Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan has disabled my internet and other windows features

Started by Purgle , Oct 08 2011 05:46 AM

  • This topic is locked This topic is locked

#1
Purgle
Posted 08 October 2011 - 05:46 AM

Purgle

    Member

  • Member
  • PipPip
  • 14 posts
Hi, I detected a trojan the other day which disabled my internet browsers. I ran Malwarebytes which found the trojan (Vondu I think) and fixed it. Unfortunately, whatever changes it made in my system must still be present as I still cant get any browsers to work and when I try to access things like my LAN settings the computer just hangs. It also prevents me from running things like Superantispyware.

I can log on in safe mode and get the internet and I've run Malwarebytes and Superantspyware from here and they don't find anything now.

Any help you can provide would be much appreciated.
Attached File  OTL.Txt   53.2KB   114 downloadsAttached File  aswMBR.txt   1.88KB   119 downloads

OTL logfile created on: 07/10/2011 18:59:20 - Run 6
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Admin Control\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 63.63% Memory free
6.72 Gb Paging File | 5.57 Gb Available in Paging File | 82.90% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 99.10 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 352.26 Gb Free Space | 75.63% Space Free | Partition Type: NTFS
Drive E: | 2.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PETER-PC | User Name: Admin Control | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/09/18 21:26:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Admin Control\Desktop\OTL.exe
PRC - [2011/09/18 00:16:00 | 003,495,256 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\avast.setup
PRC - [2011/09/06 21:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/01 17:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/05/28 05:32:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/01/24 19:35:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011/01/24 19:35:30 | 000,324,320 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
PRC - [2010/10/16 13:42:12 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/08/09 09:10:32 | 002,953,112 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/03/18 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/02/27 18:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/09/05 15:43:24 | 000,389,448 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/09/05 15:43:14 | 001,261,384 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/01 14:41:55 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll
MOD - [2011/07/01 14:41:34 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011/07/01 14:40:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011/07/01 14:40:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/07/01 14:40:02 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/07/01 14:39:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/07/01 14:37:14 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/07/01 14:37:02 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/07/01 14:36:55 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/07/01 14:36:44 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2011/07/01 14:36:10 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/07/01 14:35:58 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/05/28 14:47:00 | 000,127,376 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2011/01/24 19:35:58 | 002,896,608 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/01/24 19:35:54 | 000,026,848 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/01/24 19:35:30 | 000,324,320 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
MOD - [2010/08/09 09:10:32 | 002,953,112 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/22 23:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/04 01:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2008/07/27 19:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/09/05 15:43:18 | 000,037,704 | ---- | M] () -- C:\Program Files\Webroot\Washer\Languages\English.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (LBTServ)
SRV - [2011/09/28 17:30:41 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/01 17:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/01/24 19:35:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/06/17 16:39:57 | 003,505,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/12/22 00:34:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/02/27 18:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Start_Pending] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/05 15:43:24 | 000,389,448 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 18:46:12 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/09/25 19:00:08 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/09/25 19:00:08 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/09/06 21:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 21:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 21:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 21:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 21:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 21:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/07 14:32:29 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2010/10/16 19:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/04/27 02:55:42 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/13 09:56:08 | 000,230,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\U6000ALL.sys -- (U6000ALL) U6000 TV Box(ALL)
DRV - [2007/07/13 03:22:50 | 000,035,072 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/07/13 03:22:50 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/07/13 03:22:38 | 000,135,168 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH0BAC.sys -- (SaiH0BAC)
DRV - [2007/05/01 15:34:56 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiHFF12.sys -- (SaiHFF12)
DRV - [2007/05/01 15:34:56 | 000,016,256 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiIFF12.sys -- (SaiIFF12) Immersion's HID USB Driver (FF12)
DRV - [2007/04/11 15:32:46 | 000,010,640 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2007/03/29 09:29:44 | 000,401,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\t3.sys -- (t3) Sound Blaster X-Fi Xtreme Audio (Vista)
DRV - [2007/01/04 10:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006/10/18 22:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005/01/04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-2157187852-3988093465-919591621-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2157187852-3988093465-919591621-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2157187852-3988093465-919591621-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor


O1 HOSTS File: ([2011/09/23 20:45:05 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SPIRunE] C:\Windows\System32\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2157187852-3988093465-919591621-1002..\Run: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2157187852-3988093465-919591621-1002..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKU\S-1-5-21-2157187852-3988093465-919591621-1002..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2157187852-3988093465-919591621-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2157187852-3988093465-919591621-1002..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2157187852-3988093465-919591621-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfr..._instmodule.exe (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1049 (SonyOnlineInstallerX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF7AB2E2-9DB0-40C0-893A-06CB3D30FA28}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/06 18:21:16 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 21:00:00 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/07 18:38:54 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/07 17:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/07 17:19:36 | 000,000,000 | ---D | C] -- C:\Users\Admin Control\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/07 17:18:22 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/10/07 17:17:06 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/07 17:12:31 | 004,247,628 | R--- | C] (Swearware) -- C:\Users\Admin Control\Desktop\ComboFix.exe
[2011/10/03 23:15:37 | 000,000,000 | ---D | C] -- C:\Users\Admin Control\AppData\Roaming\Malwarebytes
[2011/09/25 19:00:08 | 000,056,336 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/09/24 08:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/09/24 08:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/09/23 22:06:28 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin Control\Desktop\TDSSKiller.exe
[2011/09/23 22:05:37 | 000,000,000 | ---D | C] -- C:\Users\Admin Control\AppData\Roaming\WinRAR
[2011/09/23 17:49:10 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Admin Control\Desktop\aswMBR.exe
[2011/09/23 17:46:32 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Admin Control\Desktop\OTL.exe
[2011/09/22 21:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/22 21:36:11 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/18 21:38:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/18 00:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/18 00:10:51 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/09/18 00:10:51 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/09/18 00:10:46 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/09/18 00:10:46 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/09/18 00:10:45 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/09/18 00:10:43 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/09/18 00:09:28 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/09/18 00:09:28 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/18 00:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/09/18 00:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/17 23:27:21 | 000,000,000 | ---D | C] -- C:\Users\Admin Control\AppData\Local\PMB Files
[2011/09/17 21:06:22 | 000,000,000 | ---D | C] -- C:\Kontiki
[2011/09/17 18:09:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/09/17 16:04:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/17 16:04:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/17 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\Admin Control\AppData\Local\temp
[2011/09/17 14:43:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/17 14:37:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/16 15:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2011/09/11 17:45:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/09/10 14:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2010/03/13 20:12:51 | 002,897,168 | ---- | C] (Valve Corporation) -- C:\Program Files\Steam.dll

========== Files - Modified Within 30 Days ==========

[2011/10/07 19:05:00 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{84FB0170-63CA-4306-B427-861802DC3A15}.job
[2011/10/07 19:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{77EAD354-6971-4C48-B955-B80ED5FCC074}.job
[2011/10/07 19:04:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{736DE30D-D232-4359-94D9-0431FDDBF5D2}.job
[2011/10/07 19:02:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D5E81EDF-FEFE-4955-839F-5CCB026E3E4B}.job
[2011/10/07 18:46:12 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/07 18:20:02 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 18:20:01 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 18:18:43 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/07 18:18:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/07 17:57:19 | 3486,662,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/07 17:48:28 | 000,002,539 | ---- | M] () -- C:\Users\Admin Control\Desktop\HiJackThis.lnk
[2011/10/07 17:14:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/07 17:06:17 | 004,247,628 | R--- | M] (Swearware) -- C:\Users\Admin Control\Desktop\ComboFix.exe
[2011/10/07 16:39:39 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\Orange Broadband.lnk
[2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/09/25 05:41:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/09/24 20:31:22 | 000,001,887 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/09/24 20:31:22 | 000,001,887 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/09/24 18:35:22 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/24 18:35:22 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/23 22:04:31 | 001,528,215 | ---- | M] () -- C:\Users\Admin Control\Desktop\tdsskiller.zip
[2011/09/23 20:45:05 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/09/23 17:49:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin Control\Desktop\aswMBR.exe
[2011/09/23 07:43:34 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin Control\Desktop\TDSSKiller.exe
[2011/09/22 21:36:16 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/18 21:26:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Admin Control\Desktop\OTL.exe
[2011/09/18 00:16:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/09/18 00:10:52 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/17 23:46:18 | 000,002,487 | ---- | M] () -- C:\Users\Admin Control\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/09/17 23:46:18 | 000,002,463 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/09/16 15:32:39 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2011/09/10 14:48:21 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/09/10 14:48:21 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk

========== Files Created - No Company Name ==========

[2011/10/07 17:19:36 | 000,002,539 | ---- | C] () -- C:\Users\Admin Control\Desktop\HiJackThis.lnk
[2011/10/07 17:08:12 | 3486,662,656 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/23 22:04:22 | 001,528,215 | ---- | C] () -- C:\Users\Admin Control\Desktop\tdsskiller.zip
[2011/09/22 21:36:16 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/18 00:10:52 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/17 23:46:18 | 000,002,487 | ---- | C] () -- C:\Users\Admin Control\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/09/16 15:32:39 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2011/09/10 14:48:21 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/09/10 14:48:21 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
[2011/04/11 19:10:52 | 002,687,352 | ---- | C] () -- C:\Program Files\ClientRegistry.blob
[2010/07/10 09:03:01 | 000,230,784 | ---- | C] () -- C:\Windows\System32\drivers\U6000ALL.sys
[2009/12/22 00:27:53 | 000,107,071 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/22 00:27:52 | 000,107,071 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/22 00:26:19 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/12/22 00:26:19 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/08/26 06:29:28 | 000,148,480 | ---- | C] () -- C:\Windows\System32\OemSpiE.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 14:32:50 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/07/15 09:22:48 | 000,032,914 | ---- | C] () -- C:\Windows\System32\t3.ini
[2009/05/02 11:47:56 | 000,000,515 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/03/23 20:17:19 | 000,000,680 | ---- | C] () -- C:\Users\Admin Control\AppData\Local\d3d9caps.dat
[2009/01/14 03:47:24 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009/01/14 03:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009/01/14 03:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009/01/14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009/01/14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009/01/14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009/01/14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009/01/14 03:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009/01/14 03:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009/01/14 03:47:24 | 000,000,821 | R--- | C] () -- C:\Windows\Cfg02Sp.ini
[2009/01/14 03:47:24 | 000,000,819 | R--- | C] () -- C:\Windows\Cfg03Sp.ini
[2009/01/14 03:47:24 | 000,000,730 | R--- | C] () -- C:\Windows\Cfg01Sp.ini
[2009/01/14 03:47:24 | 000,000,548 | R--- | C] () -- C:\Windows\Cfg01APR.ini
[2009/01/14 03:47:24 | 000,000,455 | R--- | C] () -- C:\Windows\Cfg02Hp.ini
[2009/01/14 03:47:24 | 000,000,455 | R--- | C] () -- C:\Windows\Cfg02DO.ini
[2009/01/14 03:47:24 | 000,000,455 | R--- | C] () -- C:\Windows\Cfg01Hp.ini
[2009/01/14 03:47:24 | 000,000,455 | R--- | C] () -- C:\Windows\Cfg01DO.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03RMi.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03RLI.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03Hp.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03FMi.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03DO.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03DI.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02RMi.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02RLI.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02FMi.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02DI.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01Mic.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01LI.ini
[2009/01/14 03:47:24 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01DI.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009/01/14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2008/12/26 11:59:06 | 000,839,680 | ---- | C] () -- C:\Windows\System32\SaiC0BAC.Dll
[2008/12/26 11:59:06 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0C.dll
[2008/12/26 11:59:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_10.dll
[2008/12/26 11:59:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0A.dll
[2008/12/26 11:59:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_07.dll
[2008/12/26 11:59:06 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_09.dll
[2008/12/26 11:59:06 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0402.dll
[2008/12/26 11:59:06 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_11.dll
[2008/11/15 20:01:22 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2008/08/25 07:22:37 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/25 07:22:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/06 19:01:04 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
[2008/07/06 18:21:16 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
[2008/07/06 18:21:16 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2008/07/06 18:21:16 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
[2008/07/06 18:21:16 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
[2008/07/06 18:21:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2008/06/20 23:41:51 | 000,000,101 | ---- | C] () -- C:\Users\Admin Control\AppData\Local\fusioncache.dat
[2008/05/31 11:09:35 | 000,006,656 | ---- | C] () -- C:\Users\Admin Control\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/31 10:36:57 | 000,000,145 | ---- | C] () -- C:\Windows\System32\EBPPORT.DAT
[2008/05/31 10:35:05 | 000,000,022 | ---- | C] () -- C:\Windows\epver32.dat
[2008/05/18 13:07:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/05/17 16:30:28 | 000,130,048 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008/05/17 16:18:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/05/17 15:00:57 | 000,116,736 | ---- | C] () -- C:\Windows\Uninstall_Livebox.EXE
[2008/05/14 16:15:36 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008/05/14 15:56:50 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/05/14 15:56:48 | 000,012,358 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/05/14 15:56:40 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007/06/08 19:12:12 | 000,262,144 | ---- | C] () -- C:\Windows\System32\GTTunerCard.dll
[2007/05/01 15:34:56 | 002,011,136 | ---- | C] () -- C:\Windows\System32\SaiCFF12.Dll
[2007/05/01 15:34:56 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiCFF12_0C.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF12_10.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF12_0A.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF12_07.dll
[2007/05/01 15:34:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiCFF12_09.dll
[2007/05/01 15:34:56 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiCFF12_0402.dll
[2007/05/01 15:34:56 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiCFF12_11.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,411,024 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/07/29 02:19:46 | 000,175,104 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2003/06/28 14:34:20 | 000,069,707 | ---- | C] () -- C:\Windows\System32\DISP_OPT1.dll

========== LOP Check ==========

[2011/08/29 13:34:26 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\IObit
[2010/11/26 00:01:50 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\Memeo
[2009/04/26 10:51:04 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\Nokia
[2009/02/03 08:49:24 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\PC Suite
[2010/11/26 00:01:48 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\Seagate
[2009/05/01 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\Sierra
[2011/01/16 19:28:57 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\Sierra Entertainment
[2010/02/08 23:54:17 | 000,000,000 | ---D | M] -- C:\Users\Admin Control\AppData\Roaming\Trusteer
[2011/03/31 09:52:05 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\IObit
[2009/12/14 21:14:35 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\LEGO Company
[2010/11/26 16:48:48 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\Memeo
[2011/06/28 20:00:45 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\NCH Swift Sound
[2009/02/25 18:35:52 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\PC Suite
[2010/11/26 16:48:30 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\Seagate
[2009/06/06 16:40:33 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\Sierra
[2009/06/06 16:20:58 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\SPORE Creature Creator
[2010/02/07 09:37:28 | 000,000,000 | ---D | M] -- C:\Users\Benj & James\AppData\Roaming\Trusteer
[2010/02/27 08:49:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/02/27 08:49:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2010/11/07 21:48:10 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\FOG Downloader
[2011/03/06 13:59:25 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\IMVU
[2010/10/26 14:04:52 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\IMVUClient
[2011/04/03 17:51:04 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\IObit
[2010/11/28 07:51:48 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Memeo
[2009/11/21 20:29:32 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\NCH Swift Sound
[2010/09/19 11:27:31 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Notepad++
[2009/11/14 16:32:57 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\PC Suite
[2010/11/28 07:51:42 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Seagate
[2010/06/11 15:41:50 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Sierra
[2011/04/03 18:28:19 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\SPORE
[2010/02/08 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Trusteer
[2011/03/06 13:59:22 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Upyg
[2010/10/26 14:29:35 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Vivox
[2010/04/26 02:37:17 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Vunat
[2011/10/03 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\.minecraft
[2008/06/15 13:33:02 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\AVSMedia
[2009/06/07 10:10:26 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\CD-LabelPrint
[2011/09/10 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\IObit
[2010/11/24 21:51:54 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Leadertech
[2009/12/06 15:08:51 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\LEGO Company
[2010/11/24 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Memeo
[2009/10/05 16:23:53 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\NCH Swift Sound
[2009/02/08 23:59:54 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\Nokia
[2011/08/29 18:33:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Notepad++
[2009/02/02 21:30:27 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\PC Suite
[2008/07/06 19:00:30 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\proDAD
[2011/06/11 14:39:21 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Seagate
[2009/04/10 07:28:03 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Sierra
[2011/01/17 16:50:41 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\Sierra Entertainment
[2011/03/28 21:50:29 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\SPORE
[2011/07/08 19:11:37 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TomTom
[2010/02/06 12:16:40 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Trusteer
[2010/08/10 17:54:12 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\Utherverse
[2010/09/22 08:05:53 | 000,000,000 | -H-D | M] -- C:\Users\Peter\AppData\Roaming\Vso
[2011/10/07 17:56:31 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/07 19:04:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{736DE30D-D232-4359-94D9-0431FDDBF5D2}.job
[2011/10/07 19:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{77EAD354-6971-4C48-B955-B80ED5FCC074}.job
[2011/10/07 19:05:00 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{84FB0170-63CA-4306-B427-861802DC3A15}.job
[2011/10/07 19:02:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D5E81EDF-FEFE-4955-839F-5CCB026E3E4B}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/05/19 16:00:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/05/19 16:00:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 08 October 2011 - 07:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, firstly when you are in normal mode have you run the windows network troubleshooter ? Right click the network icon and select troubleshoot



I see you have run Combofix could you post that log please, it should be at c:\combofix.txt

If the troubleshooter fails then do the following please

Open Services...
Start > Run > Type: services.msc > Click OK
Scroll down to and double click DNS Client
Set to Automatic under Startup type
Click the Apply button
Click the Start button
When it starts click OK

Repeat for DHCP Client.
And repeat for Remote Procedure Call (RPC).

When done, close Services.

Try the connection again
  • 0

#3
Purgle
Posted 08 October 2011 - 10:05 AM

Purgle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for coming back to me, the Diagnose & Repair function in normal mode says the the internet connection is working correctly. I've done as you said with the services, only the RPC was set to Manual the DNS and DCHP were both already set to Automatic. I've tried the connection again but still no luck. I've attached the combofix log as you asked. Help is much appreciated.

ComboFix 11-10-08.01 - Admin Control 08/10/2011 16:26:46.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3326.1900 [GMT 1:00]
Running from: c:\users\Admin Control\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 )))))))))))))))))))))))))))))))
.
.
2011-10-08 15:42 . 2011-10-08 15:42 -------- d-----w- c:\users\Peter\AppData\Local\temp
2011-10-08 15:42 . 2011-10-08 15:42 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-10-08 15:42 . 2011-10-08 15:42 -------- d-----w- c:\users\James\AppData\Local\temp
2011-10-08 15:42 . 2011-10-08 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-08 15:42 . 2011-10-08 15:42 -------- d-----w- c:\users\Benj & James\AppData\Local\temp
2011-10-08 13:40 . 2011-10-08 13:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E19FB37-7A36-4263-86D3-563FFAF1077F}\offreg.dll
2011-10-08 13:07 . 2011-10-08 13:07 -------- d-----w- c:\windows\system32\SPReview
2011-10-08 12:49 . 2009-04-10 20:42 27648 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-10-08 12:33 . 2011-10-08 12:33 -------- d-----w- c:\windows\system32\EventProviders
2011-10-08 10:23 . 2011-10-08 10:45 -------- d-----w- c:\programdata\ParetoLogic
2011-10-08 10:23 . 2011-10-08 10:23 -------- d-----w- c:\program files\ParetoLogic
2011-10-07 22:42 . 2011-10-07 22:42 -------- d-----w- c:\users\Admin Control\AppData\Local\iMesh
2011-10-07 16:19 . 2011-10-07 16:19 388096 ----a-r- c:\users\Admin Control\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-07 16:19 . 2011-10-07 16:19 -------- d-----w- c:\program files\Trend Micro
2011-10-07 16:14 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E19FB37-7A36-4263-86D3-563FFAF1077F}\mpengine.dll
2011-10-04 09:49 . 2011-10-04 09:49 -------- d-----w- c:\users\Peter\AppData\Local\76561198022351487
2011-10-03 22:15 . 2011-10-03 22:15 -------- d-----w- c:\users\Admin Control\AppData\Roaming\Malwarebytes
2011-10-02 20:00 . 2011-10-02 20:00 -------- d-----w- c:\users\Peter\Tracing
2011-09-27 14:50 . 2011-09-27 14:50 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
2011-09-26 18:58 . 2011-10-01 13:56 -------- d-----w- c:\users\Public\Minecraft Mods
2011-09-25 18:00 . 2011-09-25 18:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-09-24 07:11 . 2011-09-24 07:11 -------- d-----w- c:\program files\7-Zip
2011-09-22 20:36 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-18 20:38 . 2011-09-18 20:38 -------- d-----w- C:\_OTL
2011-09-17 23:10 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-17 23:10 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-17 23:10 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-17 23:10 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-17 23:10 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-17 23:10 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-17 23:09 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-17 23:09 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-17 23:09 . 2011-09-17 23:09 -------- d-----w- c:\programdata\AVAST Software
2011-09-17 23:09 . 2011-09-17 23:09 -------- d-----w- c:\program files\AVAST Software
2011-09-17 22:27 . 2011-09-30 09:06 -------- d-----w- c:\users\Admin Control\AppData\Local\PMB Files
2011-09-17 20:06 . 2011-09-17 20:06 -------- d-----w- C:\Kontiki
2011-09-17 15:04 . 2011-10-08 15:43 -------- d-----w- c:\users\Admin Control\AppData\Local\temp
2011-09-14 15:57 . 2011-10-03 19:00 -------- d-----w- c:\users\Peter\AppData\Roaming\.minecraft
2011-09-11 19:08 . 2011-09-11 19:08 -------- d-----w- c:\users\Peter\AppData\Local\Arktos
2011-09-11 19:08 . 2011-09-11 19:08 -------- d-----w- c:\users\Peter\AppData\Local\CrashRpt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 22:53 . 2011-07-22 22:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 04:05 . 2010-10-16 09:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2009-11-27 00:45 . 2010-03-13 19:12 2897168 ----a-w- c:\program files\Steam.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-09-05 1261384]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-08-09 2953112]
"BrowserChoice"="c:\windows\System32\browserchoice.exe" [2010-02-12 293376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SPIRunE"="SPIRunE.dll" [2007-02-16 14848]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-05 421160]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-21 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2157187852-3988093465-919591621-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 136176]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-21 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 136176]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-17 3505768]
R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [2007-07-13 135168]
R3 SaiHFF12;SaiHFF12;c:\windows\system32\DRIVERS\SaiHFF12.sys [2007-05-01 132232]
R3 SaiIFF12;Immersion's HID USB Driver (FF12);c:\windows\system32\DRIVERS\SaiIFF12.sys [2007-05-01 16256]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\DRIVERS\U6000ALL.sys [2007-07-13 230784]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-09-25 56336]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-08-07 216912]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-09-25 70416]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-09-25 161936]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2007-04-11 10640]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-09-25 919352]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-09-05 389448]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-04-27 47104]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-22 47360]
S3 t3;Sound Blaster X-Fi Xtreme Audio (Vista);c:\windows\system32\drivers\t3.sys [2007-03-29 401408]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 19:45]
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 19:45]
.
2011-10-08 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-10-08 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-10-08 c:\windows\Tasks\User_Feed_Synchronization-{77EAD354-6971-4C48-B955-B80ED5FCC074}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
2011-10-08 c:\windows\Tasks\User_Feed_Synchronization-{84FB0170-63CA-4306-B427-861802DC3A15}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
2011-10-08 c:\windows\Tasks\User_Feed_Synchronization-{9A193942-9333-472C-9B31-FCD59295920D}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
2011-10-08 c:\windows\Tasks\User_Feed_Synchronization-{D5E81EDF-FEFE-4955-839F-5CCB026E3E4B}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-SOE-Free Realms - c:\users\Admin Control\AppData\LocalLow\Sony Online Entertainment\Installed Games\Free Realms\Uninstaller.exe
AddRemove-UnityWebPlayer - c:\users\Admin Control\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-08 16:43
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\ADMINC~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2157187852-3988093465-919591621-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4116)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2011-10-08 16:46:37
ComboFix-quarantined-files.txt 2011-10-08 15:46
.
Pre-Run: 115,318,616,064 bytes free
Post-Run: 115,365,470,208 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,90
- - End Of File - - 537EB40BBD152CA3006C70143E581B06
  • 0

#4
Essexboy
Posted 08 October 2011 - 12:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next phase - could you run the Fixit on this MS page please and let me know the result

THEN

Looking a bit deeper

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

#5
Purgle
Posted 08 October 2011 - 12:43 PM

Purgle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I've run the Fixit but nothings changed, downloading the Kaspersky Virus Tool now.
  • 0

#6
Essexboy
Posted 08 October 2011 - 01:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I must admit I did not feel it was that, otherwise you would experience the same problem in safe mode
  • 0

#7
Purgle
Posted 09 October 2011 - 01:46 AM

Purgle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I ran the Automatic Scan, it took about 17 hours but it didn't detect any threats so obviously I can't attach any report. I've gathered the system information and attached that as you said.

Seems like the infection has gone but its left a trail of destruction in its wake on my machine, really appreciate your continued support.Attached File  avptool_sysinfo.zip   21.8KB   167 downloads
  • 0

#8
Essexboy
Posted 09 October 2011 - 02:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Definitely no malware present - so as you say we are in the repair phase now, which is always the most difficult. Lets see if the system can repair itself first

1.Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
2.Type the following command, and then press ENTER:

sfc /scannow

On completion retry the net from normal mode and let me know what error is displayed
  • 0

#9
Purgle
Posted 09 October 2011 - 06:17 AM

Purgle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I ran the scan from Normal Mode, I assume that was correct, it found some corrupt files and repaired them. Tried the internet connect on ie and all that happens is the cursor turns to the circle timer for about 6 seconds then goes back to the normal mouse pointer again. If I look in the processes for task manager it tells me iexplore.exe is running but the browser isnt open.
  • 0

#10
Essexboy
Posted 09 October 2011 - 07:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next trick from safe mode download IE9 and then install

Once installed try again from normal mode

Then I would like a fresh OTL scan please

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    netbt.*
    netbios.*
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • 0

Advertisements

#11
Purgle
Posted 09 October 2011 - 11:53 AM

Purgle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Essexboy, got real problems now, in order to install ie9 it prompted me to install Vista Service Pack 2 which I've tried to do. Unfortuantely, it has got half way through as normal enforced the restart of the computer and then began copying some files over in the cmd prompt it copies about 20 files then hangs when trying to do anything with the following file !! 0xc0190036 !! 756/49769 (adsldpc.dll).

I've tried to reset and start in safe mode but it just hangs after loading the drivers and wont go into Windows. Really stuck now, need help again !!

Thanks,
  • 0

#12
Essexboy
Posted 09 October 2011 - 04:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have the Vista CD ?
  • 0

#13
Purgle
Posted 10 October 2011 - 08:17 AM

Purgle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yes I've got the CD, I tried running a repair and it ran a disc check and fixed some errors but when it rebooted it just hung again at exactly the same point.
  • 0

#14
Essexboy
Posted 10 October 2011 - 11:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok what we need to do is run SFC /scannow from the command prompt

When you boot with the disc you will see this . Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following

  • sfc /scannow
  • Once finished type Exit


Then let me know if that reboots normally
  • 0

#15
Purgle
Posted 10 October 2011 - 11:26 AM

Purgle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
typed the command from x:\Sources and got the following messages

"Beginning system scan. This process will take some time."

"Windows Resource Protection could not perform the requested operation."
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP