Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

really dont know what virus I may have !

Started by bazza.ab , Jun 29 2011 11:48 AM

  • This topic is locked This topic is locked

#1
bazza.ab
Posted 29 June 2011 - 11:48 AM

bazza.ab

    Member

  • Member
  • PipPip
  • 21 posts
Hi, lately this laptop has been sluggish so I done a boot scan with avast, it found a few virus's which I moved to the chest,the pc still is very slow online,also The red microsoft shield warning me auto updates are turned off,even if I turn them on it doesn't go away,when I go to microsofts website and try to install updates from there the page stops with the "diagnose connection problems" window,also websites wont open,(had to try about 6 times to get to this page, scanned with mbam twice first time it found PUM second time nothing,also frequently disconnects from internet
hope you can help,here's the otl log,thanks in advance
Bazza
Ps had to post this through another laptop keeps saying cant connect to server !Been trying since last night
Thanks

OTL logfile created on: 28/06/2011 21:29:43 - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\sworthin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

702.98 Mb Total Physical Memory | 204.38 Mb Available Physical Memory | 29.07% Memory free
1.15 Gb Paging File | 0.72 Gb Available in Paging File | 62.26% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 17.61 Gb Free Space | 51.52% Space Free | Partition Type: NTFS
Drive D: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 40.35 Gb Total Space | 40.23 Gb Free Space | 99.71% Space Free | Partition Type: NTFS

Computer Name: SIMON | User Name: sworthin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/22 22:25:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/22 19:45:26 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sworthin\Desktop\OTL.exe
PRC - [2011/05/10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 12:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/04/27 11:43:30 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/07/16 14:43:04 | 000,241,664 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
PRC - [2009/07/16 14:42:20 | 000,132,608 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/02/02 21:12:24 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/05/11 12:59:44 | 000,655,360 | ---- | M] ( ) -- C:\Documents and Settings\sworthin\Desktop\WLANUTL.exe
PRC - [2002/08/15 10:11:00 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPConfig.exe
PRC - [2002/07/17 10:12:20 | 000,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/22 19:45:26 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sworthin\Desktop\OTL.exe
MOD - [2011/05/10 13:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/02/02 21:12:16 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/04/27 11:43:30 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/07/16 14:43:04 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008/04/14 01:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 01:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2002/08/15 10:11:00 | 000,151,552 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPConfig.exe -- (HPConfig)
SRV - [2002/07/17 10:12:20 | 000,053,248 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe -- (HPWirelessMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/15 09:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/05/13 09:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/27 11:43:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/05/22 09:08:38 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/05/22 09:04:04 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/05/22 09:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/05/22 09:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/05/22 09:04:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/07/03 15:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 15:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 15:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2004/12/15 16:19:08 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2004/12/15 16:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:28 | 000,205,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2004/07/15 17:31:16 | 000,018,432 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DP83815.sys -- (DP83815)
DRV - [2004/05/15 18:29:12 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/05/11 14:04:02 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/05/11 13:54:50 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/05/11 07:10:34 | 000,376,224 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanUIG.sys -- (WlanUIG)
DRV - [2004/02/17 17:59:18 | 000,273,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\calihal.sys -- (CALIHALA)
DRV - [2004/02/17 17:58:40 | 000,292,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\caliaud.sys -- (CALIAUD)
DRV - [2003/05/21 14:35:56 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/05/21 14:31:22 | 001,063,040 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/13 12:25:58 | 000,163,712 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2002/10/17 02:00:02 | 000,057,344 | ---- | M] (LAN-Express) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Express.sys -- (LEX_NIC_SERVICE)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/07/18 14:07:50 | 000,023,602 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2002/07/17 12:09:12 | 000,014,504 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpci.sys -- (HPCI)
DRV - [2002/02/20 02:34:18 | 000,072,576 | ---- | M] (The LinkSys Group, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\netusbxp.sys -- (USBNET_XP)
DRV - [2001/12/17 12:54:32 | 000,026,112 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aliirda.sys -- (ALiIRDA)
DRV - [2001/08/17 08:48:56 | 000,289,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpab.sys -- (atimpab)
DRV - [2001/08/17 08:19:48 | 000,174,464 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es198x.sys -- (allegro) ESS Allegro Audio Driver (WDM)
DRV - [2001/08/17 08:13:20 | 000,027,164 | ---- | M] (Xircom, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CE3N5.SYS -- (CE3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.orange.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile Mobile Broadband Manager\addon [2010/08/10 19:26:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 22:25:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 19:50:13 | 000,000,000 | ---D | M]

[2010/07/23 17:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Extensions
[2011/06/12 15:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Firefox\Profiles\vb2kxzul.default\extensions
[2010/07/25 13:17:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Firefox\Profiles\vb2kxzul.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/18 09:12:13 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Firefox\Profiles\vb2kxzul.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/06/08 19:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/14 18:10:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/04 23:27:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SWORTHIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VB2KXZUL.DEFAULT\EXTENSIONS\{D09E32DF-8610-4B33-B929-1E631B764130}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SWORTHIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VB2KXZUL.DEFAULT\EXTENSIONS\[email protected]
[2011/01/04 23:26:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/22 22:25:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/01/04 23:26:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/01 23:03:45 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2011/06/08 19:49:52 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/06/08 19:49:52 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/06/08 19:49:52 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/06/08 19:49:52 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/06/08 19:49:52 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/01 22:32:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7951.2587847222 (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{45d5ddb2-34a4-11e0-b0e5-000d9d45a62b}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{a2d0c200-5f8b-11df-aef1-000d9d45a62b}\Shell - "" = AutoRun
O33 - MountPoints2\{a2d0c200-5f8b-11df-aef1-000d9d45a62b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2d0c200-5f8b-11df-aef1-000d9d45a62b}\Shell\AutoRun\command - "" = E:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 00:10:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sworthin\Recent
[2011/06/22 19:45:07 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sworthin\Desktop\OTL.exe
[2011/06/22 08:43:44 | 001,997,072 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\sworthin\Desktop\HousecallLauncher.exe
[2011/06/11 20:25:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\sworthin\My Documents\My Webs
[2011/06/11 20:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sworthin\Application Data\Help
[2011/06/04 16:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/06/04 16:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/06/04 16:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2011/06/04 16:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/07/18 13:09:54 | 000,376,224 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\WlanUIG.sys

========== Files - Modified Within 30 Days ==========

[2011/06/28 11:24:53 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/06/28 11:24:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/28 11:23:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 11:23:24 | 737,202,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/27 20:38:05 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 19:45:26 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sworthin\Desktop\OTL.exe
[2011/06/22 08:44:02 | 001,997,072 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\sworthin\Desktop\HousecallLauncher.exe
[2011/06/04 23:57:15 | 000,231,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/04 16:30:04 | 002,057,568 | ---- | M] () -- C:\Documents and Settings\sworthin\Desktop\SecurityTaskManager_Setup.exe

========== Files Created - No Company Name ==========

[2011/06/08 19:50:25 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/08 18:22:06 | 737,202,176 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/04 16:29:00 | 002,057,568 | ---- | C] () -- C:\Documents and Settings\sworthin\Desktop\SecurityTaskManager_Setup.exe
[2011/05/22 06:11:29 | 000,010,950 | -HS- | C] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\aq7ihxrnx8m737xh6m6f4
[2011/05/22 06:11:29 | 000,010,950 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aq7ihxrnx8m737xh6m6f4
[2011/04/24 11:33:48 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/04/24 11:33:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/04/23 14:41:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2011/02/02 13:34:36 | 002,336,384 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/02/02 13:34:36 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/02/02 13:34:36 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/02/02 13:34:33 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/02/02 13:34:33 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/11/27 18:45:36 | 000,015,620 | ---- | C] () -- C:\WINDOWS\System32\SystemRs11.sm.SYS
[2010/11/10 09:24:47 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sysres10.dat
[2010/08/04 23:37:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\sworthin\Application Data\$_hpcst$.hpc
[2010/08/02 10:15:57 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/07/27 13:30:33 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\housecall.guid.cache
[2010/07/25 10:39:33 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 22:44:14 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/11 15:30:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/08 12:29:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/07/08 12:29:59 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/14 19:29:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/12/30 22:24:53 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2005/12/12 18:47:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/12/12 18:29:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/11/06 00:18:02 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/04/25 18:11:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/04/25 16:23:10 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/05 20:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2003/11/26 14:30:18 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/11/26 12:10:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/04/07 14:41:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2003/04/07 14:41:19 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/07 14:32:00 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/07 14:31:52 | 000,000,139 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/15 00:50:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\RemoveCpl.exe
[2003/01/09 15:34:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\DetectHardware.exe
[2002/12/23 22:23:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\WinXPDisableZeroConfigation.exe
[2002/12/23 00:22:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RemoveInstallShield.exe
[2002/09/09 23:47:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2002/09/09 16:16:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/09/09 16:15:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/09/09 16:02:16 | 000,503,480 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/09 16:02:16 | 000,087,564 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/09 15:56:08 | 000,231,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/09 15:49:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/09 15:44:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 08:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 08:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/10/25 14:54:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2001/10/25 14:53:34 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/08/02 21:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/09 20:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laconic Software
[2011/01/05 11:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/07/08 12:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/11/20 11:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/06/13 01:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/11/12 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/08/01 23:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\Foxit
[2010/08/01 23:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\Foxit Software
[2011/06/27 19:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\FrostWire
[2010/11/18 00:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\id Software
[2003/04/07 14:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\InterTrust
[2005/04/26 08:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\InterVideo
[2010/08/15 13:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\IObit
[2010/10/14 18:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\OpenOffice.org
[2010/08/10 19:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\Program Files
[2010/10/07 18:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\Samsung
[2011/02/19 16:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\Windows Desktop Search
[2011/02/19 17:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\Windows Search

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 30 June 2011 - 12:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets start to clean you up

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2011/05/22 06:11:29 | 000,010,950 | -HS- | C] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\aq7ihxrnx8m737xh6m6f4
    [2011/05/22 06:11:29 | 000,010,950 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aq7ihxrnx8m737xh6m6f4

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\sworthin\Local Settings\Application Data\aq7ihxrnx8m737xh6m6f4
    C:\Documents and Settings\All Users\Application Data\aq7ihxrnx8m737xh6m6f4

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
bazza.ab
Posted 01 July 2011 - 01:47 PM

bazza.ab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi bEssexboy
thanks for the help,the second scan took a while also I had some trouble withh the flash drive when i plugged it into the infected laptop,here's the two scans you requested

OTL logfile created on: 01/07/2011 19:09:16 - Run 4
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\sworthin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

702.98 Mb Total Physical Memory | 399.88 Mb Available Physical Memory | 56.88% Memory free
1.15 Gb Paging File | 0.89 Gb Available in Paging File | 77.37% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 17.47 Gb Free Space | 51.11% Space Free | Partition Type: NTFS
Drive D: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 40.35 Gb Total Space | 40.23 Gb Free Space | 99.71% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.47 Gb Free Space | 77.74% Space Free | Partition Type: FAT

Computer Name: SIMON | User Name: sworthin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/22 19:45:26 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sworthin\Desktop\OTL.exe
PRC - [2011/05/10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 12:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/04/27 11:43:30 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/07/16 14:43:04 | 000,241,664 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
PRC - [2009/07/16 14:42:20 | 000,132,608 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/02/02 21:12:24 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002/08/15 10:11:00 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPConfig.exe
PRC - [2002/07/17 10:12:20 | 000,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/22 19:45:26 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sworthin\Desktop\OTL.exe
MOD - [2011/05/10 13:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/02/02 21:12:16 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/04/27 11:43:30 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/07/16 14:43:04 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008/04/14 01:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 01:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2002/08/15 10:11:00 | 000,151,552 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPConfig.exe -- (HPConfig)
SRV - [2002/07/17 10:12:20 | 000,053,248 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe -- (HPWirelessMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/15 09:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/05/13 09:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/27 11:43:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/05/22 09:08:38 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/05/22 09:04:04 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/05/22 09:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/05/22 09:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/05/22 09:04:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/07/03 15:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 15:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 15:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2004/12/15 16:19:08 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2004/12/15 16:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:28 | 000,205,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2004/07/15 17:31:16 | 000,018,432 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DP83815.sys -- (DP83815)
DRV - [2004/05/15 18:29:12 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/05/11 14:04:02 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/05/11 13:54:50 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/05/11 07:10:34 | 000,376,224 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanUIG.sys -- (WlanUIG)
DRV - [2004/02/17 17:59:18 | 000,273,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\calihal.sys -- (CALIHALA)
DRV - [2004/02/17 17:58:40 | 000,292,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\caliaud.sys -- (CALIAUD)
DRV - [2003/05/21 14:35:56 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/05/21 14:31:22 | 001,063,040 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/13 12:25:58 | 000,163,712 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2002/10/17 02:00:02 | 000,057,344 | ---- | M] (LAN-Express) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Express.sys -- (LEX_NIC_SERVICE)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/07/18 14:07:50 | 000,023,602 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2002/07/17 12:09:12 | 000,014,504 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpci.sys -- (HPCI)
DRV - [2002/02/20 02:34:18 | 000,072,576 | ---- | M] (The LinkSys Group, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netusbxp.sys -- (USBNET_XP)
DRV - [2001/12/17 12:54:32 | 000,026,112 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aliirda.sys -- (ALiIRDA)
DRV - [2001/08/17 08:48:56 | 000,289,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpab.sys -- (atimpab)
DRV - [2001/08/17 08:19:48 | 000,174,464 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es198x.sys -- (allegro) ESS Allegro Audio Driver (WDM)
DRV - [2001/08/17 08:13:20 | 000,027,164 | ---- | M] (Xircom, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CE3N5.SYS -- (CE3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.orange.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile Mobile Broadband Manager\addon [2010/08/10 19:26:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 22:25:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 19:50:13 | 000,000,000 | ---D | M]

[2010/07/23 17:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Extensions
[2011/06/12 15:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Firefox\Profiles\vb2kxzul.default\extensions
[2010/07/25 13:17:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Firefox\Profiles\vb2kxzul.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/18 09:12:13 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\sworthin\Application Data\Mozilla\Firefox\Profiles\vb2kxzul.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/06/08 19:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/14 18:10:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/04 23:27:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SWORTHIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VB2KXZUL.DEFAULT\EXTENSIONS\{D09E32DF-8610-4B33-B929-1E631B764130}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SWORTHIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VB2KXZUL.DEFAULT\EXTENSIONS\[email protected]
[2011/01/04 23:26:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/22 22:25:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/01/04 23:26:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/01 23:03:45 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2011/06/08 19:49:52 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/06/08 19:49:52 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/06/08 19:49:52 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/06/08 19:49:52 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/06/08 19:49:52 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/01 18:52:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7951.2587847222 (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{45d5ddb2-34a4-11e0-b0e5-000d9d45a62b}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{a2d0c200-5f8b-11df-aef1-000d9d45a62b}\Shell - "" = AutoRun
O33 - MountPoints2\{a2d0c200-5f8b-11df-aef1-000d9d45a62b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2d0c200-5f8b-11df-aef1-000d9d45a62b}\Shell\AutoRun\command - "" = E:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 19:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sworthin\Desktop\g2g
[2011/07/01 18:52:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/28 00:10:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sworthin\Recent
[2011/06/22 19:45:07 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sworthin\Desktop\OTL.exe
[2011/06/22 08:43:44 | 001,997,072 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\sworthin\Desktop\HousecallLauncher.exe
[2011/06/11 20:25:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\sworthin\My Documents\My Webs
[2011/06/11 20:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sworthin\Application Data\Help
[2011/06/04 16:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/06/04 16:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/06/04 16:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2011/06/04 16:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/07/18 13:09:54 | 000,376,224 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\WlanUIG.sys

========== Files - Modified Within 30 Days ==========

[2011/07/01 19:07:16 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/07/01 19:05:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/01 19:04:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/01 19:04:33 | 737,202,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/01 18:52:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/27 20:38:05 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 19:45:26 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sworthin\Desktop\OTL.exe
[2011/06/22 08:44:02 | 001,997,072 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\sworthin\Desktop\HousecallLauncher.exe
[2011/06/04 23:57:15 | 000,231,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/04 16:30:04 | 002,057,568 | ---- | M] () -- C:\Documents and Settings\sworthin\Desktop\SecurityTaskManager_Setup.exe

========== Files Created - No Company Name ==========

[2011/06/08 19:50:25 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/08 18:22:06 | 737,202,176 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/04 16:29:00 | 002,057,568 | ---- | C] () -- C:\Documents and Settings\sworthin\Desktop\SecurityTaskManager_Setup.exe
[2011/04/24 11:33:48 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/04/24 11:33:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/04/23 14:41:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2011/02/02 13:34:36 | 002,336,384 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/02/02 13:34:36 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/02/02 13:34:36 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/02/02 13:34:33 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/02/02 13:34:33 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/11/27 18:45:36 | 000,015,620 | ---- | C] () -- C:\WINDOWS\System32\SystemRs11.sm.SYS
[2010/11/10 09:24:47 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sysres10.dat
[2010/08/04 23:37:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\sworthin\Application Data\$_hpcst$.hpc
[2010/08/02 10:15:57 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/07/27 13:30:33 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\housecall.guid.cache
[2010/07/25 10:39:33 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\sworthin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 22:44:14 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/11 15:30:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/08 12:29:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/07/08 12:29:59 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/14 19:29:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/12/30 22:24:53 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2005/12/12 18:47:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/12/12 18:29:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/11/06 00:18:02 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/04/25 18:11:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/04/25 16:23:10 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/05 20:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2003/11/26 14:30:18 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/11/26 12:10:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/04/07 14:41:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2003/04/07 14:41:19 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/07 14:32:00 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/07 14:31:52 | 000,000,139 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/15 00:50:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\RemoveCpl.exe
[2003/01/09 15:34:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\DetectHardware.exe
[2002/12/23 22:23:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\WinXPDisableZeroConfigation.exe
[2002/12/23 00:22:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RemoveInstallShield.exe
[2002/09/09 23:47:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2002/09/09 16:16:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/09/09 16:15:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/09/09 16:02:16 | 000,503,480 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/09 16:02:16 | 000,087,564 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/09 15:56:08 | 000,231,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/09 15:49:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/09 15:44:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 08:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 08:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/10/25 14:54:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2001/10/25 14:53:34 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/08/02 21:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/09 20:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laconic Software
[2011/01/05 11:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/07/08 12:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/11/20 11:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/06/13 01:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/11/12 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/08/01 23:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\Foxit
[2010/08/01 23:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\Foxit Software
[2011/06/27 19:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\FrostWire
[2010/11/18 00:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\id Software
[2003/04/07 14:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\InterTrust
[2005/04/26 08:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\InterVideo
[2010/08/15 13:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\IObit
[2010/10/14 18:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\OpenOffice.org
[2010/08/10 19:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\Program Files
[2010/10/07 18:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\Samsung
[2011/02/19 16:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\Windows Desktop Search
[2011/02/19 17:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sworthin\Application Data\Windows Search

========== Purity Check ==========



< End of report >




aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-01 19:21:53
-----------------------------
19:21:53.159 OS Version: Windows 5.1.2600 Service Pack 3
19:21:53.159 Number of processors: 1 586 0x209
19:21:53.159 ComputerName: SIMON UserName:
19:21:55.042 Initialize success
19:21:55.923 AVAST engine defs: 11070100
19:22:01.110 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:22:01.120 Disk 0 Vendor: TOSHIBA_MK8025GAS KA023A Size: 76319MB BusType: 3
19:22:03.173 Disk 0 MBR read successfully
19:22:03.183 Disk 0 MBR scan
19:22:03.203 Disk 0 unknown MBR code
19:22:05.226 Disk 0 scanning sectors +156296385
19:22:05.306 Disk 0 scanning C:\WINDOWS\system32\drivers
19:22:28.590 Service scanning
19:22:30.262 Disk 0 trace - called modules:
19:22:30.332 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys aliide.sys PCIIDEX.SYS
19:22:30.352 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83763ab8]
19:22:30.382 3 CLASSPNP.SYS[f7f61fd7] -> nt!IofCallDriver -> \Device\00000084[0x837929e8]
19:22:30.403 5 ACPI.sys[f7ed8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8375b940]
19:22:30.823 AVAST engine scan C:\WINDOWS
20:25:55.504 AVAST engine scan C:\Documents and Settings\sworthin
20:29:53.576 AVAST engine scan C:\Documents and Settings\All Users
20:30:36.929 Scan finished successfully
20:31:40.240 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\sworthin\Desktop\MBR.dat"
20:31:40.280 The log file has been saved successfully to "C:\Documents and Settings\sworthin\Desktop\aswMBR.txt"


thanks
Bazza
  • 0

#4
Essexboy
Posted 01 July 2011 - 01:55 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The aswMBR scan actually ran a full virus scan of your system files using the onboard Avast

I have now taken out all I can see so I will now use an automated tool to search other areas for me

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
bazza.ab
Posted 01 July 2011 - 03:08 PM

bazza.ab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi essexboy
downloaded and ran combifix and it installed recovery console,but,when combifix was running (for over half hour)the laptop really quickly re-started,there's no log on desktop, the desktop seems to be running quicker and the red microsoft automatic download shield has gone, do you want me to try combifix again?
thanks
Bazza
  • 0

#6
Essexboy
Posted 01 July 2011 - 03:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please re-run it now
  • 0

#7
bazza.ab
Posted 01 July 2011 - 04:03 PM

bazza.ab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi EB
problem herem scans on stage 50and still seems to be running but a box like the !microsoft error report box" came up and said PEV.exe has encountered a problem and needs to close, sorry for the inconvenience, and now it's just rebooted again,I may have to leave this till tomorrow (sorry gotta be up at 6am for work)if you want me to try again I can leave it running and post log (if there is one tomorrow)
thanks
Bazza
  • 0

#8
bazza.ab
Posted 01 July 2011 - 04:04 PM

bazza.ab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi EB
problem herem scans on stage 50and still seems to be running but a box like the !microsoft error report box" came up and said PEV.exe has encountered a problem and needs to close, sorry for the inconvenience, and now it's just rebooted again,I may have to leave this till tomorrow (sorry gotta be up at 6am for work)if you want me to try again I can leave it running and post log (if there is one tomorrow)
thanks
Bazza
  • 0

#9
Essexboy
Posted 01 July 2011 - 04:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem there is more than one way to skin a cat :)

If no log is present then we will take another approach

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#10
bazza.ab
Posted 02 July 2011 - 01:11 PM

bazza.ab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi essexboy scan took ages,here the first report

Autoscan: completed 13 minutes ago (events: 2, objects: 221416, time: 02:34:54)
02/07/2011 17:02:29 Task started
02/07/2011 19:37:24 Task completed
attach this file button doesn't seem to work,sending this and tring to send it again
thanks
Bazza
  • 0

Advertisements

#11
Essexboy
Posted 02 July 2011 - 01:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If the attachment does not work I will PM you my e-mail address to send it to me there
  • 0

#12
bazza.ab
Posted 02 July 2011 - 01:48 PM

bazza.ab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi essexboy scan took ages,here the first report

Autoscan: completed 13 minutes ago (events: 2, objects: 221416, time: 02:34:54)
02/07/2011 17:02:29 Task started
02/07/2011 19:37:24 Task completed
attach this file button doesn't seem to work,sending this and tring to send it again
thanks
Bazza

dont know if I've attached the zip file browsed and opened it and when i pressed attach this file both the browse and cancel button disappeared
  • 0

#13
bazza.ab
Posted 02 July 2011 - 02:23 PM

bazza.ab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
At Last
sent this on infected laptop
Bazza

Attached Files


  • 0

#14
Essexboy
Posted 02 July 2011 - 02:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run can you let me know what problems remain


  • Re-run AVPTool
  • Select the Manual Disinfection tab
  • Where it states Step 3 paste in the following disinfection script and press execute 

    begin
SetAVZPMStatus(True);
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 DelBHO('{32683183-48a0-441b-a342-7c2a440a9478}');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file

Posted Image
  • 0

#15
bazza.ab
Posted 02 July 2011 - 03:06 PM

bazza.ab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Sorry EB
do you want me to scan again or just copy and paste step 3,
:)
thanks
Bazza
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP