Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help please

Started by mrglondon , May 10 2011 02:07 PM

  • This topic is locked This topic is locked

#1
mrglondon
Posted 10 May 2011 - 02:07 PM

mrglondon

    Member

  • Member
  • PipPip
  • 16 posts
Hi, I had a "xp security" virus on my computer today. I used ad aware to remove it and was told to restart. I can not open anything now as the "open with" box comes up every time.... I cannot even system restore as the open with box comes up..... please help
  • 0

Advertisements

#2
Essexboy
Posted 10 May 2011 - 02:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets try this first

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Essexboy
Posted 14 May 2011 - 06:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Essexboy
Posted 14 May 2011 - 09:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#5
mrglondon
Posted 14 May 2011 - 09:14 AM

mrglondon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi sorry I never reposted before, I followed the steps given to me and resolved the problem with the "open with" box. My other problem is that my pc which is running xp has been very slow for some time now.. Is there any way to speed it up? the computer performance is as follows:

Pentium® 4 CPU 2.50GHZ
2GB ram
Running XP

It takes ages to load up and once loaded runs slow and for example when opening internet browser it takes ages to bring up the window and even when it does takes some time before i can even type in a web address as the computer seems frozen. Also the cpu usage is always quite high at 80%-100%.
  • 0

#6
Essexboy
Posted 14 May 2011 - 09:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The problem with the open with may have been cured. However, that was just a quick fix before I removed the remainder of the malware. It is still on your system

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#7
Essexboy
Posted 14 May 2011 - 10:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#8
mrglondon
Posted 14 May 2011 - 10:10 AM

mrglondon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I attached the files

OTL logfile created on: 14/05/2011 16:32:51 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Adam Gilbert\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 9.44 Gb Free Space | 25.34% Space Free | Partition Type: NTFS
Drive D: | 34.34 Gb Total Space | 32.74 Gb Free Space | 95.33% Space Free | Partition Type: NTFS
Drive E: | 2.93 Gb Total Space | 1.60 Gb Free Space | 54.72% Space Free | Partition Type: FAT32

Computer Name: ADAM | User Name: Adam Gilbert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 16:31:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam Gilbert\My Documents\Downloads\OTL.exe
PRC - [2011/05/04 18:17:20 | 001,617,296 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files\Bandoo\Bandoo.exe
PRC - [2011/05/02 16:14:11 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/05/02 16:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/30 09:01:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 18:01:10 | 000,079,872 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/13 18:41:26 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
PRC - [2002/02/08 04:10:28 | 000,315,392 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\system32\atiptaxx.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 16:31:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam Gilbert\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2011/05/04 18:17:20 | 001,617,296 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011/05/02 16:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/12/29 14:52:40 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/07 18:01:10 | 000,079,872 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


========== Driver Services (SafeList) ==========

DRV - [2010/07/06 18:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/22 19:01:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/10 01:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/01/08 09:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/09/09 19:48:21 | 000,029,184 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV52.sys -- (SSHDRV52)
DRV - [2005/05/24 15:01:16 | 000,077,040 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2005/05/24 15:00:56 | 000,079,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2005/05/24 15:00:46 | 000,087,424 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2005/05/24 15:00:44 | 000,006,096 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2005/05/24 15:00:37 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
DRV - [2005/02/11 10:24:24 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2005/02/11 10:22:48 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005/02/11 10:21:10 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005/02/11 10:21:02 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005/02/11 10:19:20 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/02/21 10:25:22 | 000,019,153 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2002/10/20 21:26:14 | 000,027,008 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dlh5x.sys -- (DLH5X)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/02/28 01:49:30 | 000,471,407 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTXH51.sys -- (ham50)
DRV - [2002/02/08 22:30:56 | 000,381,824 | ---- | M] (ATI Technologies Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/01/03 02:00:00 | 000,523,392 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sbpci.sys -- (sbpci) SB PCI Family Audio Driver (WDM)
DRV - [2001/10/12 16:47:50 | 000,288,860 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.staples.co.uk
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.staples.co.uk
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.staples.co.uk
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.staples.co.uk
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-516276246-239712180-3615762775-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-516276246-239712180-3615762775-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKU\S-1-5-21-516276246-239712180-3615762775-1005\..\URLSearchHook: _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-516276246-239712180-3615762775-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-516276246-239712180-3615762775-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:5.1
FF - prefs.js..extensions.enabledItems: ConsumerInput@Compete:7565
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 09:01:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 09:01:25 | 000,000,000 | ---D | M]

[2008/11/20 19:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam Gilbert\Application Data\Mozilla\Extensions
[2011/05/13 08:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam Gilbert\Application Data\Mozilla\Firefox\Profiles\8pswk0wc.default\extensions
[2011/02/16 14:06:25 | 000,000,000 | ---D | M] ("Consumer Input") -- C:\Documents and Settings\Adam Gilbert\Application Data\Mozilla\Firefox\Profiles\8pswk0wc.default\extensions\ConsumerInput@Compete
[2011/05/07 14:45:02 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Documents and Settings\Adam Gilbert\Application Data\Mozilla\Firefox\Profiles\8pswk0wc.default\extensions\[email protected]
[2009/12/25 13:48:24 | 000,005,407 | ---- | M] () -- C:\Documents and Settings\Adam Gilbert\Application Data\Mozilla\Firefox\Profiles\8pswk0wc.default\searchplugins\fast-browser-search.xml
[2010/10/28 11:33:57 | 000,001,154 | ---- | M] () -- C:\Documents and Settings\Adam Gilbert\Application Data\Mozilla\Firefox\Profiles\8pswk0wc.default\searchplugins\yahoo-search.xml
[2011/05/13 08:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/31 19:01:06 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/07 14:05:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/06 23:08:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 10:29:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/05/09 19:48:38 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\DOCUMENTS AND SETTINGS\ADAM GILBERT\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
[2010/04/09 12:25:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/20 21:23:26 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/20 21:23:26 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/20 21:23:26 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/20 21:23:26 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - File not found
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
O3 - HKU\S-1-5-21-516276246-239712180-3615762775-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [AtiPTA] File not found
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [msnappau] C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-516276246-239712180-3615762775-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - File not found
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} http://www.miniclip....pGameLoader.dll (CR64Loader Object)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.c...nst20040510.cab (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by101fd.bay10...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1227029579404 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1231257881562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pdownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/29 21:03:46 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{da2439fe-5303-11df-bd50-000f3df3e821}\Shell\Shell00\Command - "" = H:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: uploadmgr - File not found
SystemRestore not available.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/14 15:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/05/14 15:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Gilbert\Desktop\pictures
[2011/05/12 11:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/12 11:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/08 19:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/08 19:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/07 14:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Gilbert\Application Data\Bandoo
[2011/05/07 14:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bandoo
[2011/05/07 14:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bandoo
[2011/05/07 14:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bandoo
[2011/05/05 13:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/04/22 11:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dGl06504oHfNg06504
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/14 15:13:29 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/14 15:13:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/14 15:13:02 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/14 15:12:04 | 000,000,196 | ---- | M] () -- C:\WINDOWS\System32\drivers\ALCICH.DAT
[2011/05/10 20:24:50 | 000,000,873 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2011/05/10 18:13:00 | 000,018,262 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
[2011/05/10 18:12:58 | 000,018,262 | -HS- | M] () -- C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
[2011/05/08 19:34:10 | 000,012,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/08 19:33:47 | 805,306,368 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/08 19:30:34 | 000,116,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\189A1.sys
[2011/05/08 19:29:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Adam Gilbert\2gweorjqjutp92vjy9gake
[2011/05/08 12:53:05 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/08 12:53:05 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/07 16:54:17 | 000,023,148 | -H-- | M] () -- C:\WINDOWS\System32\Atmenuxx.GID
[2011/05/04 18:17:50 | 001,524,112 | ---- | M] () -- C:\WINDOWS\System32\bandoolmx.dll
[2011/04/22 14:30:03 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/04/16 07:13:43 | 000,496,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 21:54:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/10 20:33:46 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/10 17:44:30 | 000,018,262 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
[2011/05/10 17:44:30 | 000,018,262 | -HS- | C] () -- C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
[2011/05/08 19:30:34 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\189A1.sys
[2011/05/08 19:29:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\2gweorjqjutp92vjy9gake
[2011/05/07 14:44:35 | 001,524,112 | ---- | C] () -- C:\WINDOWS\System32\bandoolmx.dll
[2011/04/22 14:33:16 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/22 14:33:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/06/11 22:42:09 | 000,112,264 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/07 15:03:08 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/05 13:18:47 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/08/07 20:21:58 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/08/07 20:21:58 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/08/07 20:21:34 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\Application Data\$_hpcst$.hpc
[2008/11/19 18:24:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/11/18 19:06:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/03/31 16:06:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/10/31 15:28:37 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\Application Data\ViewerApp.dat
[2006/08/02 13:53:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/08/02 13:51:18 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/04/11 15:19:46 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2006/02/13 19:58:02 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\Application Data\com.kennettnet.PodUtil.plist
[2005/12/29 14:26:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/09/09 19:48:21 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV52.sys
[2005/05/26 22:43:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/26 22:43:05 | 000,003,308 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/04/01 19:41:41 | 000,942,320 | ---- | C] () -- C:\WINDOWS\System32\oeemntti.dat
[2005/04/01 19:41:41 | 000,077,000 | ---- | C] () -- C:\WINDOWS\System32\c8sqv7qf.dat
[2005/04/01 19:41:41 | 000,005,400 | ---- | C] () -- C:\WINDOWS\System32\11au7hmc.dat
[2005/04/01 19:41:41 | 000,002,709 | ---- | C] () -- C:\WINDOWS\System32\9l67n5e7.dat
[2005/04/01 19:41:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lro2fria.dat
[2005/04/01 19:41:35 | 000,003,560 | ---- | C] () -- C:\WINDOWS\System32\j3tuu8r2.ini
[2005/04/01 19:41:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\o994ebij.ini
[2005/04/01 19:41:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\kojrd454.ini
[2005/02/25 14:49:53 | 000,000,538 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2004/12/10 13:32:22 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\Application Data\user52.rdb
[2004/08/12 14:34:12 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2004/01/13 18:17:52 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2003/12/29 00:33:51 | 000,000,041 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/12/04 17:09:32 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003/12/04 17:09:32 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003/12/04 17:09:32 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003/06/12 17:12:25 | 000,000,474 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/12/30 20:45:56 | 000,000,282 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2002/12/20 15:11:10 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2002/12/17 17:18:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2002/10/27 23:14:58 | 000,000,162 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2002/10/26 14:03:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\GpUnInst.exe
[2002/10/26 14:01:25 | 000,024,576 | ---- | C] () -- C:\WINDOWS\dphoun.exe
[2002/10/26 14:00:26 | 000,140,800 | ---- | C] () -- C:\WINDOWS\serifun.exe
[2002/10/25 18:41:15 | 000,000,063 | ---- | C] () -- C:\WINDOWS\GSPCV.INI
[2002/10/25 18:39:29 | 000,000,147 | ---- | C] () -- C:\WINDOWS\TravManG.INI
[2002/09/16 19:04:44 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/09/16 19:03:03 | 000,000,104 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2002/09/14 20:35:56 | 000,000,196 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALCICH.DAT
[2002/09/13 12:09:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/09/11 21:48:57 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/09/11 21:29:07 | 000,000,128 | ---- | C] () -- C:\WINDOWS\msje8tp.dat
[2002/09/11 20:19:00 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\Application Data\sversion.ini
[2002/09/10 08:44:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2002/09/10 08:44:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2002/09/10 08:44:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2002/09/10 08:43:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2002/09/10 08:43:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2002/09/10 08:43:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2002/09/10 08:43:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2002/09/10 08:43:04 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2002/09/10 08:42:24 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2002/09/10 08:41:52 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2002/09/10 08:41:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2002/09/10 08:41:30 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2002/09/10 08:41:26 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2002/09/10 08:41:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2002/09/10 08:41:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2002/09/10 08:41:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2002/09/06 18:10:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\REPDES32.EXE
[2002/09/06 18:10:44 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2002/09/06 18:00:46 | 001,552,384 | ---- | C] () -- C:\WINDOWS\System32\SGREP32.DLL
[2002/07/07 17:13:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2002/07/07 16:59:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/06/30 09:49:22 | 000,105,292 | ---- | C] () -- C:\WINDOWS\restart.exe
[2002/05/20 18:47:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2002/05/20 11:42:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/05/20 03:12:51 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2002/05/20 02:52:59 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2002/05/20 02:46:21 | 000,000,873 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/05/20 02:44:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/05/20 02:38:19 | 000,022,736 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/05/19 19:32:32 | 000,004,315 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/05/19 19:31:34 | 000,496,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/05/19 17:25:13 | 000,001,384 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/05/19 17:24:37 | 000,338,658 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/05/19 17:24:37 | 000,052,216 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/05/19 17:24:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/04/16 12:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2001/09/04 12:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/09/04 12:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2000/05/08 05:20:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\trayhook.dll
[2000/05/08 05:20:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\sointgr.exe
[1999/10/25 11:53:58 | 000,000,008 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/03/26 02:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1998/01/12 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2005/06/23 21:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\agukuk2005
[2010/06/30 14:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\Amazon
[2011/05/07 14:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\Bandoo
[2009/01/04 17:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\bang
[2010/03/28 14:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\Facebook
[2010/12/03 15:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\HTC
[2002/05/20 03:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\InterTrust
[2002/07/07 17:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\InterVideo
[2005/10/03 13:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\Leadertech
[2009/06/03 15:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\Nokia
[2010/07/15 12:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\RegistryTool
[2010/05/31 18:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\Samsung
[2002/09/11 21:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\Steinberg
[2010/03/18 00:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\yoclient
[2011/05/07 14:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bandoo
[2011/04/22 11:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dGl06504oHfNg06504
[2008/11/22 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/11/22 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2004/08/11 17:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2011/05/05 13:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/07/15 12:15:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2009/11/05 11:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/28 20:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2002/05/20 03:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2002/07/07 17:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterVideo
[2002/05/20 03:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2002/07/07 17:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2002/05/20 03:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterTrust
[2002/07/07 17:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterVideo
[2004/09/16 19:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ubisoft
[2011/05/14 15:13:29 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2001/01/10 12:23:58 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE


< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 08:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/05/12 23:15:44 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=5DC59DAAFDA8E8D11BDE999E478A0C8F -- C:\WINDOWS\SoftwareDistribution\Download\cb54485933aa009855d78885e4c31c64\rtmqfe\winlogon.exe
[2004/05/27 02:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\SoftwareDistribution\Download\cb54485933aa009855d78885e4c31c64\sp1qfe\winlogon.exe
[2004/05/27 02:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\sp1qfe\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 09:01:16 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 09:01:16 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 09:01:16 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 09:01:08 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\soffice.exe\shell\open\command\\: "C:\Program Files\Office52\program\soffice.exe" [2000/05/08 05:20:00 | 000,217,088 | ---- | M] (Sun Microsystems, Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 09:01:16 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 09:01:16 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 09:01:16 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 09:01:08 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\soffice.exe\shell\open\command\\: "C:\Program Files\Office52\program\soffice.exe" [2000/05/08 05:20:00 | 000,217,088 | ---- | M] (Sun Microsystems, Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\vga.dll:SummaryInformation

< End of report >

Attached Files


  • 0

#9
mrglondon
Posted 14 May 2011 - 10:13 AM

mrglondon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Report attached

Attached Files


  • 0

#10
Essexboy
Posted 14 May 2011 - 10:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK whilst I look at these could you see my previous post and run aswMBR please
  • 0

Advertisements

#11
Essexboy
Posted 14 May 2011 - 10:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK you are way ahead of me

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button
Posted Image

Save the log as before and post in your next reply. If aswMBR hangs whilst fixing then just reboot and re-run the scan
  • 0

#12
mrglondon
Posted 14 May 2011 - 10:30 AM

mrglondon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Its not giving me the option to fix.
  • 0

#13
Essexboy
Posted 14 May 2011 - 10:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you repost a fresh scan please and run this OTL fix

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
    FF - prefs.js..browser.search.order.1: "Fast Browser Search"
    [2009/12/25 13:48:24 | 000,005,407 | ---- | M] () -- C:\Documents and Settings\Adam Gilbert\Application Data\Mozilla\Firefox\Profiles\8pswk0wc.default\searchplugins\fast-browser-search.xml
    [2011/04/22 11:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dGl06504oHfNg06504
    [2011/05/10 18:13:00 | 000,018,262 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
    [2011/05/10 18:12:58 | 000,018,262 | -HS- | M] () -- C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
    [2011/05/08 19:29:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Adam Gilbert\2gweorjqjutp92vjy9gake
    [2011/05/10 17:44:30 | 000,018,262 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
    [2011/05/10 17:44:30 | 000,018,262 | -HS- | C] () -- C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
    [2011/05/08 19:30:34 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\189A1.sys
    [2011/05/08 19:29:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\2gweorjqjutp92vjy9gake
    [2005/04/01 19:41:41 | 000,942,320 | ---- | C] () -- C:\WINDOWS\System32\oeemntti.dat
    [2005/04/01 19:41:41 | 000,077,000 | ---- | C] () -- C:\WINDOWS\System32\c8sqv7qf.dat
    [2005/04/01 19:41:41 | 000,005,400 | ---- | C] () -- C:\WINDOWS\System32\11au7hmc.dat
    [2005/04/01 19:41:41 | 000,002,709 | ---- | C] () -- C:\WINDOWS\System32\9l67n5e7.dat
    [2005/04/01 19:41:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lro2fria.dat
    [2005/04/01 19:41:35 | 000,003,560 | ---- | C] () -- C:\WINDOWS\System32\j3tuu8r2.ini
    [2005/04/01 19:41:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\o994ebij.ini
    [2005/04/01 19:41:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\kojrd454.ini
    2011/04/22 11:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dGl06504oHfNg06504

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\All Users\Application Data\dGl06504oHfNg06504
    C:\Documents and Settings\All Users\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
    C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
    C:\Documents and Settings\Adam Gilbert\2gweorjqjutp92vjy9gake
    C:\Documents and Settings\All Users\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
    C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
    C:\Documents and Settings\Adam Gilbert\2gweorjqjutp92vjy9gake
    C:\Documents and Settings\All Users\Application Data\dGl06504oHfNg06504

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#14
mrglondon
Posted 14 May 2011 - 10:35 AM

mrglondon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
2nd asw scan report

Attached Files


  • 0

#15
Essexboy
Posted 14 May 2011 - 10:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm 'tis not reporting it on that scan - did you press the fix button first time around ?

Try and paste the fresh OTL log and let me know if you are able to
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP