Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

File MBR 0 is infected by :MBR:Whistler - C [Rtk]

Started by rmfoodie , Sep 13 2011 05:39 AM

  • This topic is locked This topic is locked

#16
rmfoodie
Posted 16 September 2011 - 02:52 PM

rmfoodie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OK, Listed are:
Google,
Yahoo,
Bing.
Amazon.com,
eBay,
Wikipedia.

No Conduit.

Advise me please.
Cheers,
rmfoodie.
  • 0

Advertisements

#17
havredave
Posted 16 September 2011 - 03:25 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Ok, running a fix for those past my reviewer; I'll post shortly with instructions, hopefully :)
  • 0

#18
rmfoodie
Posted 16 September 2011 - 03:34 PM

rmfoodie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
The only reference to Conduit after a search of My Computer are as follows:

iSync.dll
and PhoneConduit
Both are in C:\Program Files\Common Files\Apple\Mobile Device Support folder.

Cheers,
rmfoodie.
  • 0

#19
havredave
Posted 16 September 2011 - 04:22 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Ok, we'll do it another way. :)

Please run OTL again.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
FF - prefs.js..browser.search.defaultthis.engineName: "Conduit Engine Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Conduit Engine Customized Web Search"

:Commands
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered. It will reboot the machine when it's finished.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#20
rmfoodie
Posted 16 September 2011 - 04:44 PM

rmfoodie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here is the log:
OTL logfile created on: 17/09/2011 8:07:13 AM - Run 3
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1014.07 Mb Total Physical Memory | 448.34 Mb Available Physical Memory | 44.21% Memory free
1.63 Gb Paging File | 1.23 Gb Available in Paging File | 75.03% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 276.52 Gb Free Space | 92.76% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 121.74 Gb Free Space | 81.68% Space Free | Partition Type: NTFS
Drive F: | 7.55 Gb Total Space | 3.62 Gb Free Space | 47.96% Space Free | Partition Type: FAT32
Drive G: | 240.24 Mb Total Space | 171.75 Mb Free Space | 71.49% Space Free | Partition Type: FAT

Computer Name: USER-25FF45E727 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/14 07:52:43 | 003,495,256 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2011/09/14 06:04:09 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/09/07 06:15:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/07 06:15:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/09/06 02:34:58 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2011/08/02 15:50:00 | 000,610,120 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2011/07/21 06:44:20 | 000,639,864 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/06/02 09:45:30 | 006,123,032 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2011/05/26 13:35:28 | 000,442,656 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/04/22 17:50:12 | 002,527,016 | ---- | M] (KsL Software) -- C:\Program Files\RFA 8\rfagent32.exe
PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/19 09:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 09:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/07/29 12:19:00 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/21 08:13:38 | 000,225,280 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/16 16:43:35 | 001,567,744 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091600\algo.dll
MOD - [2011/09/16 08:32:37 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091600\aswRep.dll
MOD - [2011/09/14 07:52:36 | 000,192,048 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll
MOD - [2011/06/02 09:40:00 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/04/01 14:36:54 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2009/08/18 14:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/04/23 07:23:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/10 08:34:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/04 07:48:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/04 07:48:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/04 07:48:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/04 07:47:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/04 07:47:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/04 07:47:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/04 07:47:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/04 07:47:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/04 07:47:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/07 06:15:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/26 13:35:28 | 000,442,656 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/29 12:19:00 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2005/03/21 08:13:38 | 000,225,280 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)


========== Driver Services (SafeList) ==========

DRV - [2011/09/07 06:08:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/07 06:07:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/07 06:06:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/07 06:06:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/07 06:06:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/07 06:06:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/07 06:03:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/26 13:35:28 | 004,335,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2011/05/26 13:35:26 | 000,285,344 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/15 07:34:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/15 07:32:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/03/17 15:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 06:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/16 06:14:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/19 13:07:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\TUGZip\Plugins [2011/09/16 06:06:15 | 000,000,000 | ---D | M]

[2011/05/01 00:52:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/05/01 00:52:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/09/16 18:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bgpqz9w2.default\extensions
[2011/03/29 00:05:41 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bgpqz9w2.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2011/03/29 00:00:21 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bgpqz9w2.default\extensions\[email protected]
[2011/03/28 23:55:59 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bgpqz9w2.default\extensions\[email protected]
[2011/09/16 06:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/16 06:14:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BGPQZ9W2.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BGPQZ9W2.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BGPQZ9W2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BGPQZ9W2.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BGPQZ9W2.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BGPQZ9W2.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BGPQZ9W2.DEFAULT\EXTENSIONS\[email protected]
[2009/11/19 05:01:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/01 17:42:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/08 06:46:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 17:30:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/02/28 21:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [rfagent] C:\Program Files\RFA 8\rfagent32.exe (KsL Software)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D461A80F-0CAA-41B9-847A-F0DE6B1D853C}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/19 04:39:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/09/15 06:34:18 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2011/09/15 06:34:26 | 000,000,016 | -H-- | M] () - G:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/17 08:04:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/16 06:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/09/16 06:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/16 06:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/09/15 06:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/09/15 06:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/09/15 06:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
[2011/09/14 16:26:37 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswMBR.exe
[2011/09/14 06:04:06 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/09/13 15:56:28 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2011/09/11 22:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\WinZip
[2011/09/11 22:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/09/11 22:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/09/11 22:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/09/07 17:56:26 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/09/01 20:52:19 | 000,000,000 | ---D | C] -- D:\My Documents\Labels
[2011/08/24 18:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2011/08/24 18:04:43 | 000,000,000 | ---D | C] -- D:\My Documents\SightSpeed Recordings
[2011/08/24 18:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\LogiShrd
[2011/08/24 17:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Leadertech
[2011/08/24 17:52:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\logishrd
[2011/08/24 17:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011/08/24 17:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2011/08/24 17:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/08/24 17:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/08/24 17:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011/08/23 20:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Skype
[2011/08/23 20:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/08/23 20:18:57 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/08/23 20:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/08/21 11:55:30 | 000,000,000 | ---D | C] -- D:\My Documents\Restoration
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/17 08:06:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/17 08:06:22 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2011/09/17 08:05:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/17 08:05:30 | 000,072,459 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2011/09/16 06:06:15 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/09/15 06:39:40 | 001,388,161 | ---- | M] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2011/09/15 06:31:16 | 000,823,346 | ---- | M] () -- C:\Documents and Settings\User\Desktop\USBVaccine.zip
[2011/09/14 19:00:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/14 16:26:45 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswMBR.exe
[2011/09/14 07:53:44 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/14 06:04:09 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/09/13 21:21:42 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/13 21:21:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/13 15:56:28 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2011/09/11 22:17:18 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/09/11 22:17:18 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/09/10 09:16:41 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/09/07 19:31:11 | 000,001,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Vid HD.lnk
[2011/09/07 19:28:38 | 000,001,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software .lnk
[2011/09/07 17:48:27 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/07 13:36:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/09/07 06:15:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/09/07 06:15:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/09/07 06:08:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/07 06:07:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/07 06:06:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/07 06:06:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/07 06:06:23 | 000,110,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/07 06:06:20 | 000,104,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/07 06:06:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/07 06:03:11 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/24 21:30:06 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/16 06:06:15 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/16 06:06:15 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/09/15 06:39:34 | 001,388,161 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2011/09/15 06:34:01 | 000,000,492 | ---- | C] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2011/09/15 06:31:15 | 000,823,346 | ---- | C] () -- C:\Documents and Settings\User\Desktop\USBVaccine.zip
[2011/09/13 21:14:52 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/11 22:17:18 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/09/11 22:17:18 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/09/10 09:16:41 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/09/07 17:48:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/24 18:08:36 | 000,001,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Vid HD.lnk
[2011/08/24 17:53:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/08/24 17:51:44 | 000,001,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software .lnk
[2011/08/23 20:19:07 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/12 22:39:08 | 000,130,592 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/12 18:20:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Application Data\downloads.m3u
[2011/05/23 18:57:32 | 000,000,340 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2011/05/23 18:57:30 | 000,000,144 | ---- | C] () -- C:\WINDOWS\INDEO.INI
[2011/05/04 08:55:42 | 000,000,212 | ---- | C] () -- C:\Documents and Settings\User\Application Data\default.rss
[2011/05/04 06:27:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/01 21:16:41 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL
[2011/05/01 16:19:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/06/04 04:12:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/05/15 07:26:06 | 010,879,000 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/15 07:26:06 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/15 07:25:58 | 000,333,336 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/15 07:17:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/02/11 01:24:47 | 000,004,940 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009/12/22 21:47:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/12/22 21:43:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/19 14:55:49 | 000,005,251 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/19 14:54:18 | 000,247,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/19 04:59:45 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/11/19 04:53:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/19 04:52:40 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/19 04:52:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/19 04:52:38 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/19 04:52:38 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/19 04:52:37 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/11/19 04:52:35 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/19 04:51:37 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/11/19 04:51:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/11/19 04:41:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/19 04:35:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/28 21:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 21:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 21:30:00 | 000,435,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 21:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 21:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 21:30:00 | 000,068,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 21:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 21:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 21:30:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 21:30:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 21:30:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 21:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/03/04 22:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/19 04:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/09/15 06:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/05/04 06:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Registry First Aid
[2011/09/11 08:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RFA_Backups
[2011/09/08 06:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2011/09/11 22:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/14 17:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/19 04:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canneverbe_Limited
[2011/08/24 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2009/11/19 05:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2011/05/01 00:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thunderbird
[2011/09/17 08:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2011/09/17 08:06:22 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\PandaUSBVaccine.job

========== Purity Check ==========



< End of report >
Hope that has done it.
OK were there some final steps yet to do regarding the Whistler?
cheers,
rmfoodie.
  • 0

#21
havredave
Posted 17 September 2011 - 04:20 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Sorry about taking a little extra time on the last response there. I got seriously distracted today. :)

For your disk error issue, I'd like to refer you to our hardware crew. You can create a new post here for help with that.

If you do ask for help there, it might help them if you mention I referred you, and give them a link back to this thread so they know you've been cleared for infections.


Ok, it's time to clean up our utilities. It's important to remove them now, so you can get fresh ones down the line should you ever need them again. Malware changes quickly, as do these tools, so it doesn't do much good to have old ones hanging about.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
C:\Documents and Settings\User\Desktop\aswMBR.exe
  • Then click the Run Fix button at the top. The fix will only take a few seconds. Close the resulting log that appears.
  • With OTL still open, click the Clean Up button and let it run. This will remove OTL and the utilities we've used during this cleaning process, then reboot.

Now that your computer appears to be clean, there are some steps you can take to help keep it clean.

Create a new restore point.
  • Why: We want to be able to restore to a known-good clean spot in the computer's history, and that would be right now, so let's take a snapshot.
  • How: Start -> Help and Support Center -> "Undo changes to your computer with System Restore". Tick the "Create a restore point" radio button, and press next. Give it a good name and click "Create", as above.
Keep temporary files cleaned out.
  • Why: This can not only help your machine run a bit faster with less clutter, but potentially clean out infected files before you even know they're there.
  • How: The easiest method for just about everyone to use is Windows' Disk Cleanup. This can be found by clicking Start and choosing Run in Windows XP/2000, or simply typing into the search box on Vista and Windows 7, and entering "cleanmgr" (without the quotes). It really is quite easy to use. The defaults should be fine.
Keep software up to date.
  • Why: Exploitable issues in software are found all the time, especially in network-aware software such as Windows itself, or your web browser and its addons.
  • How: For a normal user, there are a few programs I pay special attention to confirming that they're up to date: Adobe Reader, Adobe Flash, and Java, and of course Windows itself. To this list, add your antivirus and antispyware products, and your firewall product. For your antivirus, antispyware and firewall products, see the manufacturer documentation for the software in question. Typically you'll find an update feature under the help or tools pulldowns, or on a button somewhere on the software's interface. If you just can't figure out how to update one or more products, just ask - I'd be happy to help; let me know specifically what software it is and what version you have, and I'll try to provide clear instructions.
  • Adobe Reader: Start up Adobe Reader, click the Help pull-down, and choose "Check for Updates". Follow on-screen instructions to install any updates if applicable. Repeat this after each update until it tells you there are no updates available.
  • Adobe Flash: Follow the instructions here. Once you are finished, go here to download and install the newest version.
  • Java: Open your control panel (on the start menu) and find the Java icon. Depending on your control panel configuration and Windows version, this might be obvious, or it might be hidden a bit. You can click the "Programs" link on Vista and 7 to find it, or "Switch to Classic View" in the upper left corner in Windows XP (granted you're not already using classic view). If you can't find Java in any of those places, it's entirely possible you don't have it installed. That fine; if it is installed, it needs to be up to date. If it's not installed, ignore this step. There is a caveat here: If you run certain programs that require Java, you might find that they won't work with the newest version. If you do run into this situation, contact the software manufacturer and ask them what the newest version of Java is that their software supports, and where to obtain it.
  • Windows: On your start menu, under All Programs or Programs depending on your version, you'll find either Windows Update or Microsoft Update at the top of the menu. Click here and follow the instructions to install the high priority updates that are available. Optional updates are just that; you can install them, but you don't have to in most situations. Repeat this process until no further high priority updates are available.
Clear possibly infected restore pointsWhy: Having the ability to restore your system is a great thing, as long as you're not restoring an infection!
How: The most simple way to do this is to utilize Disk Cleanup, detailed above in the "Keep temporary files cleaned out" step. Simply click on the "More Options" tab, and use the system restore clean up button. This works with all versions of Windows that had system restore; namely, Windows ME and later. This will remove all but the most recent restore point on the system (that we created earlier), which is what we're after.Defragment
  • Why: Defragmenting your files helps your hard drive access them faster, and in as few sweeps of the read head as possible, reducing drive wear and tear.
  • How: Using the built-in Windows Disk Defragmenter is one safe option, found in Start -> All Programs -> Accessories -> System Tools. I would do this once a month unless the system is heavily used, then perhaps weekly.

There's also a good article here that goes into a few other details.

Happy computing!
  • 0

#22
rmfoodie
Posted 18 September 2011 - 04:24 AM

rmfoodie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
All done as suggested.
Thank you for all you have done to rid the pest.
I will follow the issue re the hardware.
All the best for the future and thanks for the time that you give to us,
cheers,
rmfoodie.
A quote that I use for me when I need it from Abraham Lincoln "Most folks are as happy as they make their minds up to be". A beauty, Yes?
RM.
  • 0

#23
Essexboy
Posted 18 September 2011 - 02:42 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP