnk
[2010/09/21 17:43:33 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to anti virus.lnk
[2010/09/21 11:32:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/08 11:24:43 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/07 16:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 16:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 15:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/26 17:39:50 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\McCarthy\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/08/24 23:28:31 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\McCarthy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Points 2010-11.xls.lnk
[2010/08/23 13:28:11 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\McCarthy\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/20 23:25:03 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\McCarthy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/17 11:00:18 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\extra time team Seren FC.bmp
[2010/08/11 14:51:00 | 000,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/01 19:46:48 | 000,003,389 | ---- | M] () -- C:\WINDOWS\FORGXP32.ini

========== Files Created - No Company Name ==========

[2010/09/30 11:50:18 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\MBRCheck.exe
[2010/09/28 18:33:28 | 050,103,128 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\drweb-cureit.exe
[2010/09/28 18:27:27 | 050,103,128 | ---- | C] () -- C:\Documents and Settings\McCarthy\My Documents\drweb-cureit.exe
[2010/09/28 17:15:51 | 001,206,412 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\tdsskiller.zip
[2010/09/28 17:12:20 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to Windows Firewall.lnk
[2010/09/26 16:09:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/26 16:09:44 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/26 16:06:06 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/26 16:06:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/26 16:06:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/26 16:06:06 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/26 16:06:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/26 15:52:42 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\instruct.bmp
[2010/09/26 13:16:56 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/21 21:12:19 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to OTL.lnk
[2010/09/21 17:43:33 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to anti virus.lnk
[2010/09/21 16:42:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to mbam.lnk
[2010/08/24 23:28:31 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\McCarthy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Points 2010-11.xls.lnk
[2010/08/17 11:00:17 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\extra time team Seren FC.bmp
[2010/07/24 16:17:44 | 000,355,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/01 16:18:10 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\McCarthy\Local Settings\Application Data\housecall.guid.cache
[2009/03/29 17:14:10 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rmmerge2.DLL
[2009/03/29 17:14:10 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\rmevents.DLL
[2009/03/29 17:14:09 | 000,003,389 | ---- | C] () -- C:\WINDOWS\FORGXP32.ini
[2008/10/12 16:37:47 | 000,000,109 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/14 14:11:15 | 000,000,931 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/02 10:35:15 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\McCarthy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/25 11:47:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/19 22:28:05 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\McCarthy\Local Settings\Application Data\fusioncache.dat
[2008/05/13 20:27:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/13 19:55:36 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/05/13 19:54:16 | 000,001,202 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/03/03 01:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/02 17:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/08 17:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/06/22 14:55:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2008/06/30 10:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2009/07/09 10:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/07/09 10:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/05/13 20:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/05/13 20:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/06/28 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/08 18:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/27 22:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8AE45C14-3559-45A6-AF34-03CE304FA276}
[2009/06/06 14:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/03 14:33:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2010/08/01 19:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\McCarthy\Application Data\BonkEnc
[2010/09/30 11:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\McCarthy\Application Data\Doziq
[2009/09/17 19:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\McCarthy\Application Data\JAlbum
[2010/09/28 18:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\McCarthy\Application Data\Nigiu
[2009/07/09 10:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\McCarthy\Application Data\Nokia
[2010/07/16 11:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\McCarthy\Application Data\OpenDNS Updater
[2009/07/09 10:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\McCarthy\Application Data\PC Suite

========== Purity Check ==========


< End of report >


2010/09/30 12:00:44.0906 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/09/30 12:00:44.0906 ================================================================================
2010/09/30 12:00:44.0906 SystemInfo:
2010/09/30 12:00:44.0906
2010/09/30 12:00:44.0906 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/30 12:00:44.0906 Product type: Workstation
2010/09/30 12:00:44.0906 ComputerName: ILOVECAROLINE
2010/09/30 12:00:44.0906 UserName: McCarthy
2010/09/30 12:00:44.0906 Windows directory: C:\WINDOWS
2010/09/30 12:00:44.0906 System windows directory: C:\WINDOWS
2010/09/30 12:00:44.0906 Processor architecture: Intel x86
2010/09/30 12:00:44.0906 Number of processors: 4
2010/09/30 12:00:44.0906 Page size: 0x1000
2010/09/30 12:00:44.0906 Boot type: Normal boot
2010/09/30 12:00:44.0906 ================================================================================
2010/09/30 12:00:45.0140 Initialize success
2010/09/30 12:00:50.0031 ================================================================================
2010/09/30 12:00:50.0031 Scan started
2010/09/30 12:00:50.0031 Mode: Manual;
2010/09/30 12:00:50.0031 ================================================================================
2010/09/30 12:00:51.0218 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/09/30 12:00:51.0296 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/09/30 12:00:51.0359 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/30 12:00:51.0390 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/30 12:00:51.0390 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/09/30 12:00:51.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/30 12:00:51.0484 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/30 12:00:51.0531 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/30 12:00:51.0562 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/09/30 12:00:51.0562 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/09/30 12:00:51.0578 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/09/30 12:00:51.0593 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/09/30 12:00:51.0609 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/09/30 12:00:51.0609 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/09/30 12:00:51.0625 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/09/30 12:00:51.0625 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/09/30 12:00:51.0687 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/30 12:00:51.0687 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/09/30 12:00:51.0703 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/09/30 12:00:51.0718 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/09/30 12:00:51.0765 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/09/30 12:00:51.0796 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/09/30 12:00:51.0828 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/09/30 12:00:51.0906 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/09/30 12:00:51.0937 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/09/30 12:00:51.0953 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/30 12:00:51.0984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/30 12:00:52.0062 ati2mtag (2b1b98f71ac307eaa80969c7b8e3c199) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/09/30 12:00:52.0125 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2010/09/30 12:00:52.0156 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/30 12:00:52.0171 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/30 12:00:52.0218 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/30 12:00:52.0250 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/09/30 12:00:52.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/30 12:00:52.0296 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/30 12:00:52.0328 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/09/30 12:00:52.0359 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/30 12:00:52.0375 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/30 12:00:52.0406 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/30 12:00:52.0421 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/09/30 12:00:52.0437 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/09/30 12:00:52.0468 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/09/30 12:00:52.0484 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/09/30 12:00:52.0515 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/30 12:00:52.0546 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/30 12:00:52.0625 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/30 12:00:52.0640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/30 12:00:52.0671 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/30 12:00:52.0703 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/09/30 12:00:52.0718 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/30 12:00:52.0750 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/09/30 12:00:52.0765 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/09/30 12:00:52.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/30 12:00:52.0812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/30 12:00:52.0843 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/30 12:00:52.0875 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/30 12:00:52.0921 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/30 12:00:52.0953 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/30 12:00:53.0000 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/30 12:00:53.0015 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/09/30 12:00:53.0062 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/30 12:00:53.0109 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/30 12:00:53.0125 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/30 12:00:53.0140 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/09/30 12:00:53.0187 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/30 12:00:53.0187 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/30 12:00:53.0234 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/30 12:00:53.0281 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/30 12:00:53.0312 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/09/30 12:00:53.0328 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/09/30 12:00:53.0359 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/30 12:00:53.0421 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
2010/09/30 12:00:53.0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/30 12:00:53.0500 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/09/30 12:00:53.0625 IntcAzAudAddService (dbc702fbc70dc58d9122ce56eadbd659) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/30 12:00:53.0671 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/30 12:00:53.0687 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/30 12:00:53.0718 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/30 12:00:53.0734 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/30 12:00:53.0750 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/30 12:00:53.0765 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/30 12:00:53.0812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/30 12:00:53.0843 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/30 12:00:53.0859 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/30 12:00:53.0875 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/30 12:00:53.0890 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/30 12:00:53.0921 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/30 12:00:53.0984 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/30 12:00:54.0031 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2010/09/30 12:00:54.0062 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/30 12:00:54.0078 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/30 12:00:54.0093 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/30 12:00:54.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/30 12:00:54.0156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/30 12:00:54.0171 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/09/30 12:00:54.0203 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/30 12:00:54.0265 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/30 12:00:54.0296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/30 12:00:54.0312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/30 12:00:54.0343 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/30 12:00:54.0359 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/30 12:00:54.0390 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/30 12:00:54.0406 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/30 12:00:54.0437 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/30 12:00:54.0484 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/30 12:00:54.0531 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/30 12:00:54.0562 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/30 12:00:54.0578 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/30 12:00:54.0593 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/30 12:00:54.0593 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/30 12:00:54.0625 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/30 12:00:54.0656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/30 12:00:54.0687 NetBT (8078a3e55bf014df1379b1bd5375a739) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/30 12:00:54.0734 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/30 12:00:54.0765 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/30 12:00:54.0796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/30 12:00:54.0843 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/30 12:00:54.0890 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/30 12:00:54.0937 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/30 12:00:54.0953 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/30 12:00:54.0984 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/30 12:00:55.0015 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/30 12:00:55.0031 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/30 12:00:55.0046 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/30 12:00:55.0078 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/09/30 12:00:55.0109 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/30 12:00:55.0156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/30 12:00:55.0171 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/30 12:00:55.0234 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/09/30 12:00:55.0250 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/09/30 12:00:55.0281 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/30 12:00:55.0296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/30 12:00:55.0312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/30 12:00:55.0343 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/30 12:00:55.0359 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/09/30 12:00:55.0359 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/09/30 12:00:55.0390 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/09/30 12:00:55.0390 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/09/30 12:00:55.0421 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/09/30 12:00:55.0421 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/30 12:00:55.0453 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/30 12:00:55.0468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/30 12:00:55.0468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/30 12:00:55.0546 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/30 12:00:55.0562 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/30 12:00:55.0578 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/30 12:00:55.0593 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/30 12:00:55.0625 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/30 12:00:55.0671 s3017bus (aa786ad3a2684d39630744787b00e6f4) C:\WINDOWS\system32\DRIVERS\s3017bus.sys
2010/09/30 12:00:55.0703 s3017mdfl (cba4ca5bce44084e98ce420fd6692d3a) C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys
2010/09/30 12:00:55.0718 s3017mdm (68036eff647970d6c0399789c8707cad) C:\WINDOWS\system32\DRIVERS\s3017mdm.sys
2010/09/30 12:00:55.0718 s3017mgmt (3672e7f9349bd98fd3f5ac33e7b2b1a6) C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys
2010/09/30 12:00:55.0750 s3017nd5 (b1133b37eb184aef81d56b4302dbae9c) C:\WINDOWS\system32\DRIVERS\s3017nd5.sys
2010/09/30 12:00:55.0765 s3017obex (d81b1d504aa1426622e7ec09f25130a9) C:\WINDOWS\system32\DRIVERS\s3017obex.sys
2010/09/30 12:00:55.0765 s3017unic (7b95c53ea8bb585013767eef2875c0a0) C:\WINDOWS\system32\DRIVERS\s3017unic.sys
2010/09/30 12:00:55.0796 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2010/09/30 12:00:55.0828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/30 12:00:55.0875 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/30 12:00:55.0906 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/30 12:00:55.0953 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/30 12:00:56.0000 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/09/30 12:00:56.0031 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/30 12:00:56.0062 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/09/30 12:00:56.0093 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/30 12:00:56.0140 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/30 12:00:56.0187 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/30 12:00:56.0203 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/30 12:00:56.0250 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/30 12:00:56.0265 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/30 12:00:56.0296 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/09/30 12:00:56.0312 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/09/30 12:00:56.0328 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/09/30 12:00:56.0328 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/09/30 12:00:56.0375 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/30 12:00:56.0453 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/30 12:00:56.0484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/30 12:00:56.0500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/30 12:00:56.0531 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/30 12:00:56.0546 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/09/30 12:00:56.0578 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/30 12:00:56.0609 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/09/30 12:00:56.0625 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/30 12:00:56.0656 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/30 12:00:56.0687 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/30 12:00:56.0703 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/30 12:00:56.0718 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/30 12:00:56.0734 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/30 12:00:56.0781 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/30 12:00:56.0828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/30 12:00:56.0843 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/30 12:00:56.0859 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/30 12:00:56.0859 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/09/30 12:00:56.0906 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/30 12:00:56.0937 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/09/30 12:00:56.0953 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/30 12:00:56.0984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/30 12:00:57.0046 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/30 12:00:57.0093 WDC_SAM (aec4f8a60ac910b5a3732ccd44e1c3d5) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2010/09/30 12:00:57.0140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/30 12:00:57.0203 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/30 12:00:57.0250 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/30 12:00:57.0296 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/30 12:00:57.0328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/30 12:00:57.0343 ================================================================================
2010/09/30 12:00:57.0343 Scan finished
2010/09/30 12:00:57.0343 ================================================================================
2010/09/30 12:01:16.0578 Deinitialize success
  • 0

#34
Salagubang
Posted 30 September 2010 - 06:47 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi pcm66,

Great! :D

Can you check if it still redirects?
  • 1

#35
pmc66
Posted 30 September 2010 - 07:07 AM

pmc66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
No redirects :D

I have access to windows update ;)
  • 0

#36
Salagubang
Posted 30 September 2010 - 04:26 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi pmc66,


Step One


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
FF - HKLM\software\mozilla\Firefox\Extensions\\{CD605AEE-83A8-4D85-89A7-6C3B4C9B098C}: C:\Documents and Settings\McCarthy\Local Settings\Application Data\{CD605AEE-83A8-4D85-89A7-6C3B4C9B098C} [2010/09/28 18:32:59 | 000,000,000 | ---D | M]
O4 - HKCU..\Run: [{5C1D79EB-D883-D799-9467-C9BC31E5F634}] C:\Documents and Settings\McCarthy\Application Data\Doziq\loom.exe File not found
[2010/09/30 11:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\McCarthy\Application Data\Doziq
[2010/09/28 18:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\McCarthy\Application Data\Nigiu

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done. Post the log it produces in your next reply.


Step Two


Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.



Step Three

Please know that the Kaspersky Online Scan (Step Two) can take 6-7+ hours. I recommend running it overnight. :D Remember to save and post back the log!

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 20 .
  • Click the JDK 6 Update 21 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")


Step Four
Using Internet Explorer or Firefox, please visit Kaspersky Online Scanner
  • Click Accept, when prompted to download and install the program files and database of malware definitions.
  • To optimize scanning time and produce a more sensible report for review:
    • Close any open programs
    • Turn off any realtime scanners of any existing antivirus program while performing the scan.
      Click Here! for instructions on disabling some common realtime programs.
  • Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image
  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply


Step Five

Do another OTL scan and post the log in your next reply.
  • 1

#37
pmc66
Posted 01 October 2010 - 07:06 AM

pmc66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Salagubang,

I'm not able to access the java download page due to the heavy traffic (their server has been busy for a few hours). Maybe this is because they have just released update 22 today! I have the jre-6u21-windows-i586.exe on my other pc as I downloaded it 2 days ago, so I could use my memory stick to copy it over if you think that is ok? If not, should I go ahead with the Kaspersky Online Scanner or wait until I can installl the Java from the website?
  • 0

#38
Salagubang
Posted 01 October 2010 - 05:10 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Version 6 update 21 is fine. :D
  • 0

#39
pmc66
Posted 02 October 2010 - 08:59 AM

pmc66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Salagubang, :D

Here are all the logs you requested:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CD605AEE-83A8-4D85-89A7-6C3B4C9B098C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD605AEE-83A8-4D85-89A7-6C3B4C9B098C}\ not found.
C:\Documents and Settings\McCarthy\Local Settings\Application Data\{CD605AEE-83A8-4D85-89A7-6C3B4C9B098C}\chrome\content folder moved successfully.
C:\Documents and Settings\McCarthy\Local Settings\Application Data\{CD605AEE-83A8-4D85-89A7-6C3B4C9B098C}\chrome folder moved successfully.
C:\Documents and Settings\McCarthy\Local Settings\Application Data\{CD605AEE-83A8-4D85-89A7-6C3B4C9B098C} folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{5C1D79EB-D883-D799-9467-C9BC31E5F634} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C1D79EB-D883-D799-9467-C9BC31E5F634}\ not found.
C:\Documents and Settings\McCarthy\Application Data\Doziq folder moved successfully.
C:\Documents and Settings\McCarthy\Application Data\Nigiu folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Caroline
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: McCarthy
->Temp folder emptied: 3837372 bytes
->Temporary Internet Files folder emptied: 496178 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 628 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 88 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Caroline
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: McCarthy
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.14.1 log created on 10012010_103408

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4726

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

01/10/2010 10:43:44
mbam-log-2010-10-01 (10-43-44).txt

Scan type: Quick scan
Objects scanned: 156428
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 2, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 02, 2010 04:29:38
Records in database: 4274019
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 138207
Threats found: 5
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 02:29:41


File name / Threat / Threats count
C:\Documents and Settings\McCarthy\DoctorWeb\Quarantine\jar_cache3676408961025980512.tmp Infected: Exploit.Java.CVE-2010-0094.b 1
C:\Documents and Settings\McCarthy\DoctorWeb\Quarantine\jar_cache4514456051565805276.tmp Infected: Trojan-Downloader.Java.OpenStream.as 1
C:\Documents and Settings\McCarthy\My Documents\self employment\usingnlponebay.exe Infected: Trojan-PSW.Win32.LdPinch.anpl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\zetscap.dll.vir Infected: Trojan-Proxy.Win32.Agent.dbd 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000091.dll Infected: Trojan-Proxy.Win32.Agent.dbd 1
C:\_OTL\MovedFiles\09302010_115155\C_Documents and Settings\McCarthy\Local Settings\temp\dfrgsnapnt.exe Infected: Trojan.Win32.FakeAV.hlm 1

Selected area has been scanned.


OTL logfile created on: 02/10/2010 15:47:04 - Run 6
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\McCarthy\My Documents\Downloaded Installations\anti virus\new
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 255.37 Gb Free Space | 86.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ILOVECAROLINE
Current User Name: McCarthy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/21 17:51:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\McCarthy\My Documents\Downloaded Installations\anti virus\new\OTL.exe
PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/13 20:18:17 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2010/09/21 17:51:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\McCarthy\My Documents\Downloaded Installations\anti virus\new\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/13 13:08:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/13 20:24:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/05/13 20:18:18 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-010708-104812)
SRV - [2008/01/30 04:52:22 | 000,106,496 | ---- | M] (WDC) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/15 20:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007/12/10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007/12/10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007/12/10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007/12/10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007/12/10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007/12/10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007/10/01 15:17:34 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/08/28 20:52:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/08/28 20:52:10 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/19 22:10:10 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/07/19 18:26:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080514
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080514

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/04 14:09:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/10/01 10:34:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: alliance-leicester.co.uk ([www.mybank] https in Trusted sites)
O15 - HKCU\..Trusted Domains: britishgas.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: egg.com ([new] https in Trusted sites)
O15 - HKCU\..Trusted Domains: egg.com ([your] https in Trusted sites)
O15 - HKCU\..Trusted Domains: halifax-online.co.uk ([banking] https in Trusted sites)
O15 - HKCU\..Trusted Domains: halifax-online.co.uk ([credit-cards] https in Trusted sites)
O15 - HKCU\..Trusted Domains: halifax-online.co.uk ([online-documents] https in Trusted sites)
O15 - HKCU\..Trusted Domains: halifax-online.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ladbrokes.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: national-lottery.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: nwolb.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: vodafone.co.uk ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: vodaphone.co.uk ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\McCarthy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\McCarthy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/02 12:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/30 23:49:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\McCarthy\Recent
[2010/09/30 13:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Sky Broadband
[2010/09/30 11:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\Desktop\otl custom fix to restore internet
[2010/09/29 00:31:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/28 18:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\DoctorWeb
[2010/09/28 17:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\Desktop\tdsskiller
[2010/09/28 14:56:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/28 08:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/27 15:30:32 | 001,316,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\McCarthy\Desktop\TDSSKiller.exe
[2010/09/26 16:09:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/26 16:06:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/26 16:06:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/26 16:06:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/26 16:06:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/26 16:05:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/25 15:09:35 | 075,846,312 | ---- | C] ( ) -- C:\Documents and Settings\McCarthy\Desktop\setup_9.0.0.722_25.09.2010_16-28.exe
[2010/09/25 14:57:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/21 00:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/21 00:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/01 19:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\Application Data\BonkEnc
[2010/08/01 19:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\BonkEnc
[2010/08/01 19:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/08/01 19:05:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\Application Data\AVS4YOU
[2010/08/01 19:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/07/24 11:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\Local Settings\Application Data\Apple_Inc
[2010/07/24 11:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPhone Configuration Utility
[2010/07/07 18:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\McCarthy\My Documents\memory stick

========== Files - Modified Within 90 Days ==========

[2010/10/02 12:34:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/02 12:34:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/02 12:33:59 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/02 12:33:01 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\McCarthy\NTUSER.DAT
[2010/10/02 12:33:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\McCarthy\ntuser.ini
[2010/10/02 12:25:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/01 14:36:44 | 007,470,262 | -H-- | M] () -- C:\Documents and Settings\McCarthy\Local Settings\Application Data\IconCache.db
[2010/10/01 10:34:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/30 13:08:58 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\Connection Help.url
[2010/09/30 13:08:57 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\Sky Broadband.url
[2010/09/30 11:25:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\MBRCheck.exe
[2010/09/28 18:33:29 | 050,103,128 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\drweb-cureit.exe
[2010/09/28 18:28:49 | 050,103,128 | ---- | M] () -- C:\Documents and Settings\McCarthy\My Documents\drweb-cureit.exe
[2010/09/28 18:25:53 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\McCarthy\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/28 17:16:49 | 001,316,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\McCarthy\Desktop\TDSSKiller.exe
[2010/09/28 17:15:55 | 001,206,412 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\tdsskiller.zip
[2010/09/28 17:12:20 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to Windows Firewall.lnk
[2010/09/28 17:00:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/28 08:50:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/26 16:09:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/26 15:52:43 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\instruct.bmp
[2010/09/25 15:09:36 | 075,846,312 | ---- | M] ( ) -- C:\Documents and Settings\McCarthy\Desktop\setup_9.0.0.722_25.09.2010_16-28.exe
[2010/09/24 14:55:00 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/24 14:54:54 | 000,523,334 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/24 14:54:54 | 000,442,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/24 14:54:54 | 000,071,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/21 21:12:19 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to OTL.lnk
[2010/09/21 17:48:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to mbam.lnk
[2010/09/21 17:43:33 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to anti virus.lnk
[2010/09/21 11:32:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/08 11:24:43 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/07 16:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 16:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 15:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/26 17:39:50 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\McCarthy\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/08/24 23:28:31 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\McCarthy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Points 2010-11.xls.lnk
[2010/08/23 13:28:11 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\McCarthy\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/20 23:25:03 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\McCarthy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/17 11:00:18 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\McCarthy\Desktop\extra time team Seren FC.bmp
[2010/08/11 14:51:00 | 000,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/01 19:46:48 | 000,003,389 | ---- | M] () -- C:\WINDOWS\FORGXP32.ini

========== Files Created - No Company Name ==========

[2010/09/30 13:08:58 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\Connection Help.url
[2010/09/30 13:08:57 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\Sky Broadband.url
[2010/09/30 11:50:18 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\MBRCheck.exe
[2010/09/28 18:33:28 | 050,103,128 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\drweb-cureit.exe
[2010/09/28 18:27:27 | 050,103,128 | ---- | C] () -- C:\Documents and Settings\McCarthy\My Documents\drweb-cureit.exe
[2010/09/28 17:15:51 | 001,206,412 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\tdsskiller.zip
[2010/09/28 17:12:20 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to Windows Firewall.lnk
[2010/09/26 16:09:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/26 16:09:44 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/26 16:06:06 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/26 16:06:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/26 16:06:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/26 16:06:06 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/26 16:06:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/26 15:52:42 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\instruct.bmp
[2010/09/26 13:16:56 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/21 21:12:19 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to OTL.lnk
[2010/09/21 17:43:33 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to anti virus.lnk
[2010/09/21 16:42:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\Shortcut to mbam.lnk
[2010/08/24 23:28:31 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\McCarthy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Points 2010-11.xls.lnk
[2010/08/17 11:00:17 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\McCarthy\Desktop\extra time team Seren FC.bmp
[2010/07/24 16:17:44 | 000,355,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/01 16:18:10 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\McCarthy\Local Settings\Application Data\housecall.guid.cache
[2009/03/29 17:14:10 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rmmerge2.DLL
[2009/03/29 17:14:10 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\rmevents.DLL
[2009/03/29 17:14:09 | 000,003,389 | ---- | C] () -- C:\WINDOWS\FORGXP32.ini
[2008/10/12 16:37:47 | 000,000,109 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/14 14:11:15 | 000,000,931 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/02 10:35:15 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\McCarthy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/25 11:47:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/19 22:28:05 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\McCarthy\Local Settings\Application Data\fusioncache.dat
[2008/05/13 20:27:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/13 19:55:36 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/05/13 19:54:16 | 000,001,202 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/03/03 01:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/02 17:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/08 17:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/06/22 14:55:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2008/06/30 10:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2009/07/09 10:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/07/09 10:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/05/13 20:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/05/13 20:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/06/28 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/08 18:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/27 22:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8AE45C14-3559-45A6-AF34-03CE304FA276}
[2009/06/06 14:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/03 14:33:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2010/08/01 19:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\McCarthy\Application Data\BonkEnc
[2009/09/17 19:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\McCarthy\Application Data\JAlbum
[2009/07/09 10:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\McCarthy\Application Data\Nokia
[2010/07/16 11:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\McCarthy\Application Data\OpenDNS Updater
[2009/07/09 10:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\McCarthy\Application Data\PC Suite

========== Purity Check ==========


< End of report >
  • 0

#40
Salagubang
Posted 02 October 2010 - 09:29 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Better and better. :D

Hows the computer running now?
  • 1

Advertisements

#41
pmc66
Posted 02 October 2010 - 10:35 AM

pmc66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Everything seems to be running well. ;) Installed windows updates from Microsoft without a problem and computer back up to normal speed! :D - Cheers

Are you happy with the latest log reports?
  • 0

#42
Salagubang
Posted 02 October 2010 - 10:46 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi pmc66,


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
C:\Documents and Settings\McCarthy\My Documents\self employment\usingnlponebay.exe

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Now for the best part of the day.

Congatulations! Your log is clean. You survived the newest variant of sophisticated malware infection to date. :D

Lets wrap up.

We need to remove all the tools that you have used.
This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Uninstall Combofix

Press Start > Run and type the following:

Combofix /uninstall



Prevention

Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.


To help protect your computer in the future I recommend that you get the following free programs.

Anti SpywareSpywareBlaster: prevents spyware from installing in the first place.
SpywareGuard: catch and block spyware before it can execute.
IESpy-Ad block access to malicious websites so you cannot be redirected to them from an infected site or email.
SUPERAntispyware a powerful tool which can "search and destroy" spywares that infected your system.
Malwarebyte's MBAM also another very powerful tool which searches and kills nasties that infect your system.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

Lastly, always clear out all your temp files. This will help your computer from bogging down and slowing. Many infections sometimes load from a temporary file location.Download TFC (Temp File Cleaner) to your desktop, or other location.
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.
To give you an insight on how you were infected in the first place, I highly recommend reading this article written by Tony Klein. You will find it a good reading.

Regards,

Salagubang
  • 1

#43
pmc66
Posted 03 October 2010 - 07:51 AM

pmc66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Salagubang...that's great news! ;)

Thanks alot for your time, help and support. :D

I have taken on board your recommendations and have downloaded all the spyware programs you listed. I have also installed Comodo Firewall Proactive Security, secured all my flash drives and will be running TFC and MBAM on a regular basis.

Thanks once again and good luck with the rest of your training...cheers Paul.



ps. the Tony Klein link doesn't work!
  • 0

#44
Salagubang
Posted 03 October 2010 - 08:32 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Thank you for the heads up. :D

Tony Klein's article can also be found here.

Cheers.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP