View Full Version : Alureon Help needed
Hi,
I have been infected with the Alueron Trjan/virus and keep getting the windows xp restore pop up. Everything seems to have vanished and can only operate in safe mode
Thanks
here's the dds:-
.
DDS (Ver_2011-06-12.02) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.11
Run by David Roberts at 20:03:39 on 2011-06-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2038.1634 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: PC Tools Firewall Plus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.talktalk.co.uk/
mStart Page = hxxp://www.tiscali.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9A928341-D366-4032-A471-6EC120CD9B73} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {E4F3F5D3-847E-4970-8754-9165E77EEE13} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Spyware Doctor] c:\documents and settings\david roberts\desktop\sdsetup_revwire207[1].exe -min
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [VmBaxAOpYwYFlj] c:\documents and settings\all users\application data\VmBaxAOpYwYFlj.exe
mRun: c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [EPSON Stylus CX6600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
mRun: [EPSON Stylus CX6600 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9EE.EXE /P35 "EPSON Stylus CX6600 Series (Copy 1)" /O6 "USB001" /M "Stylus CX6600"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [\BEDROOM\EPSON] c:\windows\system32\spool\drivers\w32x86\3\e_fati9ee.exe /p15 "\\bedroom\epson" /o15 "\\bedroom\EPSON" /M "Stylus CX6600"
mRun: [\BEDROOM\EPSON CX6600] c:\windows\system32\spool\drivers\w32x86\3\e_fati9ee.exe /p22 "\\bedroom\epson cx6600" /o22 "\\bedroom\EPSON CX6600" /M "Stylus CX6600"
mRun: [\BEDROOM\CX6600] c:\windows\system32\spool\drivers\w32x86\3\e_fati9ee.exe /p16 "\\bedroom\cx6600" /o16 "\\bedroom\CX6600" /M "Stylus CX6600"
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\davidr~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-explorer: NoDesktop = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: autotrader.co.uk\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1B735B98-8010-11D5-AD0B-00500463D885} - hxxp://www.partsarena.co.uk/baxi/Plugins/IMIESRCH.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} - hxxp://www.partsarena.com/baxi/Plugins/GFXVIEW.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240350071421
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240349950203
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B34BFC41-E537-4228-9B3F-122328D1DE14} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EBEEF6E2-734D-4AF5-9215-60EE3DB9F381} : DhcpNameServer = 192.168.0.1
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-5-16 249616]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-5-16 57536]
S1 jithgnya;jithgnya;\??\c:\windows\system32\drivers\jithgnya.sys --> c:\windows\system32\drivers\jithgnya.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
S1 MpKsl2004902f;MpKsl2004902f; [x]
S1 MpKsl308703cc;MpKsl308703cc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c081f68b-fd3e-463b-9d8f-f1e0c734bced}\mpksl308703cc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c081f68b-fd3e-463b-9d8f-f1e0c734bced}\MpKsl308703cc.sys [?]
S1 MpKsl7ad872e7;MpKsl7ad872e7; [x]
S1 MpKslefb49274;MpKslefb49274; [x]
S1 MpKslfe0c0255;MpKslfe0c0255;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{672d87bb-77b6-47dc-85d9-98416537d8f3}\mpkslfe0c0255.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{672d87bb-77b6-47dc-85d9-98416537d8f3}\MpKslfe0c0255.sys [?]
S1 npsxufoa;npsxufoa; [x]
S1 vdhiikvh;vdhiikvh; [x]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-1-5 54752]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-19 217088]
S2 gupdate1c9f5f043aa6e2e;Google Update Service (gupdate1c9f5f043aa6e2e);c:\program files\google\update\GoogleUpdate.exe [2009-6-26 133104]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-5-16 160448]
S2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2011-5-16 287024]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 18136]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-19 36640]
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [2006-5-29 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [2006-5-29 23296]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-26 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-1-28 40832]
S3 nokiackx;Nokia CK USB Driver;c:\windows\system32\drivers\nokiackx.sys [2011-3-23 27264]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-5-16 89192]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-5-16 57536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-5-16 124992]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-8-19 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-8-19 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-8-19 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2010-8-19 100224]
.
=============== Created Last 30 ================
.
2011-06-14 06:46:34 386048 ----a-w- c:\documents and settings\all users\application data\17030948.exe
2011-06-13 19:45:32 41680 ----a-w- c:\windows\system32\drivers\shkjagao.sys
2011-06-13 19:33:23 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c94a2655-f1d7-4a3c-89ff-7e9ee91f8b4a}\MpKsl4e1598df.sys
2011-06-12 23:40:26 4224 ----a-w- c:\windows\system32\beep.sys
2011-06-12 23:38:59 492544 ---ha-w- c:\documents and settings\all users\application data\VmBaxAOpYwYFlj.exe
2011-06-12 11:20:40 6962000 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c94a2655-f1d7-4a3c-89ff-7e9ee91f8b4a}\mpengine.dll
2011-06-03 21:52:30 0 ---ha-w- c:\documents and settings\david roberts\local settings\application data\BIT14.tmp
2011-05-18 22:25:21 -------- d-----w- C:\_OTL
2011-05-17 21:32:40 6962000 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-05-16 21:01:07 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-16 20:55:04 -------- d--h--w- c:\program files\Microsoft Security Client
2011-05-15 23:54:25 -------- d--h--w- c:\documents and settings\david roberts\application data\PCToolsFirewallPlus
2011-05-15 23:53:48 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-05-15 23:53:47 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-15 23:53:46 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-05-15 23:52:14 89192 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-05-15 23:52:14 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2011-05-15 23:52:14 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-05-15 23:52:14 -------- d--h--w- c:\program files\common files\PC Tools
2011-05-15 23:52:12 124992 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2011-05-15 23:52:11 -------- d--h--w- c:\program files\PC Tools Firewall Plus
2011-05-15 23:35:35 -------- d--h--w- c:\program files\SpywareBlaster
.
==================== Find3M ====================
.
.
============= FINISH: 20:05:28.96 ===============
Edit[I]: Merged Admin query and response.
Hello dgr228,
Is this the same computer: Click.GiftLoad Help needed
http://forums.spybot.info/showthread.php?p=406447#post406447
Also,
Lets do this as it may be a windows issue.
I would like you to post here, you can link them to this thread if you wish as all us forums work together, explain your problem, it may be just things in your start up are messing things up.
http://forums.whatthetech.com/index.php?showforum=119
I will leave this thread open for you for a few days , please post back and let me know what they said or did and if they still feel its malware we can dig deeper, keep in mind that we cleaned some nasty infections on this system and sometimes they could have left some damage.
post back and let me know if they fixed it I'm not seeing a topic posted at WTT?
Best regards.------------------------------------------
Hi,
You are correct, it is the same PC. It has had little use for a few weeks due to vacation. It has now been in use by the kids and has picked up another virus so that is why I have posted here.
Had fantastic assistance from Ken previously and was hoping I could get some more help.
Thanks
Dave:thanks:
Hello Dave,
Sorry your still having problems, lets run Combofix, safemode is fine. I believe we removed Combofix when we where done before, if not drag it to the trash and grab a new copy
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Hi Ken, thanks for your reply, much appreciated, here's the log:-
ComboFix 11-06-27.01 - David Roberts 28/06/2011 0:08.4.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2038.1542 [GMT 1:00]
Running from: c:\documents and settings\David Roberts\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Nathan Roberts\Local Settings\Application Data\{EFB458FC-F343-413F-8DF7-2658C04A8C52}
c:\documents and settings\Nathan Roberts\Local Settings\Application Data\{EFB458FC-F343-413F-8DF7-2658C04A8C52}\chrome.manifest
c:\documents and settings\Nathan Roberts\Local Settings\Application Data\{EFB458FC-F343-413F-8DF7-2658C04A8C52}\chrome\content\_cfg.js
c:\documents and settings\Nathan Roberts\Local Settings\Application Data\{EFB458FC-F343-413F-8DF7-2658C04A8C52}\chrome\content\overlay.xul
c:\documents and settings\Nathan Roberts\Local Settings\Application Data\{EFB458FC-F343-413F-8DF7-2658C04A8C52}\install.rdf
c:\documents and settings\Samantha Roberts\Local Settings\Application Data\{A81C6ECF-DBAC-46A8-AB0F-1772D2A05683}
c:\documents and settings\Samantha Roberts\Local Settings\Application Data\{A81C6ECF-DBAC-46A8-AB0F-1772D2A05683}\chrome.manifest
c:\documents and settings\Samantha Roberts\Local Settings\Application Data\{A81C6ECF-DBAC-46A8-AB0F-1772D2A05683}\chrome\content\_cfg.js
c:\documents and settings\Samantha Roberts\Local Settings\Application Data\{A81C6ECF-DBAC-46A8-AB0F-1772D2A05683}\chrome\content\overlay.xul
c:\documents and settings\Samantha Roberts\Local Settings\Application Data\{A81C6ECF-DBAC-46A8-AB0F-1772D2A05683}\install.rdf
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-27 22:52 . 2011-06-27 22:52 -------- d-----w- c:\windows\LastGood
2011-06-23 21:51 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F81CA8D-5D78-42CF-BA63-217ABF1C166B}\mpengine.dll
2011-06-17 17:41 . 2011-06-27 17:39 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-17 17:08 . 2011-06-17 17:08 984 ----a-w- c:\windows\system32\drivers\fqinlgmr.dat
2011-06-17 01:05 . 2011-06-17 01:05 1252 ----a-w- c:\windows\system32\drivers\kjrmaunq.dat
2011-06-17 01:05 . 2011-06-17 01:05 1252 ----a-w- c:\windows\system32\drivers\ifitplbs.dat
2011-06-17 01:05 . 2011-06-17 01:05 -------- d-----w- c:\documents and settings\David Roberts\Local Settings\Application Data\PCHealth
2011-06-17 01:04 . 2011-06-17 01:04 1252 ----a-w- c:\windows\system32\drivers\wkwcqgnj.dat
2011-06-17 01:04 . 2011-06-17 01:04 1394 ----a-w- c:\windows\system32\drivers\ibpoxgaw.dat
2011-06-17 01:03 . 2011-06-17 01:03 1052 ----a-w- c:\windows\system32\drivers\bhkiknss.dat
2011-06-17 01:02 . 2011-06-17 01:02 852 ----a-w- c:\windows\system32\drivers\jkfccsdk.dat
2011-06-17 01:00 . 2011-06-17 01:00 962 ----a-w- c:\windows\system32\drivers\muivskmc.dat
2011-06-17 01:00 . 2011-06-17 01:00 760 ----a-w- c:\windows\system32\drivers\sbdmcqkx.dat
2011-06-17 00:58 . 2011-06-17 00:58 650 ----a-w- c:\windows\system32\drivers\urxqutuv.dat
2011-06-17 00:57 . 2011-06-17 00:57 448 ----a-w- c:\windows\system32\drivers\ymesroji.dat
2011-06-17 00:44 . 2011-06-17 00:44 -------- d-----w- c:\documents and settings\David Roberts\Application Data\AVG10
2011-06-17 00:36 . 2011-06-27 22:52 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-13 23:00 . 2011-06-13 23:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-06-13 21:21 . 2011-06-13 21:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-06-13 19:45 . 2011-06-13 19:45 41680 ----a-w- c:\windows\system32\drivers\shkjagao.sys
2011-06-12 23:40 . 2004-08-04 08:00 4224 ----a-w- c:\windows\system32\beep.sys
2011-06-04 14:48 . 2011-06-04 14:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-06-03 21:52 . 2011-06-03 21:52 0 ----a-w- c:\documents and settings\David Roberts\Local Settings\Application Data\BIT14.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 08:11 . 2011-05-06 18:03 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2011-05-06 18:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 18:14 . 2011-05-16 21:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-09 20:46 . 2011-05-17 21:32 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-02 15:31 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-04 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2009-07-22 07:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2004-08-04 08:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-04 08:00 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 08:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
"EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE" [2004-03-01 98304]
"EPSON Stylus CX6600 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE" [2004-03-01 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-10-23 1224754]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"\BEDROOM\EPSON"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE" [2004-03-01 98304]
"\BEDROOM\EPSON CX6600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE" [2004-03-01 98304]
"\BEDROOM\CX6600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE" [2004-03-01 98304]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\David Roberts\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-9-5 65588]
Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{F128BA10-362E-11D3-81AB-00C04FB932BA}\4EBD23F5.exe [2006-9-10 29184]
VideoCam Suite.lnk - c:\program files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2010-12-28 349600]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-9 610120]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 jithgnya;jithgnya;c:\windows\system32\drivers\jithgnya.sys [x]
R1 MpKsl2004902f;MpKsl2004902f; [x]
R1 MpKsl308703cc;MpKsl308703cc;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C081F68B-FD3E-463B-9D8F-F1E0C734BCED}\MpKsl308703cc.sys [x]
R1 MpKsl4ab75df9;MpKsl4ab75df9; [x]
R1 MpKsl7ad872e7;MpKsl7ad872e7; [x]
R1 MpKsl96b9b41d;MpKsl96b9b41d; [x]
R1 MpKslb44d8a4d;MpKslb44d8a4d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C94A2655-F1D7-4A3C-89FF-7E9EE91F8B4A}\MpKslb44d8a4d.sys [x]
R1 MpKslefb49274;MpKslefb49274; [x]
R1 MpKslfe0c0255;MpKslfe0c0255;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{672D87BB-77B6-47DC-85D9-98416537D8F3}\MpKslfe0c0255.sys [x]
R1 npsxufoa;npsxufoa; [x]
R1 vdhiikvh;vdhiikvh; [x]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-22 217088]
R2 gupdate1c9f5f043aa6e2e;Google Update Service (gupdate1c9f5f043aa6e2e);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 133104]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-11-25 160448]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 18136]
R3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\DRIVERS\g3grumdm.sys [2005-03-31 26496]
R3 G3GRUSER;G3G R USB Serial;c:\windows\system32\DRIVERS\g3gruser.sys [2005-03-31 23296]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 133104]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
R3 nokiackx;Nokia CK USB Driver;c:\windows\system32\Drivers\nokiackx.sys [2010-09-27 27264]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-11-24 89192]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis.sys [2010-07-08 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-11-25 124992]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-11-17 249616]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [2010-07-08 57536]
S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
.
2011-06-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 17:38]
.
2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 23:53]
.
2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 23:53]
.
2011-06-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
2011-06-27 c:\windows\Tasks\User_Feed_Synchronization-{27FF52A0-9509-4DD6-A1FD-E8ADFEA13033}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
2011-06-27 c:\windows\Tasks\User_Feed_Synchronization-{2F101100-00B3-42AC-896F-CF4BCEB79A51}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.talktalk.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9A928341-D366-4032-A471-6EC120CD9B73} - (no file)
BHO-{E4F3F5D3-847E-4970-8754-9165E77EEE13} - (no file)
HKCU-Run-Spyware Doctor - c:\documents and settings\David Roberts\Desktop\sdsetup_revwire207[1].exe
Notify-avgrsstarter - (no file)
SafeBoot-klmdb.sys
AddRemove-SAMSUNG CDMA Modem - c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-eMusic Download Manager - c:\program files\eMusic Download Manager\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-28 01:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????3?7?6?0??????? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1564)
c:\program files\Vodafone\Vodafone Mobile Connect\odLogin.dll
.
Completion time: 2011-06-28 01:10:05
ComboFix-quarantined-files.txt 2011-06-28 00:09
.
Pre-Run: 4,259,516,416 bytes free
Post-Run: 4,691,705,856 bytes free
.
- - End Of File - - 3E39E51173235E87D473A9DAB0DABAF5
Hello Dave,
You still have a lot of odd looking files and drivers on your CF log, lets see if they can be removed and if not we can look into them more
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Here's the Malware Bytes log, OTL to follow:-
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6970
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11
28/06/2011 21:27:22
mbam-log-2011-06-28 (21-27-22).txt
Scan type: Quick scan
Objects scanned: 209373
Time elapsed: 4 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Ken,
Here's the OTL.txt - no Extras.txt file was created, looked everywhere for it, could'nt find it:-
OTL logfile created on: 28/06/2011 22:14:26 - Run 6
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\David Roberts\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 79.49% Memory free
2.58 Gb Paging File | 2.35 Gb Available in Paging File | 91.14% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 4.39 Gb Free Space | 5.89% Space Free | Partition Type: NTFS
Computer Name: LAPTOP1 | User Name: David Roberts | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\David Roberts\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\David Roberts\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- File not found
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\incdsrv.exe (AHEAD Software)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
========== Driver Services (SafeList) ==========
DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (nokiackx) -- C:\WINDOWS\system32\drivers\nokiackx.sys (CSR)
DRV - (pctNdisMP) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (pctNdis) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\WINDOWS\system32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (ovt519) -- C:\WINDOWS\system32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (G3GRUMDM) -- C:\WINDOWS\system32\drivers\g3grumdm.sys (Option N.V.)
DRV - (G3GRUSER) -- C:\WINDOWS\system32\drivers\g3gruser.sys (Option N.V.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)
DRV - (odysseyIM3) -- C:\WINDOWS\system32\drivers\odysseyIM3.sys (Funk Software, Inc.)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\incdpass.sys (Ahead Software)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\incdfs.sys (Ahead Software)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\incdrm.sys (Ahead Software AG)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Company)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
IE - HKU\S-1-5-21-1382785856-1798376066-795083379-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
IE - HKU\S-1-5-21-1382785856-1798376066-795083379-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1382785856-1798376066-795083379-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\extensions\\{184CA625-3265-40F7-98DA-F49D55AE2F79}: C:\Documents and Settings\Elen Roberts\Local Settings\Application Data\{184CA625-3265-40F7-98DA-F49D55AE2F79}
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/05 19:32:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/05/16 19:47:46 | 000,000,000 | ---D | M]
[2008/03/03 18:31:43 | 000,000,000 | ---D | M] (Talkback) -- C:\PROGRAM FILES\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG
O1 HOSTS File: ([2011/06/28 00:59:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1382785856-1798376066-795083379-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1382785856-1798376066-795083379-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1382785856-1798376066-795083379-1006\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [\BEDROOM\CX6600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [\BEDROOM\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [\BEDROOM\EPSON CX6600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX6600 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-1382785856-1798376066-795083379-1006..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\WINDOWS\Installer\{F128BA10-362E-11D3-81AB-00C04FB932BA}\4EBD23F5.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VideoCam Suite.lnk = C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\David Roberts\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1382785856-1798376066-795083379-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1382785856-1798376066-795083379-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1382785856-1798376066-795083379-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1382785856-1798376066-795083379-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} http://www.partsarena.co.uk/baxi/Plugins/IMIESRCH.cab (SearchCD Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} http://www.partsarena.com/baxi/Plugins/GFXVIEW.cab (GrafixViewControl)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240350071421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240349950203 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/28 22:11:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/28 01:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/27 23:58:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/27 23:58:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/27 23:58:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/27 23:58:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/27 23:57:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/27 23:52:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/27 23:48:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/27 23:46:31 | 004,127,961 | R--- | C] (Swearware) -- C:\Documents and Settings\David Roberts\Desktop\ComboFix.exe
[2011/06/27 23:12:58 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\David Roberts\My Documents\mbam-setup-1.51.0.1200.exe
[2011/06/17 18:41:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/17 02:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Roberts\Local Settings\Application Data\PCHealth
[2011/06/17 01:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Roberts\Application Data\AVG10
[2011/06/17 01:36:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/06/16 23:28:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David Roberts\Recent
[2011/06/14 20:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Roberts\My Documents\attach
[2011/06/14 20:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Roberts\My Documents\dds
[2011/06/14 20:03:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David Roberts\Start Menu\Programs\Administrative Tools
[2011/06/14 20:03:30 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\David Roberts\Desktop\dds.scr
[2011/06/13 20:45:32 | 000,041,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\shkjagao.sys
[2011/06/13 00:40:26 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[2011/06/04 15:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[5 C:\Documents and Settings\David Roberts\My Documents\*.tmp files -> C:\Documents and Settings\David Roberts\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\David Roberts\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\David Roberts\Local Settings\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/28 22:03:13 | 000,030,896 | ---- | M] () -- C:\Documents and Settings\David Roberts\Application Data\wklnhst.dat
[2011/06/28 21:25:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Roberts\Desktop\OTL.exe
[2011/06/28 21:20:27 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/28 21:15:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/28 21:14:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 00:59:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/27 23:46:38 | 004,127,961 | R--- | M] (Swearware) -- C:\Documents and Settings\David Roberts\Desktop\ComboFix.exe
[2011/06/27 23:20:07 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\HiJackThis.msi
[2011/06/27 23:14:31 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/27 23:13:09 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\David Roberts\My Documents\mbam-setup-1.51.0.1200.exe
[2011/06/27 22:05:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{27FF52A0-9509-4DD6-A1FD-E8ADFEA13033}.job
[2011/06/27 21:15:32 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/27 19:24:22 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2F101100-00B3-42AC-896F-CF4BCEB79A51}.job
[2011/06/27 18:39:30 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/27 18:34:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/25 00:28:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/17 20:10:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 18:08:50 | 000,000,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\fqinlgmr.dat
[2011/06/17 18:04:12 | 118,878,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/06/17 02:05:55 | 000,001,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\kjrmaunq.dat
[2011/06/17 02:05:19 | 000,001,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\ifitplbs.dat
[2011/06/17 02:04:50 | 000,001,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\wkwcqgnj.dat
[2011/06/17 02:04:23 | 000,001,394 | ---- | M] () -- C:\WINDOWS\System32\drivers\ibpoxgaw.dat
[2011/06/17 02:03:48 | 000,001,052 | ---- | M] () -- C:\WINDOWS\System32\drivers\bhkiknss.dat
[2011/06/17 02:02:27 | 000,000,852 | ---- | M] () -- C:\WINDOWS\System32\drivers\jkfccsdk.dat
[2011/06/17 02:00:43 | 000,000,962 | ---- | M] () -- C:\WINDOWS\System32\drivers\muivskmc.dat
[2011/06/17 02:00:03 | 000,000,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\sbdmcqkx.dat
[2011/06/17 01:58:56 | 000,000,650 | ---- | M] () -- C:\WINDOWS\System32\drivers\urxqutuv.dat
[2011/06/17 01:57:01 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\drivers\ymesroji.dat
[2011/06/17 01:31:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011/06/16 23:28:16 | 000,005,384 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/14 21:57:10 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\iExplore.exe
[2011/06/14 20:03:32 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\David Roberts\Desktop\dds.scr
[2011/06/14 20:00:51 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\David Roberts\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/14 20:00:45 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\NTREGOPT.lnk
[2011/06/14 20:00:45 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\ERUNT.lnk
[2011/06/14 20:00:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\David Roberts\Desktop\erunt-setup.exe
[2011/06/14 07:51:29 | 000,000,328 | -HS- | M] () -- C:\boot.ini
[2011/06/13 21:22:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2011/06/13 20:45:32 | 000,041,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\shkjagao.sys
[2011/06/12 14:06:32 | 000,005,007 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\AFC COLWYN AFC Colwyn Under 8s.url
[2011/06/12 12:10:23 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
[2011/06/09 18:18:05 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[5 C:\Documents and Settings\David Roberts\My Documents\*.tmp files -> C:\Documents and Settings\David Roberts\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\David Roberts\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\David Roberts\Local Settings\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/28 00:35:08 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/06/28 00:35:07 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VideoCam Suite.lnk
[2011/06/28 00:35:05 | 000,002,565 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
[2011/06/28 00:35:03 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/06/28 00:35:01 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/06/28 00:27:48 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/28 00:27:46 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/28 00:27:44 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/06/28 00:27:42 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\RealPlayer.lnk
[2011/06/28 00:27:41 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\My Bluetooth Places.lnk
[2011/06/28 00:27:39 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/06/28 00:27:37 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2011/06/28 00:27:35 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/06/28 00:27:34 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2011/06/28 00:27:32 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/28 00:27:30 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/06/28 00:27:28 | 000,001,629 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Home Publishing 2000.lnk
[2011/06/28 00:27:27 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2011/06/28 00:27:25 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/28 00:27:23 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/28 00:27:21 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/06/28 00:27:11 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/28 00:27:10 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/28 00:27:09 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2011/06/28 00:27:09 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/06/28 00:27:08 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/06/28 00:27:07 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/28 00:27:06 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/28 00:27:05 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk
[2011/06/28 00:27:04 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader App.lnk
[2011/06/28 00:27:03 | 000,001,847 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Videora iPod Converter.lnk
[2011/06/28 00:27:03 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/06/28 00:27:02 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SonicStage.lnk
[2011/06/28 00:27:01 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/28 00:27:00 | 000,001,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung New PC Studio.lnk
[2011/06/28 00:26:59 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SAMSUNG Kies.lnk
[2011/06/28 00:26:58 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/28 00:26:57 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2011/06/28 00:26:57 | 000,001,543 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Works.lnk
[2011/06/28 00:26:56 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/28 00:26:55 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/28 00:26:54 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/28 00:26:53 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2011/06/28 00:26:52 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/27 23:58:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/27 23:58:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/27 23:58:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/27 23:58:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/27 23:58:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/27 23:20:05 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\HiJackThis.msi
[2011/06/27 23:14:31 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/17 18:08:50 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\fqinlgmr.dat
[2011/06/17 18:04:12 | 118,878,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/06/17 02:05:54 | 000,001,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\kjrmaunq.dat
[2011/06/17 02:05:18 | 000,001,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\ifitplbs.dat
[2011/06/17 02:04:50 | 000,001,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\wkwcqgnj.dat
[2011/06/17 02:04:23 | 000,001,394 | ---- | C] () -- C:\WINDOWS\System32\drivers\ibpoxgaw.dat
[2011/06/17 02:03:48 | 000,001,052 | ---- | C] () -- C:\WINDOWS\System32\drivers\bhkiknss.dat
[2011/06/17 02:02:26 | 000,000,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\jkfccsdk.dat
[2011/06/17 02:00:41 | 000,000,962 | ---- | C] () -- C:\WINDOWS\System32\drivers\muivskmc.dat
[2011/06/17 02:00:03 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\sbdmcqkx.dat
[2011/06/17 01:58:55 | 000,000,650 | ---- | C] () -- C:\WINDOWS\System32\drivers\urxqutuv.dat
[2011/06/17 01:57:01 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\ymesroji.dat
[2011/06/14 21:57:08 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\iExplore.exe
[2010/12/13 00:05:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/12 23:40:11 | 000,040,960 | R--- | C] () -- C:\WINDOWS\CleanDev.exe
[2010/12/12 18:55:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\sel3110.exe
[2010/12/12 18:55:22 | 000,032,528 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2010/08/19 23:52:40 | 000,300,632 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/13 07:31:10 | 000,005,384 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/12 17:15:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/06 00:32:44 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Aqeyujek.dat
[2010/07/06 00:32:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fcazogev.bin
[2009/12/28 14:38:00 | 000,062,732 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/09 03:08:10 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2009/11/09 03:08:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2009/11/09 03:08:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2009/11/09 03:08:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2009/10/19 23:29:22 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\$_hpcst$.hpc
[2009/10/19 22:12:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/10/19 22:12:04 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/10/12 21:59:02 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\David Roberts\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2009/02/01 21:19:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/01 21:19:47 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/12/28 23:28:29 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/14 16:05:42 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCIta.dll
[2008/10/14 16:05:08 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCFra.dll
[2008/10/14 16:04:36 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEsp.dll
[2008/10/14 16:04:02 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEng.dll
[2008/10/14 16:03:34 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCDeu.dll
[2008/10/06 16:49:36 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/04/14 14:58:40 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/02/18 12:38:02 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/18 12:38:01 | 000,003,452 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/01/28 22:35:48 | 000,125,392 | ---- | C] () -- C:\WINDOWS\bw6uinst.exe
[2007/12/30 01:41:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/12/30 01:38:45 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/02/15 23:54:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/02/09 12:05:59 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/11/18 00:01:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2006/10/12 00:14:55 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2006/09/10 18:16:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/16 22:27:17 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/05/01 21:16:51 | 000,000,283 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/04 18:37:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/01/24 19:08:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/01/14 23:13:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/01/08 21:46:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/01/08 01:27:33 | 000,030,896 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\wklnhst.dat
[2006/01/08 01:06:13 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2006/01/08 01:06:13 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2006/01/08 01:06:13 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2006/01/08 01:05:22 | 000,030,605 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/01/08 01:05:22 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/01/08 01:05:22 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/01/08 01:02:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX6600E.ini
[2005/11/23 05:00:00 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/12 22:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/04 09:08:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/04 09:08:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/04 09:08:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/04 09:08:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/04 09:08:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/04 09:08:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/04 08:54:54 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/07/01 12:47:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 14:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 14:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 14:10:30 | 000,441,772 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 14:10:30 | 000,071,708 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 14:10:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 14:02:54 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 13:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 13:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/05/28 09:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 09:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2011/06/28 21:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2008/01/04 19:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/01/11 23:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/12 20:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/12/12 22:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Driver Pro
[2011/03/23 23:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/10/12 20:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2011/06/27 23:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/28 19:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2010/08/19 23:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/19 23:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/06/27 18:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/05 18:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2006/01/08 01:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/03/26 13:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/04/06 00:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2011/01/05 20:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/27 23:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/17 09:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/02/22 21:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Alweam
[2010/01/24 21:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Amazon
[2011/06/17 01:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\AVG10
[2008/01/28 00:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\BitTorrent
[2007/01/12 12:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\CyberScrub
[2010/08/30 23:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Ecyni
[2010/09/12 09:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Eqhu
[2010/12/22 11:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Fovooh
[2011/03/16 23:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\GARMIN
[2010/08/07 00:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Girew
[2011/02/22 22:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Ibvuly
[2006/05/29 23:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\ICS
[2005/12/30 07:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\InterVideo
[2006/01/01 08:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\OLYMPUS
[2010/09/04 23:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Orun
[2010/08/20 00:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\PC Suite
[2011/05/16 00:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\PCToolsFirewallPlus
[2010/12/23 09:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Raexu
[2010/08/21 12:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Raywup
[2009/12/28 11:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Red Kawa
[2009/12/28 12:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Regensoft
[2009/10/19 23:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Samsung
[2006/01/08 21:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Smart Panel
[2006/09/06 23:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Snapfish
[2010/08/29 22:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Soon
[2011/05/22 01:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Spotify
[2006/01/08 01:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Template
[2007/11/25 11:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Thunderbird
[2006/10/12 00:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\TrojanHunter
[2010/02/05 20:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Trusteer
[2010/09/10 19:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Tybee
[2010/09/10 18:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Ufola
[2009/08/08 13:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Uniblue
[2009/07/20 09:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Unity
[2008/12/12 20:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\uTorrent
[2006/05/29 23:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Roberts\Application Data\Vodafone Mobile Connect
[2010/08/26 09:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Roberts\Application Data\Agsau
[2011/01/16 09:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Roberts\Application Data\AVG10
[2010/10/21 19:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Roberts\Application Data\Huhao
[2010/08/25 09:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Roberts\Application Data\Ozfauf
[2010/09/02 21:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Roberts\Application Data\Qoyfb
[2010/01/13 19:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Roberts\Application Data\Regensoft
[2010/02/09 08:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Roberts\Application Data\Trusteer
[2010/10/22 10:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Roberts\Application Data\Ypozd
[2010/08/31 09:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nathan Roberts\Application Data\Zuuf
[2010/02/08 18:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2011/01/13 10:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\AVG10
[2008/08/31 21:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/02 21:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\Ebibyb
[2011/04/04 21:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\FinalTorrent
[2006/03/06 22:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\InterVideo
[2010/09/02 10:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\Nuakno
[2006/03/12 23:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\OLYMPUS
[2010/08/20 12:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\PC Suite
[2011/05/22 08:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\PCToolsFirewallPlus
[2009/10/19 22:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\Samsung
[2006/01/22 23:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\Smart Panel
[2010/09/05 14:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\SmartDraw
[2009/01/11 12:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\Snapfish
[2006/01/07 23:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\Template
[2007/11/30 00:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\Thunderbird
[2010/02/05 18:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samantha Roberts\Application Data\Trusteer
[2011/06/28 21:20:27 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/27 22:05:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{27FF52A0-9509-4DD6-A1FD-E8ADFEA13033}.job
[2011/06/27 19:24:22 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2F101100-00B3-42AC-896F-CF4BCEB79A51}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt:�SummaryInformation
@Alternate Data Stream - 668 bytes -> C:\WINDOWS\System32\drivers\shkjagao.sys:changelist
@Alternate Data Stream - 634462 bytes -> C:\WINDOWS\System32\EPUSB1: (EPSON Stylus CX6600)
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Lets see whats left over after this fix and I may have you check a few files, looks like you have ERUNT already so you can use it to make a back up prior to the fix.
I am also seeing markers in your log for both Norton and AVG antivirus, you only need one, which one do you want to remove ?
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
IE - HKU\S-1-5-21-1382785856-1798376066-795083379-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
[2011/06/17 02:05:55 | 000,001,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\kjrmaunq.dat
[2011/06/17 02:05:19 | 000,001,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\ifitplbs.dat
[2011/06/17 02:04:50 | 000,001,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\wkwcqgnj.dat
[2011/06/17 02:04:23 | 000,001,394 | ---- | M] () -- C:\WINDOWS\System32\drivers\ibpoxgaw.dat
[2011/06/17 02:03:48 | 000,001,052 | ---- | M] () -- C:\WINDOWS\System32\drivers\bhkiknss.dat
[2011/06/17 02:02:27 | 000,000,852 | ---- | M] () -- C:\WINDOWS\System32\drivers\jkfccsdk.dat
[2011/06/17 02:00:43 | 000,000,962 | ---- | M] () -- C:\WINDOWS\System32\drivers\muivskmc.dat
[2011/06/17 02:00:03 | 000,000,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\sbdmcqkx.dat
[2011/06/17 01:58:56 | 000,000,650 | ---- | M] () -- C:\WINDOWS\System32\drivers\urxqutuv.dat
[2011/06/17 01:57:01 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\drivers\ymesroji.dat
:Services
:Reg
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
1st log:-
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1382785856-1798376066-795083379-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\WINDOWS\system32\drivers\kjrmaunq.dat moved successfully.
C:\WINDOWS\system32\drivers\ifitplbs.dat moved successfully.
C:\WINDOWS\system32\drivers\wkwcqgnj.dat moved successfully.
C:\WINDOWS\system32\drivers\ibpoxgaw.dat moved successfully.
C:\WINDOWS\system32\drivers\bhkiknss.dat moved successfully.
C:\WINDOWS\system32\drivers\jkfccsdk.dat moved successfully.
C:\WINDOWS\system32\drivers\muivskmc.dat moved successfully.
C:\WINDOWS\system32\drivers\sbdmcqkx.dat moved successfully.
C:\WINDOWS\system32\drivers\urxqutuv.dat moved successfully.
C:\WINDOWS\system32\drivers\ymesroji.dat moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
IP Address. . . . . . . . . . . . : fe80::215:ff:fe2d:e546%4
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
IP Address. . . . . . . . . . . . : fe80::20a:e4ff:fed9:e6a0%5
Default Gateway . . . . . . . . . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6
Default Gateway . . . . . . . . . :
C:\Documents and Settings\David Roberts\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\David Roberts\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::215:ff:fe2d:e546%4
Default Gateway . . . . . . . . . : 192.168.0.1
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::20a:e4ff:fed9:e6a0%5
Default Gateway . . . . . . . . . : 192.168.0.1
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6
Default Gateway . . . . . . . . . :
C:\Documents and Settings\David Roberts\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\David Roberts\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\David Roberts\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\David Roberts\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 898 bytes
User: All Users
User: David Roberts
->Temp folder emptied: 229401 bytes
->Temporary Internet Files folder emptied: 26411200 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 30652 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Elen Roberts
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Nathan Roberts
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 6224 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Samantha Roberts
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 59911 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6154 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 116313 bytes
Total Files Cleaned = 26.00 mb
OTL by OldTimer - Version 3.2.24.1 log created on 06282011_232042
2nd log:-
OTL logfile created on: 28/06/2011 23:44:03 - Run 7
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\David Roberts\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 82.33% Memory free
2.58 Gb Paging File | 2.38 Gb Available in Paging File | 92.16% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 4.33 Gb Free Space | 5.80% Space Free | Partition Type: NTFS
Computer Name: LAPTOP1 | User Name: David Roberts | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\David Roberts\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\David Roberts\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- File not found
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\incdsrv.exe (AHEAD Software)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
========== Driver Services (SafeList) ==========
DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (nokiackx) -- C:\WINDOWS\system32\drivers\nokiackx.sys (CSR)
DRV - (pctNdisMP) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (pctNdis) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\WINDOWS\system32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (ovt519) -- C:\WINDOWS\system32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (G3GRUMDM) -- C:\WINDOWS\system32\drivers\g3grumdm.sys (Option N.V.)
DRV - (G3GRUSER) -- C:\WINDOWS\system32\drivers\g3gruser.sys (Option N.V.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)
DRV - (odysseyIM3) -- C:\WINDOWS\system32\drivers\odysseyIM3.sys (Funk Software, Inc.)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\incdpass.sys (Ahead Software)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\incdfs.sys (Ahead Software)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\incdrm.sys (Ahead Software AG)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Company)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\extensions\\{184CA625-3265-40F7-98DA-F49D55AE2F79}: C:\Documents and Settings\Elen Roberts\Local Settings\Application Data\{184CA625-3265-40F7-98DA-F49D55AE2F79}
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/05 19:32:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/05/16 19:47:46 | 000,000,000 | ---D | M]
[2008/03/03 18:31:43 | 000,000,000 | ---D | M] (Talkback) -- C:\PROGRAM FILES\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG
O1 HOSTS File: ([2011/06/28 23:20:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [\BEDROOM\CX6600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [\BEDROOM\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [\BEDROOM\EPSON CX6600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX6600 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\WINDOWS\Installer\{F128BA10-362E-11D3-81AB-00C04FB932BA}\4EBD23F5.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VideoCam Suite.lnk = C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} http://www.partsarena.co.uk/baxi/Plugins/IMIESRCH.cab (SearchCD Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} http://www.partsarena.com/baxi/Plugins/GFXVIEW.cab (GrafixViewControl)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240350071421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240349950203 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/28 23:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Roberts\Desktop\erunt
[2011/06/28 22:11:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/28 01:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/27 23:58:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/27 23:58:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/27 23:58:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/27 23:58:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/27 23:57:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/27 23:52:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/27 23:48:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/27 23:46:31 | 004,127,961 | R--- | C] (Swearware) -- C:\Documents and Settings\David Roberts\Desktop\ComboFix.exe
[2011/06/27 23:12:58 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\David Roberts\My Documents\mbam-setup-1.51.0.1200.exe
[2011/06/17 18:41:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/17 02:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Roberts\Local Settings\Application Data\PCHealth
[2011/06/17 01:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Roberts\Application Data\AVG10
[2011/06/17 01:36:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/06/16 23:28:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David Roberts\Recent
[2011/06/14 20:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Roberts\My Documents\attach
[2011/06/14 20:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Roberts\My Documents\dds
[2011/06/14 20:03:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David Roberts\Start Menu\Programs\Administrative Tools
[2011/06/14 20:03:30 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\David Roberts\Desktop\dds.scr
[2011/06/13 20:45:32 | 000,041,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\shkjagao.sys
[2011/06/13 00:40:26 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[2011/06/04 15:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[5 C:\Documents and Settings\David Roberts\My Documents\*.tmp files -> C:\Documents and Settings\David Roberts\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\David Roberts\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\David Roberts\Local Settings\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/28 23:37:08 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/28 23:36:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/28 23:31:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 23:20:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/28 23:14:08 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\erunt.zip
[2011/06/28 22:03:13 | 000,030,896 | ---- | M] () -- C:\Documents and Settings\David Roberts\Application Data\wklnhst.dat
[2011/06/28 21:25:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Roberts\Desktop\OTL.exe
[2011/06/27 23:46:38 | 004,127,961 | R--- | M] (Swearware) -- C:\Documents and Settings\David Roberts\Desktop\ComboFix.exe
[2011/06/27 23:20:07 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\HiJackThis.msi
[2011/06/27 23:14:31 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/27 23:13:09 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\David Roberts\My Documents\mbam-setup-1.51.0.1200.exe
[2011/06/27 22:05:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{27FF52A0-9509-4DD6-A1FD-E8ADFEA13033}.job
[2011/06/27 21:15:32 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/27 19:24:22 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2F101100-00B3-42AC-896F-CF4BCEB79A51}.job
[2011/06/27 18:39:30 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/27 18:34:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/25 00:28:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/17 20:10:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 18:08:50 | 000,000,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\fqinlgmr.dat
[2011/06/17 18:04:12 | 118,878,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/06/17 01:31:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011/06/16 23:28:16 | 000,005,384 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/14 21:57:10 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\iExplore.exe
[2011/06/14 20:03:32 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\David Roberts\Desktop\dds.scr
[2011/06/14 20:00:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\David Roberts\Desktop\erunt-setup.exe
[2011/06/14 07:51:29 | 000,000,328 | -HS- | M] () -- C:\boot.ini
[2011/06/13 21:22:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2011/06/13 20:45:32 | 000,041,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\shkjagao.sys
[2011/06/12 14:06:32 | 000,005,007 | ---- | M] () -- C:\Documents and Settings\David Roberts\Desktop\AFC COLWYN AFC Colwyn Under 8s.url
[2011/06/12 12:10:23 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
[2011/06/09 18:18:05 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[5 C:\Documents and Settings\David Roberts\My Documents\*.tmp files -> C:\Documents and Settings\David Roberts\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\David Roberts\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\David Roberts\Local Settings\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/28 23:15:54 | 000,163,328 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\ERDNT.E_E
[2011/06/28 23:15:54 | 000,157,696 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\ERUNT.EXE
[2011/06/28 23:15:54 | 000,140,288 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\NTREGOPT.EXE
[2011/06/28 23:15:54 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\AUTOBACK.EXE
[2011/06/28 23:15:54 | 000,005,417 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\LOC_GER.ZIP
[2011/06/28 23:15:54 | 000,004,090 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\ERUNT.LOC
[2011/06/28 23:15:54 | 000,003,275 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\ERDNTWIN.LOC
[2011/06/28 23:15:54 | 000,002,815 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\ERDNTDOS.LOC
[2011/06/28 23:15:54 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\NTREGOPT.LOC
[2011/06/28 23:14:06 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\erunt.zip
[2011/06/28 00:35:08 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/06/28 00:35:07 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VideoCam Suite.lnk
[2011/06/28 00:35:05 | 000,002,565 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
[2011/06/28 00:35:03 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/06/28 00:35:01 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/06/28 00:27:48 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/28 00:27:46 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/28 00:27:44 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/06/28 00:27:42 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\RealPlayer.lnk
[2011/06/28 00:27:41 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\My Bluetooth Places.lnk
[2011/06/28 00:27:39 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/06/28 00:27:37 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2011/06/28 00:27:35 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/06/28 00:27:34 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2011/06/28 00:27:32 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/28 00:27:30 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/06/28 00:27:28 | 000,001,629 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Home Publishing 2000.lnk
[2011/06/28 00:27:27 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2011/06/28 00:27:25 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/28 00:27:23 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/28 00:27:21 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/06/28 00:27:11 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/28 00:27:10 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/28 00:27:09 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2011/06/28 00:27:09 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/06/28 00:27:08 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/06/28 00:27:07 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/28 00:27:06 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/28 00:27:05 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk
[2011/06/28 00:27:04 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader App.lnk
[2011/06/28 00:27:03 | 000,001,847 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Videora iPod Converter.lnk
[2011/06/28 00:27:03 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/06/28 00:27:02 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SonicStage.lnk
[2011/06/28 00:27:01 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/28 00:27:00 | 000,001,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung New PC Studio.lnk
[2011/06/28 00:26:59 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SAMSUNG Kies.lnk
[2011/06/28 00:26:58 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/28 00:26:57 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2011/06/28 00:26:57 | 000,001,543 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Works.lnk
[2011/06/28 00:26:56 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/28 00:26:55 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/28 00:26:54 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/28 00:26:53 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2011/06/28 00:26:52 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/27 23:58:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/27 23:58:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/27 23:58:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/27 23:58:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/27 23:58:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/27 23:20:05 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\HiJackThis.msi
[2011/06/27 23:14:31 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/17 18:08:50 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\fqinlgmr.dat
[2011/06/17 18:04:12 | 118,878,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/06/14 21:57:08 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\David Roberts\Desktop\iExplore.exe
[2010/12/13 00:05:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/12 23:40:11 | 000,040,960 | R--- | C] () -- C:\WINDOWS\CleanDev.exe
[2010/12/12 18:55:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\sel3110.exe
[2010/12/12 18:55:22 | 000,032,528 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2010/08/19 23:52:40 | 000,300,632 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/13 07:31:10 | 000,005,384 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/12 17:15:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/06 00:32:44 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Aqeyujek.dat
[2010/07/06 00:32:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fcazogev.bin
[2009/12/28 14:38:00 | 000,062,732 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/09 03:08:10 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2009/11/09 03:08:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2009/11/09 03:08:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2009/11/09 03:08:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2009/10/19 23:29:22 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\$_hpcst$.hpc
[2009/10/19 22:12:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/10/19 22:12:04 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/10/12 21:59:02 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\David Roberts\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2009/02/01 21:19:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/01 21:19:47 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/12/28 23:28:29 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/14 16:05:42 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCIta.dll
[2008/10/14 16:05:08 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCFra.dll
[2008/10/14 16:04:36 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEsp.dll
[2008/10/14 16:04:02 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEng.dll
[2008/10/14 16:03:34 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCDeu.dll
[2008/10/06 16:49:36 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/04/14 14:58:40 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/02/18 12:38:02 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/18 12:38:01 | 000,003,452 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/01/28 22:35:48 | 000,125,392 | ---- | C] () -- C:\WINDOWS\bw6uinst.exe
[2007/12/30 01:41:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/12/30 01:38:45 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/02/15 23:54:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/02/09 12:05:59 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/11/18 00:01:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2006/10/12 00:14:55 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2006/09/10 18:16:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/16 22:27:17 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/05/01 21:16:51 | 000,000,283 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/04 18:37:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/01/24 19:08:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/01/14 23:13:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/01/08 21:46:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/01/08 01:27:33 | 000,030,896 | ---- | C] () -- C:\Documents and Settings\David Roberts\Application Data\wklnhst.dat
[2006/01/08 01:06:13 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2006/01/08 01:06:13 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2006/01/08 01:06:13 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2006/01/08 01:05:22 | 000,030,605 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/01/08 01:05:22 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/01/08 01:05:22 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/01/08 01:02:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX6600E.ini
[2005/11/23 05:00:00 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/12 22:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/04 09:08:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/04 09:08:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/04 09:08:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/04 09:08:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/04 09:08:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/04 09:08:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/04 08:54:54 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/07/01 12:47:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 14:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 14:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 14:10:30 | 000,441,772 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 14:10:30 | 000,071,708 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 14:10:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 14:02:54 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 13:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 13:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/05/28 09:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 09:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt:�SummaryInformation
@Alternate Data Stream - 668 bytes -> C:\WINDOWS\System32\drivers\shkjagao.sys:changelist
@Alternate Data Stream - 634462 bytes -> C:\WINDOWS\System32\EPUSB1: (EPSON Stylus CX6600)
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Think I would prefer to keep AVG anti virus allthough I did try Microsoft Security Essentials and had PC Tools Firewall, both seemed ok.
All seem to slow things down a little!
As far as AV, you can keep whatever your comfortable with. I installed Microsoft Security Essentials on about 3 systems and removed it because it seemed to choke those systems.
Lets just check this file
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
C:\WINDOWS\System32\drivers\shkjagao.sys
If the site is busy you can try this one
http://virusscan.jotti.org/en
File name: shkjagao.sys
Submission date: 2011-06-28 23:23:57 (UTC)
Current status: finished
Result: 0 /42 (0.0%)
VT Community
not reviewed
Safety score: -
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.06.29.00 2011.06.28 -
AntiVir 7.11.10.141 2011.06.28 -
Antiy-AVL 2.0.3.7 2011.06.27 -
Avast 4.8.1351.0 2011.06.28 -
Avast5 5.0.677.0 2011.06.28 -
AVG 10.0.0.1190 2011.06.29 -
BitDefender 7.2 2011.06.29 -
CAT-QuickHeal 11.00 2011.06.28 -
ClamAV 0.97.0.0 2011.06.28 -
Commtouch 5.3.2.6 2011.06.28 -
Comodo 9216 2011.06.29 -
DrWeb 5.0.2.03300 2011.06.28 -
eSafe 7.0.17.0 2011.06.28 -
eTrust-Vet 36.1.8413 2011.06.28 -
F-Prot 4.6.2.117 2011.06.28 -
F-Secure 9.0.16440.0 2011.06.28 -
Fortinet 4.2.257.0 2011.06.28 -
GData 22 2011.06.29 -
Ikarus T3.1.1.104.0 2011.06.28 -
Jiangmin 13.0.900 2011.06.28 -
K7AntiVirus 9.106.4851 2011.06.28 -
Kaspersky 9.0.0.837 2011.06.28 -
McAfee 5.400.0.1158 2011.06.29 -
McAfee-GW-Edition 2010.1D 2011.06.28 -
Microsoft 1.7000 2011.06.28 -
NOD32 6248 2011.06.29 -
Norman 6.07.10 2011.06.28 -
nProtect 2011-06-28.01 2011.06.28 -
Panda 10.0.3.5 2011.06.28 -
PCTools 8.0.0.5 2011.06.29 -
Prevx 3.0 2011.06.29 -
Rising 23.64.01.03 2011.06.28 -
Sophos 4.66.0 2011.06.29 -
SUPERAntiSpyware 4.40.0.1006 2011.06.29 -
Symantec 20111.1.0.186 2011.06.29 -
TheHacker 6.7.0.1.244 2011.06.28 -
TrendMicro 9.200.0.1012 2011.06.28 -
TrendMicro-HouseCall 9.200.0.1012 2011.06.29 -
VBA32 3.12.16.3 2011.06.28 -
VIPRE 9722 2011.06.29 -
ViRobot 2011.6.28.4538 2011.06.28 -
VirusBuster 14.0.100.0 2011.06.28 -
Additional informationShow all
MD5 : 58e61ef6103adaae6cef20ef28fe5a42
SHA1 : 9a3d727c131308f59bc4e804fe1b79d907684b61
SHA256: 8df74468e26f7756b2ff5e75e1d83345226882a8ae2da08e251963c819ca3c5c
ssdeep: 384:AfIer1FxU4zQaDh+ZiAnFJ1wHxXvjX3hwsWaquQoPRbjZd1tWkAW1LXci2jXHUW:jPb++Zi
0Cn9muQo/FfMi2jXHUW
File size : 41680 bytes
First seen: 2010-10-05 18:20:54
Last seen : 2011-06-28 23:23:57
Magic: PE32 executable for MS Windows (native) Intel 80386 32-bit
TrID:
Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft Malware Protection
description..: Boot Time Removal Tool
original name: BTR.sys
internal name: BootTimeRemoval
file version.: 1.1.1012.0
comments.....: n/a
signers......: Microsoft Corporation
Microsoft Code Signing PCA
Microsoft Root Authority
signing date.: 6:59 PM 8/31/2010
verified.....: -
PEiD: -
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x81B4
timedatestamp....: 0x4C7D34CC (Tue Aug 31 16:58:52 2010)
machinetype......: 0x14C (Intel I386)
[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x480, 0x4B06, 0x4B80, 5.76, 7e64d6d790e2226ec2d1886d47a62568
.rdata, 0x5000, 0x2E5B, 0x2E80, 7.61, 8cda63485735955f0da1f60ef61350f1
.data, 0x7E80, 0x2F0, 0x300, 1.21, 2809a485633845ac0eb372532e2bbcb8
INIT, 0x8180, 0x230, 0x280, 4.88, 2eb5a753cb61168b002ad1c8e1020c95
.rsrc, 0x8400, 0x3A8, 0x400, 3.06, 15c0d6a2e82cabaeb45ca1530c370893
.reloc, 0x8800, 0x332, 0x380, 5.27, 245d1a0197aaa4e6d6413fe8dd19835c
[[ 1 import(s) ]]
ntoskrnl.exe: RtlInitUnicodeString, ZwOpenKey, ZwDeleteKey, NtClose, ZwDeleteValueKey, ZwCreateKey, ZwSetValueKey, ZwQueryValueKey, _vsnwprintf, NtCreateFile, NtOpenFile, NtReadFile, NtWriteFile, NtQueryInformationFile, NtSetInformationFile, ZwDeleteFile, ZwClose, ExAllocatePoolWithTag, ExFreePoolWithTag, KeTickCount, KeBugCheckEx
Androguard:
-
ExifTool:
-
Symantec reputation:Suspicious.Insight
Looks ok, how are things running now, any better ?
Hi Ken,
Looking better but I can only access the internet via safe mode with networking.
On normal start up I get the "HP wireless assistant is not supported on this machine" and also "Failed FsUsbExService, No existing FsUsbExDevice"
Normal mode is also very slow.
Thanks
Dave:scratch:
Dave, what I would do is to reinstall HP wireless assistant , as far as your computer being slow, why dont you post here for slow computers and network problems
http://forums.whatthetech.com/index.php?showforum=128
Let me know how it went
Ken,
I think I have figured part of the problem - PC Tools Firewall Plus was blocking stuff, so I have changed some settings and will see how it is over the next 48hrs. If no better I will create a post at whatthetech.
Thanks for your help once again!
Is there any more mopping up to do?
Dave:thanks:
Well, post back and let me know how its going
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
Malwarebytes is the free version and yours to keep and will not be removed
Keeping your Java updated is very important to the security of your system, info here on how to update
http://forums.spybot.info/showpost.php?p=12880&postcount=2
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Hi Ken,
Not had error messages regarding HP wireless assistant or Failed FsUsbExService since changing the settings in the Firewall so looks like that has cracked it.
Thanks for your help once again!
Regards
Dave:thanks:
Your very welcome DAVE,
Take care,
Ken :)