Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Internet download hijack?

Started by jan_jan64 , Nov 08 2011 04:05 PM

This topic is locked

#1
jan_jan64

Posted 08 November 2011 - 04:05 PM

Member

Member
44 posts

Hi all!

So a while ago i got a really bad virus on my pc, i dont know which it was i think it was several, which hijacked my internet explorer, re-directed all my internet searches and wouldnt let me access anti-virus sites or download anything. Thankfully after looooots of work i was able to get my computer to work again. However, now even though it functions, im having a few problems, my anti-virus programs arent getting anything and id really appreciate some help.

Now whenever i download something, the setup icon appears and i click to install or run, but i keep getting the same setup box - which makes me install browser search tool bars and other stuff, without then continuing to the program setup (which of course makes me think its a virus). Ive tried to install various and open various different things (including MSN messenger which for some reason is completely corrupted and wont work. I removed it but its still there, crashes every time i open it, or tells me there's an error every time i try to access the download site), but its always the same box asking me to download the same stuff, and none of my programs/downloads are opening!

Of course ive been trying to search the internet for help but ive only been able to find information about google/browser hijacks (none of which was around when i got the original virus, sadly), so please if anyone can help i would greatly appreciate it!

Thank you in advance,

Jan.

#2
jan_jan64

Posted 08 November 2011 - 04:29 PM

Member

Topic Starter
Member
44 posts

NOTE: when the setup files run, it says the program is made by Artua Vladislav. Dont know if that helps, is that the name of a know virus/virus maker?

#3
Essexboy

Posted 08 November 2011 - 04:30 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi could you download and run this programme please

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#4
jan_jan64

Posted 08 November 2011 - 04:44 PM

Member

Topic Starter
Member
44 posts

OK great thanks!

UPDATE - yeah i cannot access any websites where antivirus programs can be downloaded from, nor can i update firefox.

SO - RKill:

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: Scan -- Date : 11/08/2011 23:32:24

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt

OTL:

OTL logfile created on: 08/11/2011 23:37:31 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 86.24% Memory free
4.84 Gb Paging File | 4.52 Gb Available in Paging File | 93.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 499.09 Gb Free Space | 83.72% Space Free | Partition Type: NTFS

Computer Name: USER-F43426A450 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 23:32:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.scr
PRC - [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/10/08 17:34:22 | 004,441,944 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2011/05/05 00:37:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/09 17:19:50 | 000,870,232 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\Scan.dll
MOD - [2011/06/23 13:41:30 | 000,138,752 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
MOD - [2011/05/05 00:37:14 | 001,874,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/11/26 12:18:08 | 000,175,616 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\unrar.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/20 18:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/02/05 01:01:09 | 001,181,328 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/11/08 23:32:13 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/10/08 17:04:42 | 000,239,472 | ---- | M] () [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/09/20 14:29:32 | 000,016,208 | ---- | M] (IObit.com) [Kernel | Disabled | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/09/20 14:29:30 | 000,030,368 | ---- | M] (IObit.com) [Kernel | Disabled | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/23 13:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/26 22:15:50 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/05/05 18:35:40 | 005,069,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/02 06:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://verydemotivational.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.01.110409
FF - prefs.js..keyword.URL: "http://search.sweeti...h.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9100749F-A31F-45BA-8670-14EB46DBDE69}: C:\Documents and Settings\user\Local Settings\Application Data\{9100749F-A31F-45BA-8670-14EB46DBDE69} [2011/04/20 15:00:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 00:37:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/20 16:30:27 | 000,000,000 | ---D | M]

[2009/11/06 12:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2011/11/08 22:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t48c9v8k.default\extensions
[2011/11/01 19:16:01 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t48c9v8k.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/10/09 13:46:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t48c9v8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/18 23:24:39 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t48c9v8k.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2011/03/10 02:26:09 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t48c9v8k.default\extensions\[email protected]
[2011/06/02 00:38:02 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t48c9v8k.default\extensions\[email protected]
[2011/11/01 19:15:53 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t48c9v8k.default\searchplugins\sweetim.xml
[2011/04/20 15:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/16 13:21:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/05 00:37:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/05 00:37:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/23 12:11:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-507921405-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-507921405-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-507921405-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-725345543-507921405-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A504F2C7-3B74-4D11-937E-3937D877040B}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\rikoofph\apndaole.exe) -C:\Program Files\rikoofph\apndaole.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/10 13:37:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 23:32:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.scr
[2011/11/08 23:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\RK_Quarantine
[2011/11/08 23:25:07 | 000,237,624 | ---- | C] (Premium) -- C:\Documents and Settings\user\Desktop\Setup (45).exe
[2011/11/08 23:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/11/08 22:29:16 | 000,237,624 | ---- | C] (Premium) -- C:\Documents and Settings\user\Desktop\Setup (72).exe
[2011/11/05 22:43:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/11/04 18:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Hoshi
[2011/11/04 18:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Sekitou Elegy
[2011/11/01 20:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Steam
[2011/11/01 20:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/11/01 20:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/11/01 20:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam
[2011/11/01 19:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Premium
[2011/11/01 19:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/11/01 19:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\rome
[2011/11/01 18:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\AgeofEmpires
[2011/11/01 17:42:58 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011/11/01 17:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Firaxis Games
[2011/11/01 17:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Firaxis Games
[2011/11/01 17:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Firaxis Games
[2011/11/01 12:02:04 | 000,000,000 | ---D | C] -- C:\9da4edaf115bd2222c5ee615fdf0
[2011/11/01 00:23:57 | 000,000,000 | ---D | C] -- C:\4558fefb04c45cd65c0e24eeb59b
[2011/10/31 21:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\IObit
[2011/10/10 11:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DivX
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/08 23:32:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.scr
[2011/11/08 23:32:13 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/08 23:32:08 | 000,744,448 | ---- | M] () -- C:\Documents and Settings\user\Desktop\RogueKiller.exe
[2011/11/08 23:25:07 | 000,237,624 | ---- | M] (Premium) -- C:\Documents and Settings\user\Desktop\Setup (45).exe
[2011/11/08 23:21:00 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/11/08 23:16:58 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/11/08 23:16:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/08 22:29:16 | 000,237,624 | ---- | M] (Premium) -- C:\Documents and Settings\user\Desktop\Setup (72).exe
[2011/11/07 18:09:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/06 12:41:23 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/06 00:56:01 | 000,173,419 | ---- | M] () -- C:\WINDOWS\Explorermgr.exe
[2011/11/05 13:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/02 17:55:47 | 000,433,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/02 17:55:47 | 000,067,768 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/02 17:53:58 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/01 20:33:56 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/11/01 19:15:48 | 000,173,419 | ---- | M] () -- C:\WINDOWS\System32\MsiExecmgr.exe
[2011/11/01 17:42:58 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011/11/01 16:29:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/10 11:16:37 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/08 23:32:13 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/08 23:32:07 | 000,744,448 | ---- | C] () -- C:\Documents and Settings\user\Desktop\RogueKiller.exe
[2011/11/08 23:21:00 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/11/01 20:33:56 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/11/01 19:15:48 | 000,173,419 | ---- | C] () -- C:\WINDOWS\System32\MsiExecmgr.exe
[2011/10/10 11:18:52 | 734,950,422 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Le Parrain 2.avi
[2011/10/10 11:18:29 | 734,921,334 | ---- | C] () -- C:\Documents and Settings\user\Desktop\LE PARRAIN 1.AVI
[2011/10/10 11:18:05 | 738,714,398 | ---- | C] () -- C:\Documents and Settings\user\Desktop\True.Grit.2010.VOSTFR.BDRiP.XviD.REPACK.avi
[2011/10/10 11:17:42 | 732,510,208 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Tron.Legacy.2010.VOSTFR.DVDRiP.XViD-RAW.WWW.FILMS-DONW.COM.avi
[2011/10/10 11:17:17 | 734,370,266 | ---- | C] () -- C:\Documents and Settings\user\Desktop\LE PARRAIN 3.AVI
[2011/04/23 12:11:18 | 000,173,419 | ---- | C] () -- C:\WINDOWS\System32\rundll32mgr.exe
[2011/04/20 16:16:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/20 16:16:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/20 16:16:03 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/20 16:16:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/20 16:16:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/20 15:01:53 | 000,173,419 | ---- | C] () -- C:\WINDOWS\Explorermgr.exe
[2011/04/17 01:38:41 | 000,012,462 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\5g1yme7y6roee78q8t05400yiy3m
[2011/04/17 01:38:41 | 000,012,462 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5g1yme7y6roee78q8t05400yiy3m
[2011/04/05 13:32:00 | 000,103,167 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2011/04/05 13:29:30 | 000,103,193 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp
[2011/04/05 13:29:30 | 000,004,445 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp
[2011/04/05 13:17:12 | 000,004,445 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2011/04/05 13:17:09 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/04/01 18:13:27 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/01 17:35:44 | 000,000,327 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2011/04/01 16:50:37 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Fqiciv.dat
[2011/03/14 02:27:07 | 000,357,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/20 16:20:40 | 000,020,886 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2010/03/14 12:53:23 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2010/01/11 13:41:38 | 000,024,976 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/06 12:04:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/04 19:42:11 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/11/04 19:21:58 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/04 18:15:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2009/11/04 18:15:15 | 000,005,224 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2009/09/23 19:50:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/09/18 14:15:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009/09/18 14:15:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009/09/16 19:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/09/11 15:29:37 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/10 14:19:55 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/09/10 13:38:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/10 13:34:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/10 11:47:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/10 11:46:16 | 000,122,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/01 02:31:10 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/05/01 02:31:08 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/05/01 02:31:08 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/05/01 02:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 02:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 02:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 02:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/05/01 00:02:00 | 001,579,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/10/07 11:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 11:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,433,130 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,067,768 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1998/10/11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2009/09/10 15:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2011/03/29 21:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ConeXware
[2011/11/08 23:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/04/12 21:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/11/26 20:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/11/01 19:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2011/03/14 01:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/03/22 00:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/03/22 00:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2011/04/20 14:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}(2)
[2009/11/04 19:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/20 14:59:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2011/05/26 12:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\.anki
[2011/01/11 18:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\.matplotlib
[2009/09/10 15:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ashampoo
[2009/12/16 13:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/26 19:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\deskPDF
[2010/11/26 20:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Downloaded Installations
[2011/03/31 11:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\gtk-2.0
[2011/06/12 10:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IceChat
[2010/03/03 14:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterVideo
[2011/11/08 23:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IObit
[2010/11/26 20:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nitro PDF
[2009/12/16 13:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org
[2011/03/14 01:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Research In Motion
[2011/11/05 13:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2011/04/13 10:17:26 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >

EXTRAS:

OTL Extras logfile created on: 08/11/2011 23:37:31 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 86.24% Memory free
4.84 Gb Paging File | 4.52 Gb Available in Paging File | 93.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 499.09 Gb Free Space | 83.72% Space Free | Partition Type: NTFS

Computer Name: USER-F43426A450 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-725345543-507921405-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\IceChat7\IceChat7.exe" = C:\Program Files\IceChat7\IceChat7.exe:*:Enabled:Internet Relay Chat Client -- (IceChat Networks)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\rome total war gold\RomeTW.exe" = C:\Program Files\Steam\steamapps\common\rome total war gold\RomeTW.exe:*:Enabled:Rome: Total War Gold Edition -- (The Creative Assembly Ltd)
"C:\Program Files\Steam\steamapps\common\rome total war gold\RomeTW-BI.exe" = C:\Program Files\Steam\steamapps\common\rome total war gold\RomeTW-BI.exe:*:Enabled:Rome: Total War Gold Edition -- (The Creative Assembly Ltd)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{27555031-A116-4EC6-9991-7B400142A936}" = HP PSC & OfficeJet 6.1.A
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2E8788C0-2C19-448A-93D0-1D097BAA2278}" = BlackBerry Device Software v5.0.0 for the BlackBerry 8520 smartphone
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81935798-5D0C-4892-832E-630E6CC07EAF}" = Morrowind
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}" = Pixia
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F3B19B7C-0125-4044-85D3-D72364295CCA}" = PowerArchiver 2010
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Anki" = Anki
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"CCleaner" = CCleaner
"IceChat_is1" = IceChat 7.70 (Build 20101031)
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"PCFriendly" = PCFriendly
"Steam App 4760" = Rome: Total War Gold Edition
"VLC media player" = VLC media player 1.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/11/2011 04:57:27 | Computer Name = USER-F43426A450 | Source = Application Error | ID = 1000
Description = Faulting application msmsgs.exe, version 4.7.0.3001, faulting module
msmsgs.exe, version 4.7.0.3001, fault address 0x0010a316.

Error - 05/11/2011 12:46:07 | Computer Name = USER-F43426A450 | Source = Application Error | ID = 1000
Description = Faulting application msmsgs.exe, version 4.7.0.3001, faulting module
msmsgs.exe, version 4.7.0.3001, fault address 0x0010a316.

Error - 05/11/2011 17:00:47 | Computer Name = USER-F43426A450 | Source = Application Error | ID = 1000
Description = Faulting application msmsgs.exe, version 4.7.0.3001, faulting module
msmsgs.exe, version 4.7.0.3001, fault address 0x0010a316.

Error - 05/11/2011 17:02:03 | Computer Name = USER-F43426A450 | Source = Application Error | ID = 1000
Description = Faulting application msmsgs.exe, version 4.7.0.3001, faulting module
msmsgs.exe, version 4.7.0.3001, fault address 0x0010a316.

Error - 05/11/2011 17:09:01 | Computer Name = USER-F43426A450 | Source = Application Error | ID = 1000
Description = Faulting application msmsgs.exe, version 4.7.0.3001, faulting module
msmsgs.exe, version 4.7.0.3001, fault address 0x0010a316.

Error - 05/11/2011 17:09:14 | Computer Name = USER-F43426A450 | Source = Application Error | ID = 1000
Description = Faulting application msmsgs.exe, version 4.7.0.3001, faulting module
msmsgs.exe, version 4.7.0.3001, fault address 0x0010a316.

Error - 05/11/2011 17:09:39 | Computer Name = USER-F43426A450 | Source = Application Error | ID = 1000
Description = Faulting application msmsgs.exe, version 4.7.0.3001, faulting module
msmsgs.exe, version 4.7.0.3001, fault address 0x0010a316.

Error - 05/11/2011 17:34:54 | Computer Name = USER-F43426A450 | Source = Application Error | ID = 1000
Description = Faulting application msmsgs.exe, version 4.7.0.3001, faulting module
msmsgs.exe, version 4.7.0.3001, fault address 0x0010a316.

Error - 06/11/2011 07:40:40 | Computer Name = USER-F43426A450 | Source = Application Error | ID = 1000
Description = Faulting application msmsgs.exe, version 4.7.0.3001, faulting module
msmsgs.exe, version 4.7.0.3001, fault address 0x0010a316.

Error - 08/11/2011 18:37:12 | Computer Name = USER-F43426A450 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.scr, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 20/06/2011 07:45:49 | Computer Name = USER-F43426A450 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service
service to connect.

Error - 20/06/2011 07:45:49 | Computer Name = USER-F43426A450 | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%1053

Error - 20/06/2011 15:26:46 | Computer Name = USER-F43426A450 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 21/06/2011 05:32:10 | Computer Name = USER-F43426A450 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service
service to connect.

Error - 21/06/2011 05:32:10 | Computer Name = USER-F43426A450 | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%1053

Error - 23/06/2011 03:44:33 | Computer Name = USER-F43426A450 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service
service to connect.

Error - 23/06/2011 03:44:33 | Computer Name = USER-F43426A450 | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%1053

Error - 23/06/2011 03:45:33 | Computer Name = USER-F43426A450 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 23/06/2011 04:23:25 | Computer Name = USER-F43426A450 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service
service to connect.

Error - 23/06/2011 04:23:25 | Computer Name = USER-F43426A450 | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%1053

< End of report >

Thanks for the help!

#5
Essexboy

Posted 08 November 2011 - 04:53 PM

GeekU Moderator

Retired Staff
69,964 posts

The attached file will save you going to an AV site for the moment, if Avast offers to download virus definitions allow it to do so

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O20 - HKLM Winlogon: UserInit - (C:\Program Files\rikoofph\apndaole.exe) -C:\Program Files\rikoofph\apndaole.exe File not found
[2011/11/08 23:25:07 | 000,237,624 | ---- | C] (Premium) -- C:\Documents and Settings\user\Desktop\Setup (45).exe
[2011/11/08 22:29:16 | 000,237,624 | ---- | C] (Premium) -- C:\Documents and Settings\user\Desktop\Setup (72).exe
[2011/11/01 19:15:48 | 000,173,419 | ---- | M] () -- C:\WINDOWS\System32\MsiExecmgr.exe
[2011/04/23 12:11:18 | 000,173,419 | ---- | C] () -- C:\WINDOWS\System32\rundll32mgr.exe
[2011/04/20 15:01:53 | 000,173,419 | ---- | C] () -- C:\WINDOWS\Explorermgr.exe
[2011/04/17 01:38:41 | 000,012,462 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\5g1yme7y6roee78q8t05400yiy3m
[2011/04/17 01:38:41 | 000,012,462 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5g1yme7y6roee78q8t05400yiy3m

:Files
ipconfig /flushdns /c
C:\Program Files\rikoofph

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the attached zip file to your desktop [attachment=53463:aswMBR.zip]
Extract aswMBR

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#6
jan_jan64

Posted 08 November 2011 - 05:06 PM

Member

Topic Starter
Member
44 posts

OK! so, the OTL report:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Program Files\rikoofph\apndaole.exe deleted successfully.
C:\Documents and Settings\user\Desktop\Setup (45).exe moved successfully.
C:\Documents and Settings\user\Desktop\Setup (72).exe moved successfully.
C:\WINDOWS\system32\MsiExecmgr.exe moved successfully.
C:\WINDOWS\system32\rundll32mgr.exe moved successfully.
C:\WINDOWS\Explorermgr.exe moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\5g1yme7y6roee78q8t05400yiy3m moved successfully.
C:\Documents and Settings\All Users\Application Data\5g1yme7y6roee78q8t05400yiy3m moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\user\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\user\Desktop\cmd.txt deleted successfully.
C:\Program Files\rikoofph folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 7002206 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 524422 bytes
->Java cache emptied: 9744 bytes
->Flash cache emptied: 1496 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 28248 bytes
->Flash cache emptied: 20940 bytes

User: user
->Temp folder emptied: 52100192 bytes
->Temporary Internet Files folder emptied: 11656548 bytes
->Java cache emptied: 4269056 bytes
->FireFox cache emptied: 110702892 bytes
->Flash cache emptied: 36489 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 442897 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 602776 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 28798282 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 591144135 bytes

Total Files Cleaned = 772.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 11092011_000147

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\user\Local Settings\Temp\SAS6A.tmp not found!

Registry entries deleted on Reboot...

And asw log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-09 00:04:58
-----------------------------
00:04:58.328 OS Version: Windows 5.1.2600 Service Pack 3
00:04:58.328 Number of processors: 2 586 0x170A
00:04:58.328 ComputerName: USER-F43426A450 UserName: user
00:04:59.437 Initialize success
00:05:24.875 AVAST engine download error: 0
00:05:35.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
00:05:35.703 Disk 0 Vendor: WDC_WD6400AAKS-65A7B2 01.03B01 Size: 610480MB BusType: 3
00:05:37.750 Disk 0 MBR read successfully
00:05:37.765 Disk 0 MBR scan
00:05:37.765 Disk 0 Windows XP default MBR code
00:05:37.765 Disk 0 scanning sectors +1250242560
00:05:37.843 Disk 0 scanning C:\WINDOWS\system32\drivers
00:05:43.546 Service scanning
00:05:44.656 Modules scanning
00:05:49.031 Disk 0 trace - called modules:
00:05:49.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:05:49.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a494ab8]
00:05:49.046 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000005c[0x8a500630]
00:05:49.062 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a500748]
00:05:49.062 Scan finished successfully
00:06:01.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
00:06:01.031 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR - log.txt"

#7
jan_jan64

Posted 09 November 2011 - 11:03 AM

Member

Topic Starter
Member
44 posts

any ideas?

#8
Essexboy

Posted 09 November 2011 - 12:48 PM

GeekU Moderator

Retired Staff
69,964 posts

Can you confirm that you still cannot access antivirus sites please

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks, also allow the recovery console to be installed
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#9
Essexboy

Posted 13 November 2011 - 08:44 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.