Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think my Computer Infected with Ramnit - H PLEASE HELP ME!


  • This topic is locked This topic is locked

#1
tallula28

tallula28

    Member

  • Member
  • PipPip
  • 71 posts
Hi
my computer has been running dodgy for a month or so now ie. redirects at google, when i switched it on in the morning sometimes it would go to black screen and wouldnt let me choose options like the keyboard didnt work and i had to turn it off by the plug and try and get it on as reebooting did the same. I also had a windows warning sayingthat some files need to be renamed to continue working which I ignored but this kept coming up.
I scanned using MalWare Bytes and it found stuff everday, I also had clamwin antivirus on my PC which I scanned with and that kept finding 18 or more infections.
Then a couple of days ago I noticed my Clamwin has dissappeared from my toolbar. I tried to access it throgh the start menu but it wouldnt run. so I uninstalled it and then my google wouldnt let me go on any antivirus sites - it kept saying there was a connection problem although i had other windows open and could get other websites up fine. In the end the only one I could get on was Cnet (i think that was what t was called). I downloaded Avast and it did a boot scan and all these different infected files came up and i noticed lots of them said Win32 and Ramnit - H.
I said delete to all. However my computer is still running dodgy and suspiously so I suspect im still infected with something!
Please someone help! I have run OTL and here are the results:

z\TL logfile created on: 01/08/2011 08:52:28 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Carly\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 254.66 Mb Available Physical Memory | 53.11% Memory free
1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.20% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 3.93 Gb Free Space | 10.54% Space Free | Partition Type: NTFS

Computer Name: CARLI-C6D84292A | User Name: Carly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 08:48:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carly\Desktop\OTL.exe
PRC - [2011/07/04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/09 13:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/07/13 02:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/11/18 20:57:22 | 000,044,176 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/11/04 16:48:50 | 000,187,392 | R--- | M] () -- C:\WINDOWS\system32\pctspk.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 08:48:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carly\Desktop\OTL.exe
MOD - [2011/07/04 12:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/04/14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 23:04:34 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2006/08/10 07:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2002/10/23 07:01:32 | 000,136,044 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)
DRV - [2002/10/22 03:43:38 | 000,065,343 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2002/10/22 03:43:06 | 000,696,557 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2002/10/22 03:42:12 | 000,551,915 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 A4 B8 AE 29 3C CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{E6658ADF-4538-42ED-8C63-C8701347B658}: C:\Documents and Settings\Carly\Local Settings\Application Data\{E6658ADF-4538-42ED-8C63-C8701347B658} [2011/06/22 23:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/28 13:34:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 23:00:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/28 15:13:59 | 000,000,000 | ---D | M]

[2010/05/24 23:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Extensions
[2010/05/24 23:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Extensions\[email protected]
[2009/12/09 23:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Extensions\[email protected]
[2011/07/28 09:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Firefox\Profiles\zbimcpvr.karlipro\extensions
[2011/03/04 13:33:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Firefox\Profiles\zbimcpvr.karlipro\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/30 07:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/12 22:06:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/28 00:29:35 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]
[2011/06/24 23:00:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/12 21:40:04 | 000,000,075 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Xfivuguzeleqayi] File not found
O4 - HKCU..\Run: [JbjJmkdm] File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} http://p.playfirst.c...eb.1.0.0.21.cab (CPlayFirstFashionDasControl Object)
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://www.shockwave...eb.1.0.0.12.cab (CPlayFirstDairyDashWControl Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} http://games.bigfish...Web.1.0.0.4.cab (CPlayFirstDiaperDashControl Object)
O16 - DPF: {61A54BB0-F380-446F-8727-9AEA23711471} http://p.playfirst.c...sh.1.0.0.55.cab (CPlayFirstWeddingDashControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://p.playfirst.c...tg.1.0.0.32.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/...sh.1.0.0.50.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://games.bigfish...sh.1.0.0.47.cab (CPlayFirstWeddingDashControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Carly\Local Settings\Application Data\bxrwcksn\jbjjmkdm.exe) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Carly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/06 17:30:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 08:48:25 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carly\Desktop\OTL.exe
[2011/07/28 13:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/28 13:35:59 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/28 13:35:59 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/28 13:35:46 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/28 13:35:46 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/28 13:35:44 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/28 13:35:42 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/28 13:35:42 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/28 13:35:41 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/28 13:34:29 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/28 13:34:28 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/28 13:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/28 13:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/27 16:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carly\Local Settings\Application Data\bxrwcksn
[2011/07/08 15:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carly\Application Data\Oqle
[2011/07/07 16:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carly\Desktop\shaney
[2011/07/07 10:14:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/07/04 15:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carly\Application Data\Piob
[2011/07/04 15:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carly\Application Data\Ciazp
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Carly\My Documents\*.tmp files -> C:\Documents and Settings\Carly\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 08:48:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carly\Desktop\OTL.exe
[2011/08/01 08:16:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/01 08:16:25 | 000,001,536 | ---- | M] () -- C:\WINDOWS\System32\TrueSoft.dat
[2011/08/01 08:16:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/01 08:15:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/01 08:15:44 | 502,845,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/01 07:58:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/29 23:10:33 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/28 13:36:00 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/28 13:35:43 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/28 09:51:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qyusa.bin
[2011/07/27 09:12:06 | 000,001,034 | ---- | M] () -- C:\WINDOWS\Wvuvoxi.dat
[2011/07/22 21:57:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/22 18:31:28 | 001,022,052 | ---- | M] () -- C:\Documents and Settings\Carly\Desktop\iTunes Music Library.xml
[2011/07/22 10:27:00 | 000,021,768 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/07/17 10:39:12 | 000,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 09:21:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/07 17:27:48 | 000,156,801 | ---- | M] () -- C:\Documents and Settings\Carly\Desktop\66378_448045484142_745269142_5382913_5055528_n.JPG
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 12:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 12:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 12:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Carly\My Documents\*.tmp files -> C:\Documents and Settings\Carly\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/28 13:36:00 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/22 18:31:27 | 001,022,052 | ---- | C] () -- C:\Documents and Settings\Carly\Desktop\iTunes Music Library.xml
[2011/07/07 17:27:48 | 000,156,801 | ---- | C] () -- C:\Documents and Settings\Carly\Desktop\66378_448045484142_745269142_5382913_5055528_n.JPG
[2011/07/05 21:18:43 | 001,268,612 | ---- | C] () -- C:\Documents and Settings\Carly\My Documents\IMG_0480.JPG
[2010/09/03 16:05:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Carly\Local Settings\Application Data\housecall.guid.cache
[2010/08/31 14:09:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/29 13:21:43 | 000,001,034 | ---- | C] () -- C:\WINDOWS\Wvuvoxi.dat
[2010/08/29 13:21:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qyusa.bin
[2010/06/11 20:19:20 | 000,000,083 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2010/01/19 12:29:59 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/01/19 12:29:59 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/01/19 12:29:59 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/01/19 12:29:59 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/01/19 12:29:59 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/01/19 12:29:59 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/01/19 12:29:59 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/01/19 12:29:59 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/01/19 12:29:59 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/01/19 12:29:59 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/01/19 12:29:59 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/01/19 12:29:59 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/01/19 12:29:59 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/01/19 12:29:59 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/01/19 12:29:59 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/01/19 12:29:59 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/01/19 12:29:59 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/01/19 12:29:59 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/01/19 12:29:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/12/22 20:28:11 | 000,021,768 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/08 16:00:42 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2009/12/08 15:59:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
[2009/12/06 23:21:14 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Carly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/06 23:02:42 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2009/12/06 23:02:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PTPTT.dat
[2009/12/06 23:02:36 | 000,187,392 | R--- | C] () -- C:\WINDOWS\System32\pctspk.exe
[2009/12/06 23:02:36 | 000,000,456 | R--- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2009/12/06 18:29:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/06 18:05:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/06 17:30:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/06 17:24:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/06 17:23:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/12/06 16:58:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/06 16:56:04 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 13:00:00 | 000,464,332 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 13:00:00 | 000,080,746 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/05/12 04:48:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/07/28 13:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/29 12:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2010/12/17 00:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funny Bear Studio
[2011/01/05 21:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2010/12/26 00:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2010/12/14 23:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/11/07 14:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/07/15 00:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/24 23:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/12/08 16:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/02/24 14:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/04/15 16:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/09 21:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/09 09:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Abus
[2010/09/09 16:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Awbeke
[2011/07/06 15:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Ciazp
[2011/03/02 15:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Farm Mania 2.1
[2011/07/22 19:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\FrostWire
[2010/08/09 17:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\IBAGroup
[2009/12/09 23:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\MSNInstaller
[2010/05/14 13:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Ogfo
[2011/07/12 00:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Oqle
[2010/02/03 15:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Panasonic
[2011/07/06 15:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Piob
[2010/12/14 23:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\PlayFirst
[2010/10/02 16:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\QuickScan
[2010/09/03 10:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Regato
[2011/06/15 10:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Samsung
[2010/12/15 00:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Supermarket Mania 2
[2010/05/24 23:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\TomTom
[2011/05/27 17:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\TrickySoftware
[2010/09/10 11:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Wyebu

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:193CB03B
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFF6B3FF
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08801FDB

< End of report >


OTL Extras logfile created on: 01/08/2011 08:52:28 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Carly\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 254.66 Mb Available Physical Memory | 53.11% Memory free
1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.20% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 3.93 Gb Free Space | 10.54% Space Free | Partition Type: NTFS

Computer Name: CARLI-C6D84292A | User Name: Carly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\Temp\alg.exe" = C:\WINDOWS\Temp\alg.exe:*:Enabled:Application Layer Gateway Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 22
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity ™
"BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville ™
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR300 Reference Guide" = ESPR300 Reference Guide
"ESPR300 Software Guide" = ESPR300 Software Guide
"ESPR300 Standalone Guide" = ESPR300 Standalone Guide
"FrostWire" = FrostWire 4.21.8
"ie8" = Windows Internet Explorer 8
"Installing HSP56 MicroModem Drivers" = HSP56 MR Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.1
"SpywareBlaster_is1" = SpywareBlaster 4.4
"TomTom HOME" = TomTom HOME 2.8.1.2218
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/07/2011 17:04:49 | Computer Name = CARLI-C6D84292A | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 25/07/2011 10:55:10 | Computer Name = CARLI-C6D84292A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/07/2011 04:03:16 | Computer Name = CARLI-C6D84292A | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module owesawegumesa.dll, version 0.0.0.0, fault address 0x00025e4b.

Error - 28/07/2011 04:06:38 | Computer Name = CARLI-C6D84292A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/07/2011 08:11:45 | Computer Name = CARLI-C6D84292A | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module owesawegumesa.dll, version 0.0.0.0, fault address 0x00025e4b.

Error - 28/07/2011 08:32:35 | Computer Name = CARLI-C6D84292A | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 28/07/2011 08:32:35 | Computer Name = CARLI-C6D84292A | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 31/07/2011 03:31:20 | Computer Name = CARLI-C6D84292A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 31/07/2011 03:31:20 | Computer Name = CARLI-C6D84292A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 01/08/2011 03:18:27 | Computer Name = CARLI-C6D84292A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 14/07/2011 17:04:49 | Computer Name = CARLI-C6D84292A | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 25/07/2011 10:55:10 | Computer Name = CARLI-C6D84292A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/07/2011 04:03:16 | Computer Name = CARLI-C6D84292A | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module owesawegumesa.dll, version 0.0.0.0, fault address 0x00025e4b.

Error - 28/07/2011 04:06:38 | Computer Name = CARLI-C6D84292A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/07/2011 08:11:45 | Computer Name = CARLI-C6D84292A | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module owesawegumesa.dll, version 0.0.0.0, fault address 0x00025e4b.

Error - 28/07/2011 08:32:35 | Computer Name = CARLI-C6D84292A | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 28/07/2011 08:32:35 | Computer Name = CARLI-C6D84292A | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 31/07/2011 03:31:20 | Computer Name = CARLI-C6D84292A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 31/07/2011 03:31:20 | Computer Name = CARLI-C6D84292A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 01/08/2011 03:18:27 | Computer Name = CARLI-C6D84292A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 29/07/2011 04:48:52 | Computer Name = CARLI-C6D84292A | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x74), which lies in the 0x74 - 0x76 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 29/07/2011 04:48:52 | Computer Name = CARLI-C6D84292A | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x75), which lies in the 0x74 - 0x76 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 30/07/2011 03:01:03 | Computer Name = CARLI-C6D84292A | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x74), which lies in the 0x74 - 0x76 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 30/07/2011 03:01:03 | Computer Name = CARLI-C6D84292A | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x75), which lies in the 0x74 - 0x76 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 31/07/2011 03:28:20 | Computer Name = CARLI-C6D84292A | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x74), which lies in the 0x74 - 0x76 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 31/07/2011 03:28:20 | Computer Name = CARLI-C6D84292A | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x75), which lies in the 0x74 - 0x76 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 31/07/2011 07:27:58 | Computer Name = CARLI-C6D84292A | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x74), which lies in the 0x74 - 0x76 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 31/07/2011 07:27:58 | Computer Name = CARLI-C6D84292A | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x75), which lies in the 0x74 - 0x76 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 01/08/2011 03:15:47 | Computer Name = CARLI-C6D84292A | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x74), which lies in the 0x74 - 0x76 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 01/08/2011 03:15:47 | Computer Name = CARLI-C6D84292A | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x75), which lies in the 0x74 - 0x76 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.


< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again, OK first thing to do is remove the malware I can see and then get a second opinion on the Ramnit classification

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [Xfivuguzeleqayi] File not found
    O4 - HKCU..\Run: [JbjJmkdm] File not found
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Carly\Local Settings\Application Data\bxrwcksn\jbjjmkdm.exe) - File not found
    [2011/07/27 16:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carly\Local Settings\Application Data\bxrwcksn
    [2011/07/08 15:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carly\Application Data\Oqle
    [2011/07/04 15:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carly\Application Data\Piob
    [2011/07/04 15:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carly\Application Data\Ciazp
    [2011/07/28 09:51:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qyusa.bin
    [2011/07/27 09:12:06 | 000,001,034 | ---- | M] () -- C:\WINDOWS\Wvuvoxi.dat
    [2010/08/29 13:21:43 | 000,001,034 | ---- | C] () -- C:\WINDOWS\Wvuvoxi.dat
    [2010/08/29 13:21:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qyusa.bin

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [ZipFiles]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download Dr Web from here Fill in the small form and download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
  • 0

#3
tallula28

tallula28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Hi

Here is the OTL log file I will do the next part now then post it after.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Xfivuguzeleqayi deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JbjJmkdm deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\Carly\Local Settings\Application Data\bxrwcksn\jbjjmkdm.exe deleted successfully.
C:\Documents and Settings\Carly\Local Settings\Application Data\bxrwcksn folder moved successfully.
C:\Documents and Settings\Carly\Application Data\Oqle folder moved successfully.
C:\Documents and Settings\Carly\Application Data\Piob folder moved successfully.
C:\Documents and Settings\Carly\Application Data\Ciazp folder moved successfully.
C:\WINDOWS\Qyusa.bin moved successfully.
C:\WINDOWS\Wvuvoxi.dat moved successfully.
File C:\WINDOWS\Wvuvoxi.dat not found.
File C:\WINDOWS\Qyusa.bin not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Carly\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Carly\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Andrew
->Temp folder emptied: 1202 bytes
->Temporary Internet Files folder emptied: 141906 bytes
->Java cache emptied: 11792520 bytes
->FireFox cache emptied: 4444198 bytes

User: Carly
->Temp folder emptied: 1763216580 bytes
->Temporary Internet Files folder emptied: 85493516 bytes
->Java cache emptied: 56377951 bytes
->FireFox cache emptied: 830824604 bytes
->Google Chrome cache emptied: 6069735 bytes
->Flash cache emptied: 2339652 bytes

User: Colby
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 5361245 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 98438 bytes
->Flash cache emptied: 828 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 44110607 bytes
->Java cache emptied: 878 bytes
->Flash cache emptied: 3189 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 4528145 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 854537 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12918044 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 12712972 bytes

Total Files Cleaned = 2,712.00 mb


[EMPTYFLASH]

User: All Users

User: Andrew

User: Carly
->Flash cache emptied: 0 bytes

User: Colby

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.1 log created on 08012011_194501

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#4
tallula28

tallula28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Oooppps wrong OTL log :)

OTL logfile created on: 01/08/2011 20:18:20 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Carly\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 60.85 Mb Available Physical Memory | 12.69% Memory free
1.10 Gb Paging File | 0.79 Gb Available in Paging File | 72.30% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.87 Gb Free Space | 18.44% Space Free | Partition Type: NTFS

Computer Name: CARLI-C6D84292A | User Name: Carly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 08:48:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carly\Desktop\OTL.exe
PRC - [2011/07/04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/24 23:00:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/09 13:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/13 02:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/11/18 20:57:22 | 000,044,176 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/09/11 04:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0F2.EXE
PRC - [2002/11/04 16:48:50 | 000,187,392 | R--- | M] () -- C:\WINDOWS\system32\pctspk.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 08:48:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carly\Desktop\OTL.exe
MOD - [2011/07/04 12:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/04/14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 23:04:34 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2006/08/10 07:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2002/10/23 07:01:32 | 000,136,044 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)
DRV - [2002/10/22 03:43:38 | 000,065,343 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2002/10/22 03:43:06 | 000,696,557 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2002/10/22 03:42:12 | 000,551,915 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 A4 B8 AE 29 3C CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{E6658ADF-4538-42ED-8C63-C8701347B658}: C:\Documents and Settings\Carly\Local Settings\Application Data\{E6658ADF-4538-42ED-8C63-C8701347B658} [2011/06/22 23:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/28 13:34:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 23:00:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/28 15:13:59 | 000,000,000 | ---D | M]

[2010/05/24 23:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Extensions
[2010/05/24 23:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Extensions\[email protected]
[2009/12/09 23:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Extensions\[email protected]
[2011/07/28 09:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Firefox\Profiles\zbimcpvr.karlipro\extensions
[2011/03/04 13:33:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Firefox\Profiles\zbimcpvr.karlipro\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/30 07:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/12 22:06:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/28 00:29:35 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]
[2011/06/24 23:00:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/01 19:45:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} http://p.playfirst.c...eb.1.0.0.21.cab (CPlayFirstFashionDasControl Object)
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://www.shockwave...eb.1.0.0.12.cab (CPlayFirstDairyDashWControl Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} http://games.bigfish...Web.1.0.0.4.cab (CPlayFirstDiaperDashControl Object)
O16 - DPF: {61A54BB0-F380-446F-8727-9AEA23711471} http://p.playfirst.c...sh.1.0.0.55.cab (CPlayFirstWeddingDashControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://p.playfirst.c...tg.1.0.0.32.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/...sh.1.0.0.50.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://games.bigfish...sh.1.0.0.47.cab (CPlayFirstWeddingDashControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Carly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/06 17:30:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 19:45:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/01 08:48:25 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carly\Desktop\OTL.exe
[2011/07/28 13:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/28 13:35:59 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/28 13:35:59 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/28 13:35:46 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/28 13:35:46 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/28 13:35:44 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/28 13:35:42 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/28 13:35:42 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/28 13:35:41 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/28 13:34:29 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/28 13:34:28 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/28 13:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/28 13:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/07 16:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carly\Desktop\shaney
[2011/07/07 10:14:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[1 C:\Documents and Settings\Carly\My Documents\*.tmp files -> C:\Documents and Settings\Carly\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 20:03:21 | 000,001,536 | ---- | M] () -- C:\WINDOWS\System32\TrueSoft.dat
[2011/08/01 20:03:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/01 20:03:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/01 20:02:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/01 20:02:48 | 502,845,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/01 19:58:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 19:45:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/01 08:48:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carly\Desktop\OTL.exe
[2011/07/29 23:10:33 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/28 13:36:00 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/28 13:35:43 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/22 21:57:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/22 18:31:28 | 001,022,052 | ---- | M] () -- C:\Documents and Settings\Carly\Desktop\iTunes Music Library.xml
[2011/07/22 10:27:00 | 000,021,768 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/07/17 10:39:12 | 000,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 09:21:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/07 17:27:48 | 000,156,801 | ---- | M] () -- C:\Documents and Settings\Carly\Desktop\66378_448045484142_745269142_5382913_5055528_n.JPG
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 12:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 12:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 12:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[1 C:\Documents and Settings\Carly\My Documents\*.tmp files -> C:\Documents and Settings\Carly\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/28 13:36:00 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/22 18:31:27 | 001,022,052 | ---- | C] () -- C:\Documents and Settings\Carly\Desktop\iTunes Music Library.xml
[2011/07/07 17:27:48 | 000,156,801 | ---- | C] () -- C:\Documents and Settings\Carly\Desktop\66378_448045484142_745269142_5382913_5055528_n.JPG
[2011/07/05 21:18:43 | 001,268,612 | ---- | C] () -- C:\Documents and Settings\Carly\My Documents\IMG_0480.JPG
[2010/09/03 16:05:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Carly\Local Settings\Application Data\housecall.guid.cache
[2010/08/31 14:09:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/11 20:19:20 | 000,000,083 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2010/01/19 12:29:59 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/01/19 12:29:59 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/01/19 12:29:59 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/01/19 12:29:59 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/01/19 12:29:59 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/01/19 12:29:59 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/01/19 12:29:59 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/01/19 12:29:59 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/01/19 12:29:59 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/01/19 12:29:59 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/01/19 12:29:59 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/01/19 12:29:59 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/01/19 12:29:59 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/01/19 12:29:59 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/01/19 12:29:59 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/01/19 12:29:59 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/01/19 12:29:59 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/01/19 12:29:59 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/01/19 12:29:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/12/22 20:28:11 | 000,021,768 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/08 16:00:42 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2009/12/08 15:59:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
[2009/12/06 23:21:14 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Carly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/06 23:02:42 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2009/12/06 23:02:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PTPTT.dat
[2009/12/06 23:02:36 | 000,187,392 | R--- | C] () -- C:\WINDOWS\System32\pctspk.exe
[2009/12/06 23:02:36 | 000,000,456 | R--- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2009/12/06 18:29:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/06 18:05:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/06 17:30:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/06 17:24:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/06 17:23:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/12/06 16:58:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/06 16:56:04 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 13:00:00 | 000,464,332 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 13:00:00 | 000,080,746 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/05/12 04:48:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/07/28 13:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/29 12:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2010/12/17 00:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funny Bear Studio
[2011/01/05 21:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2010/12/26 00:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2010/12/14 23:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/11/07 14:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/07/15 00:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/24 23:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/12/08 16:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/02/24 14:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/04/15 16:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/09 21:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/09 09:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Abus
[2010/09/09 16:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Awbeke
[2011/03/02 15:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Farm Mania 2.1
[2011/07/22 19:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\FrostWire
[2010/08/09 17:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\IBAGroup
[2009/12/09 23:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\MSNInstaller
[2010/05/14 13:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Ogfo
[2010/02/03 15:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Panasonic
[2010/12/14 23:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\PlayFirst
[2010/10/02 16:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\QuickScan
[2010/09/03 10:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Regato
[2011/06/15 10:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Samsung
[2010/12/15 00:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Supermarket Mania 2
[2010/05/24 23:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\TomTom
[2011/05/27 17:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\TrickySoftware
[2010/09/10 11:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Wyebu

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:193CB03B
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFF6B3FF
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08801FDB

< End of report >
  • 0

#5
tallula28

tallula28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
My PC wont start in safe mode. I tried with command prompts and with networking aswell and they didnt work either it just kept resarting and the options would appear again. I chosenormal mode and that has worked. Shall I follow the insrtuctions for Dr Web in normal mode?
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye run it in normal mode, we will look at safe mode problems next :)
  • 0

#7
tallula28

tallula28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
I ran the scan for Dr Web but a log didnt come up at the end - it took ages - it just said one virus had been found which was a popcap thing.
Id like to note that I didnt accept an enhanced version as it didnt ask.

:)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that was our second opinion for ramnit and as it did not find it you may have dodged the bullet

Lets try and fix the safe mode now, do not let Avast sandbox anything whilst combofix is running please

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
tallula28

tallula28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Here is the Combofix log: :)

ComboFix 11-08-02.02 - Carly 02/08/2011 21:58:41.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.479.135 [GMT 1:00]
Running from: c:\documents and settings\Carly\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Carly\My Documents\~WRL3393.tmp
c:\windows\Downloaded Program Files\popcaploader.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-02 to 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-01 21:40 . 2011-08-01 21:40 -------- d-----w- c:\documents and settings\Carly\DoctorWeb
2011-08-01 18:45 . 2011-08-01 18:45 -------- d-----w- C:\_OTL
2011-07-28 12:35 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-28 12:35 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-28 12:35 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-28 12:35 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-28 12:35 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-28 12:35 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-28 12:35 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-28 12:35 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-28 12:34 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-28 12:34 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-28 12:33 . 2011-07-28 12:33 -------- d-----w- c:\program files\AVAST Software
2011-07-28 12:33 . 2011-07-28 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-07-07 09:14 . 2011-07-07 11:42 -------- d-----w- c:\windows\system32\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 18:52 . 2009-12-06 17:06 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2009-12-06 17:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 08:39 . 2011-05-22 10:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2008-04-14 00:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 14:02 . 2008-04-14 00:00 1858944 ----a-w- c:\windows\system32\win32k(2).sys
2011-06-24 22:00 . 2011-04-30 06:50 142296 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-10-09 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2002-11-04 187392]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE" [2003-09-11 99840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Andrew\Start Menu\Programs\Startup\
ADSL Diagnostic Tools.LNK - c:\windows\system32\mapiicon.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-5-12 65588]
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-1-19 44176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/07/2011 13:35 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/07/2011 13:35 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/07/2011 13:35 19544]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [09/03/2011 13:30 92592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/05/2010 22:22 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05/05/2010 22:22 135664]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [12/10/2010 22:56 229376]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 21:22]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 21:22]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://p.playfirst.com/play/game/fashiondash/fashiondashweb.1.0.0.21.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab
DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} - hxxp://games.bigfishgames.com/en_diaper-dash/online/DiaperDashWeb.1.0.0.4.cab
DPF: {61A54BB0-F380-446F-8727-9AEA23711471} - hxxp://p.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.55.cab
FF - ProfilePath - c:\documents and settings\Carly\Application Data\Mozilla\Firefox\Profiles\zbimcpvr.karlipro\
FF - prefs.js: browser.search.selectedEngine - eBay.co.uk
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-klmdb.sys
AddRemove-ESPR300 Reference Guide - c:\program files\EPSON\ESPR300\REF_G\DOCUNINS.EXE
AddRemove-ESPR300 Software Guide - c:\program files\EPSON\ESPR300\PQU_G\DOCUNINS.EXE
AddRemove-ESPR300 Standalone Guide - c:\program files\EPSON\ESPR300\STA_G\DOCUNINS.EXE
AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe
AddRemove-Windows Media Player - c:\program files\Windows Media Player\Setup_wm.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-02 22:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-08-02 22:16:13
ComboFix-quarantined-files.txt 2011-08-02 21:16
.
Pre-Run: 6,954,160,128 bytes free
Post-Run: 6,817,792,000 bytes free
.
- - End Of File - - 1173E067C3D5D89DAAD7C497F57879FB
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK it looks like we may need to replace userinit, if it was ramnit then Avast would now be screaming about hundreds of files being infected..

OK lets search for a replacement now

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.*
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Just one log this time :)

  • 0

Advertisements


#11
tallula28

tallula28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Here t is: :)

OTL logfile created on: 02/08/2011 22:32:59 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Carly\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 139.16 Mb Available Physical Memory | 29.02% Memory free
1.10 Gb Paging File | 0.76 Gb Available in Paging File | 68.94% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.38 Gb Free Space | 17.11% Space Free | Partition Type: NTFS

Computer Name: CARLI-C6D84292A | User Name: Carly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 08:48:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carly\Desktop\OTL.exe
PRC - [2011/07/04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/24 23:00:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/09 13:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/13 02:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/11/18 20:57:22 | 000,044,176 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/09/11 04:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0F2.EXE
PRC - [2002/11/04 16:48:50 | 000,187,392 | R--- | M] () -- C:\WINDOWS\system32\pctspk.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 08:48:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carly\Desktop\OTL.exe
MOD - [2011/07/04 12:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/04/14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 23:04:34 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2006/08/10 07:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2002/10/23 07:01:32 | 000,136,044 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)
DRV - [2002/10/22 03:43:38 | 000,065,343 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2002/10/22 03:43:06 | 000,696,557 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2002/10/22 03:42:12 | 000,551,915 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1275210071-152049171-1957994488-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1275210071-152049171-1957994488-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 A4 B8 AE 29 3C CC 01 [binary data]
IE - HKU\S-1-5-21-1275210071-152049171-1957994488-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-152049171-1957994488-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{E6658ADF-4538-42ED-8C63-C8701347B658}: C:\Documents and Settings\Carly\Local Settings\Application Data\{E6658ADF-4538-42ED-8C63-C8701347B658} [2011/06/22 23:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/28 13:34:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 23:00:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/28 15:13:59 | 000,000,000 | ---D | M]

[2010/05/24 23:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Extensions
[2010/05/24 23:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Extensions\[email protected]
[2009/12/09 23:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Extensions\[email protected]
[2011/07/28 09:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Firefox\Profiles\zbimcpvr.karlipro\extensions
[2011/03/04 13:33:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Carly\Application Data\Mozilla\Firefox\Profiles\zbimcpvr.karlipro\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/30 07:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/12 22:06:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/28 00:29:35 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]
[2011/06/24 23:00:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/02 22:09:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1275210071-152049171-1957994488-1006\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-1275210071-152049171-1957994488-1006..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
O4 - Startup: C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\ADSL Diagnostic Tools.LNK = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-152049171-1957994488-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-152049171-1957994488-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1275210071-152049171-1957994488-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-152049171-1957994488-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} http://p.playfirst.c...eb.1.0.0.21.cab (CPlayFirstFashionDasControl Object)
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://www.shockwave...eb.1.0.0.12.cab (CPlayFirstDairyDashWControl Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} http://games.bigfish...Web.1.0.0.4.cab (CPlayFirstDiaperDashControl Object)
O16 - DPF: {61A54BB0-F380-446F-8727-9AEA23711471} http://p.playfirst.c...sh.1.0.0.55.cab (CPlayFirstWeddingDashControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://p.playfirst.c...tg.1.0.0.32.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/...sh.1.0.0.50.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://games.bigfish...sh.1.0.0.47.cab (CPlayFirstWeddingDashControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Carly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/06 17:30:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/02 21:54:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/02 21:54:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/02 21:54:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/02 21:54:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/02 21:53:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/02 21:53:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carly\Start Menu\Programs\Administrative Tools
[2011/08/02 20:06:23 | 004,160,408 | R--- | C] (Swearware) -- C:\Documents and Settings\Carly\Desktop\ComboFix.exe
[2011/08/01 22:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carly\DoctorWeb
[2011/08/01 19:45:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/01 08:48:25 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carly\Desktop\OTL.exe
[2011/07/28 13:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/28 13:35:59 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/28 13:35:59 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/28 13:35:46 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/28 13:35:46 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/28 13:35:44 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/28 13:35:42 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/28 13:35:42 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/28 13:35:41 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/28 13:34:29 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/28 13:34:28 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/28 13:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/28 13:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/07 16:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carly\Desktop\shaney
[2011/07/07 10:14:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

========== Files - Modified Within 30 Days ==========

[2011/08/02 22:09:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/02 20:58:09 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/02 20:06:45 | 004,160,408 | R--- | M] (Swearware) -- C:\Documents and Settings\Carly\Desktop\ComboFix.exe
[2011/08/02 08:38:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/02 08:38:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/02 08:36:51 | 000,001,536 | ---- | M] () -- C:\WINDOWS\System32\TrueSoft.dat
[2011/08/02 08:36:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/02 08:36:13 | 502,845,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/01 20:28:41 | 073,076,720 | ---- | M] () -- C:\Documents and Settings\Carly\Desktop\f6m57thy.exe
[2011/08/01 08:48:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carly\Desktop\OTL.exe
[2011/07/29 23:10:33 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/28 13:36:00 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/28 13:35:43 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/22 21:57:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/22 18:31:28 | 001,022,052 | ---- | M] () -- C:\Documents and Settings\Carly\Desktop\iTunes Music Library.xml
[2011/07/22 10:27:00 | 000,021,768 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/07/17 10:39:12 | 000,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 09:21:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/07 17:27:48 | 000,156,801 | ---- | M] () -- C:\Documents and Settings\Carly\Desktop\66378_448045484142_745269142_5382913_5055528_n.JPG
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 12:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 12:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 12:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/08/02 21:54:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/02 21:54:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/02 21:54:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/02 21:54:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/02 21:54:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/01 20:26:45 | 073,076,720 | ---- | C] () -- C:\Documents and Settings\Carly\Desktop\f6m57thy.exe
[2011/07/28 13:36:00 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/22 18:31:27 | 001,022,052 | ---- | C] () -- C:\Documents and Settings\Carly\Desktop\iTunes Music Library.xml
[2011/07/07 17:27:48 | 000,156,801 | ---- | C] () -- C:\Documents and Settings\Carly\Desktop\66378_448045484142_745269142_5382913_5055528_n.JPG
[2011/07/05 21:18:43 | 001,268,612 | ---- | C] () -- C:\Documents and Settings\Carly\My Documents\IMG_0480.JPG
[2010/09/03 16:05:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Carly\Local Settings\Application Data\housecall.guid.cache
[2010/08/31 14:09:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/11 20:19:20 | 000,000,083 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2010/01/19 12:29:59 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/01/19 12:29:59 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/01/19 12:29:59 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/01/19 12:29:59 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/01/19 12:29:59 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/01/19 12:29:59 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/01/19 12:29:59 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/01/19 12:29:59 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/01/19 12:29:59 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/01/19 12:29:59 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/01/19 12:29:59 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/01/19 12:29:59 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/01/19 12:29:59 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/01/19 12:29:59 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/01/19 12:29:59 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/01/19 12:29:59 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/01/19 12:29:59 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/01/19 12:29:59 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/01/19 12:29:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/12/22 20:28:11 | 000,021,768 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/08 16:00:42 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2009/12/08 15:59:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
[2009/12/06 23:21:14 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Carly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/06 23:02:42 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2009/12/06 23:02:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PTPTT.dat
[2009/12/06 23:02:36 | 000,187,392 | R--- | C] () -- C:\WINDOWS\System32\pctspk.exe
[2009/12/06 23:02:36 | 000,000,456 | R--- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2009/12/06 18:29:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/06 18:05:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/06 17:30:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/06 17:24:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/06 17:23:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/12/06 16:58:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/06 16:56:04 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 13:00:00 | 000,464,332 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 13:00:00 | 000,080,746 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/05/12 04:48:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/07/28 13:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/29 12:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2010/12/17 00:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funny Bear Studio
[2011/01/05 21:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2010/12/26 00:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2010/12/14 23:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/11/07 14:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/07/15 00:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/24 23:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/12/08 16:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/02/24 14:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/04/15 16:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/09 21:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/09 09:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Abus
[2010/09/09 16:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Awbeke
[2011/03/02 15:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Farm Mania 2.1
[2011/07/22 19:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\FrostWire
[2010/08/09 17:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\IBAGroup
[2009/12/09 23:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\MSNInstaller
[2010/05/14 13:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Ogfo
[2010/02/03 15:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Panasonic
[2010/12/14 23:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\PlayFirst
[2010/10/02 16:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\QuickScan
[2010/09/03 10:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Regato
[2011/06/15 10:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Samsung
[2010/12/15 00:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Supermarket Mania 2
[2010/05/24 23:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\TomTom
[2011/05/27 17:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\TrickySoftware
[2010/09/10 11:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carly\Application Data\Wyebu

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT >
[2010/10/09 03:04:26 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\1028\USERINIT

< MD5 for: USERINIT.EXE >
[2010/10/09 03:04:26 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: USERINIT.EXE-30B18140.PF >
[2011/08/02 08:38:51 | 000,026,944 | ---- | M] () MD5=004566BE48C9B32CF1AE1BA0ED8EB916 -- C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf

< MD5 for: WINLOGON.EXE >
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:193CB03B
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFF6B3FF
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08801FDB

< End of report >
  • 0

#12
tallula28

tallula28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
So when i downloaded the Avast and it did that boot scan and i clicked on delete to those files with Ramnit-h on the end they were properly removed?
I have been redirected on google again earlier today.
Do you recommend keeping the avast rather than any other antivirus?
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm that reported OK :)

OK what problems are still present ?
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OOps cross posted,... It looks as though Avast stopped the virus in its tracks which is good, are you still getting redirected ?
  • 0

#15
tallula28

tallula28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Well I was earlier this evening before I had done these last scans.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP