Java.Trojan.Downloader Problems

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages
←
1
2
3

You cannot start a new topic
This topic is locked

Java.Trojan.Downloader Problems Log file information following initial enquiry

#31 cumbiebob

Member

Group: Members
Posts: 33
Joined: 25-October 10

Posted 24 May 2011 - 05:11 PM

Ok that seemed to work without any obvious problems, so what now?

Cumbiebob

This post has been edited by cumbiebob: 24 May 2011 - 05:38 PM

#32 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 24 May 2011 - 05:58 PM

Run a new scan with aswMBR for me and post the log.

As well as a new OTL scan:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following code into the textbox.

netsvcs
drivers32
hklm\software\clients\startmenuinternet|command /rs
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Push the button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#33 cumbiebob

Member

Group: Members
Posts: 33
Joined: 25-October 10

Posted 25 May 2011 - 04:24 AM

Hi SweetTech

Things seem to be improving, I ran aswMBR and the scan is below:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-25 10:08:46
-----------------------------
10:08:46.968 OS Version: Windows 5.1.2600 Service Pack 3
10:08:46.968 Number of processors: 1 586 0x1F00
10:08:46.968 ComputerName: YOUR-52F45BF7AC UserName: Robert
10:08:47.828 Initialize success
10:08:57.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\fasttx2k1Port3Path0Target0Lun0
10:08:57.093 Disk 0 Vendor: Promise_ 1.10 Size: 194480MB BusType: 1
10:08:57.187 Disk 0 MBR read successfully
10:08:57.187 Disk 0 MBR scan
10:08:57.187 Disk 0 Windows XP default MBR code
10:08:57.218 Disk 0 scanning sectors +398283480
10:08:57.406 Disk 0 scanning C:\WINDOWS\system32\drivers
10:09:13.796 Service scanning
10:09:14.890 Disk 0 trace - called modules:
10:09:14.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll fasttx2k.sys
10:09:14.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad67ab8]
10:09:14.906 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\Scsi\fasttx2k1Port3Path0Target0Lun0[0x8ad84030]
10:09:14.906 Scan finished successfully
10:09:30.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Robert\Desktop\MBR.dat"
10:09:30.484 The log file has been saved successfully to "C:\Documents and Settings\Robert\Desktop\aswMBR.txt"

I ran OTL and its scan is below:

OTL logfile created on: 25/05/2011 09:00:55 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 185.52 Gb Total Space | 111.78 Gb Free Space | 60.25% Space Free | Partition Type: NTFS

Computer Name: YOUR-52F45BF7AC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/19 09:01:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/03/25 13:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2011/03/25 13:34:00 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
PRC - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
PRC - [2011/03/23 14:12:34 | 002,032,952 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
PRC - [2010/01/04 12:17:30 | 000,377,576 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\RPS.exe
PRC - [2010/01/04 12:17:30 | 000,165,408 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
PRC - [2010/01/04 12:16:30 | 000,371,920 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\Fws.exe
PRC - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
PRC - [2009/04/07 03:01:34 | 000,193,024 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Switch Mouse Driver\KMWDSrv.exe
PRC - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/23 06:51:42 | 000,614,400 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2005/05/28 20:26:10 | 000,006,656 | ---- | M] (Qurb, Inc.) -- C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe

========== Modules (SafeList) ==========

MOD - [2011/05/19 09:01:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/05/28 20:26:09 | 000,057,344 | ---- | M] (Qurb, Inc.) -- C:\Program Files\Qurb\QSP-3.0.311.7\QOEHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2010/09/23 15:48:14 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll -- (scan)
SRV - [2010/01/04 12:17:30 | 000,165,408 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/01/04 12:16:30 | 000,371,920 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Security\Fws.exe -- (RP_FWS)
SRV - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/06/08 12:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/06/08 12:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2009/04/07 03:01:34 | 000,193,024 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Switch Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)

========== Driver Services (SafeList) ==========

DRV - [2011/02/07 21:23:12 | 000,298,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2010/11/02 01:08:15 | 000,007,180 | ---- | M] (Wistron) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\a2ptbtn.sys -- (HBtnKey)
DRV - [2010/10/31 19:17:09 | 001,223,040 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVerA706.sys -- (AVerA706)
DRV - [2010/10/31 19:16:29 | 004,122,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2010/10/31 19:15:19 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2010/10/31 18:53:19 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/10/31 18:52:50 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/05/20 20:13:35 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/26 09:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys -- (Trufos)
DRV - [2009/11/26 09:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys -- (Profos)
DRV - [2009/11/02 15:27:02 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/11/02 15:27:02 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/11/02 15:27:02 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)
DRV - [2009/11/02 15:27:02 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)
DRV - [2009/10/23 13:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/06/08 10:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/05/07 11:43:38 | 000,016,256 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMHSCALEV1.sys -- (KMHSCALEV1)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/05/27 02:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2008/05/26 16:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/10/25 17:26:10 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/10/16 14:36:04 | 002,329,216 | ---- | M] (Digital Camera) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ca810av.sys -- (Ca810av)
DRV - [2007/08/02 12:35:46 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ACRUSBTM.SYS -- (ACRUSBTM)
DRV - [2007/03/05 10:53:30 | 001,176,192 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x)
DRV - [2007/01/12 09:55:20 | 000,380,416 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2006/12/21 05:12:10 | 000,030,208 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2006/10/30 11:51:40 | 000,067,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/10/30 11:51:34 | 000,047,875 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/10/30 11:51:30 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/05/03 12:07:05 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/12/08 11:24:34 | 000,032,782 | R--- | M] (USB Com port.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser120.sys -- (SER120)
DRV - [2004/08/03 11:10:34 | 000,062,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv)
DRV - [2004/07/29 16:29:58 | 000,211,072 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/07/06 17:06:46 | 000,188,416 | ---- | M] (Pinnacle Systems GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw)
DRV - [2004/02/09 15:27:04 | 000,097,857 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\SI3114R.sys -- (SI3114r)
DRV - [2003/11/28 18:34:40 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2003/11/07 05:00:00 | 000,035,328 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/08/06 10:43:04 | 000,159,744 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/08/01 14:47:24 | 000,029,239 | ---- | M] (Pinnacle Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vobid.sys -- (VOBID)
DRV - [2003/05/09 16:55:02 | 000,089,749 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2003/02/12 13:37:48 | 000,009,600 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2003/01/08 21:42:44 | 000,022,144 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/01/08 21:40:24 | 000,167,168 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/01/08 21:39:34 | 000,617,600 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/01/08 21:38:26 | 001,068,032 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/09/09 19:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Robert/My%20Documents/Webpages/Blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2011/05/20 08:55:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe (Qurb, Inc.)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKLM..\RunOnce: [IndexCleaner] C:\Program Files\Virgin Media\Security\IdxClnR.exe (Virgin Media)
O4 - HKCU..\RunOnce: [IndexCleaner] C:\Program Files\Virgin Media\Security\IdxClnR.exe (Virgin Media)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: garmin.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: rbsdigital.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} http://eastquick.bsky.net/qp2.cab (QuickPlace Class)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15015/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115588676203 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230919606609 (MUWebControl Class)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab (PreQualifier Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15016/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/21 15:58:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/24 10:53:31 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/05/20 09:40:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/20 07:43:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/20 07:39:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/20 07:39:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/20 07:39:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/20 07:39:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/20 07:37:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/20 07:36:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/20 07:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Desktop\Bleeping
[2011/05/19 16:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/19 16:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/19 16:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/05/19 16:08:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/19 09:00:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2011/05/11 13:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\SUPERAntiSpyware.com
[2011/05/11 11:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Malwarebytes
[2011/05/11 10:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/11 10:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/11 10:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/11 09:36:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/11 09:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/11 09:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/11 09:36:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/11 09:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/09 09:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Radialpoint
[2011/05/09 09:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Virgin Media
[2011/05/05 13:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/05 12:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/05 12:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 08:52:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 08:51:40 | 000,179,070 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/25 08:51:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/25 08:51:19 | 2683,609,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/24 22:57:31 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{54D96064-2D58-43FB-A163-6A5FEA55DCAF}.job
[2011/05/24 11:17:57 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/24 11:17:07 | 000,019,527 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\basicinfo.rtf
[2011/05/22 17:16:17 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/21 10:47:36 | 000,176,781 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\FlybePreconfirm.pdf
[2011/05/20 08:55:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/20 07:43:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/19 14:45:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/19 09:01:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2011/05/19 08:53:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/15 10:54:24 | 000,058,786 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\continentalFlightInfo.pdf
[2011/05/15 10:52:57 | 000,044,938 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\flybeflightinfo.pdf
[2011/05/14 12:02:20 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/05/14 10:31:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Robert\defogger_reenable
[2011/05/13 13:41:48 | 000,435,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110519-195712.backup
[2011/05/13 12:52:16 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/13 12:52:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/13 12:52:11 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/11 17:03:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/10 16:53:54 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\thxcfg.ini
[2011/05/09 09:00:11 | 000,001,881 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Digital Home Support.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/24 11:17:07 | 000,019,527 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\basicinfo.rtf
[2011/05/22 17:16:17 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/22 17:16:17 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/21 10:47:34 | 000,176,781 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\FlybePreconfirm.pdf
[2011/05/20 07:43:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/20 07:43:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/20 07:39:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/20 07:39:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/20 07:39:24 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/20 07:39:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/20 07:39:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/19 08:46:48 | 2683,609,088 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/15 10:54:23 | 000,058,786 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\continentalFlightInfo.pdf
[2011/05/15 10:52:54 | 000,044,938 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\flybeflightinfo.pdf
[2011/05/14 10:31:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Robert\defogger_reenable
[2011/05/11 11:33:01 | 000,001,882 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AVerQuick.lnk
[2011/05/11 11:33:01 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.disabled
[2011/05/10 16:53:54 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2011/05/09 09:00:11 | 000,001,881 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Digital Home Support.lnk
[2011/05/05 12:05:48 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/07 20:14:41 | 000,038,476 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\Comma Separated Values (Windows).ADR
[2010/12/29 22:47:14 | 000,230,802 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/09/05 10:50:06 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2010/08/01 23:38:27 | 000,287,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/30 08:28:39 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2010/03/21 19:36:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\ACRUSBTM.SYS
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2009/12/29 14:05:31 | 000,014,108 | ---- | C] () -- C:\WINDOWS\twspmm.ini
[2009/12/29 14:05:30 | 000,002,932 | ---- | C] () -- C:\WINDOWS\Dext810A.ini
[2009/10/21 13:20:08 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
[2009/09/10 22:18:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/09/10 22:18:34 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/09/10 22:18:23 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\$_hpcst$.hpc
[2009/09/10 19:06:30 | 037,856,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/09/10 19:06:30 | 001,312,800 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/03/21 23:25:57 | 000,000,127 | ---- | C] () -- C:\WINDOWS\lwcprefs.ini
[2009/03/06 14:04:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009/03/06 14:03:22 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2009/03/06 14:03:22 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2009/03/06 14:03:10 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2009/03/06 14:03:10 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2008/11/28 18:58:21 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ExplorerXP.INI
[2008/05/26 10:47:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/03 21:23:23 | 000,001,881 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2007/09/01 11:50:14 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2007/08/06 21:40:35 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/06 21:40:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/21 23:05:09 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\CtSACKey.sys
[2006/11/11 22:50:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/09/20 22:39:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/09/20 22:39:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
[2006/09/17 16:05:21 | 000,047,988 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2006/08/20 16:18:02 | 000,038,467 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\Comma Separated Values (DOS).ADR
[2005/12/26 12:55:13 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/25 14:35:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps(2).dll
[2005/12/25 14:35:01 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/11/13 00:23:09 | 000,000,070 | ---- | C] () -- C:\WINDOWS\02F55490.ini
[2005/11/13 00:12:59 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\mcc16.dll
[2005/11/13 00:09:24 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/11/03 20:10:13 | 000,072,192 | ---- | C] () -- C:\WINDOWS\unlite3.exe
[2005/05/27 14:20:49 | 000,000,197 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/05/20 21:09:52 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2005/05/16 18:03:46 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/12 19:40:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\chssbase.ini
[2005/05/03 12:32:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/03 12:10:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/03 12:06:52 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2005/05/03 12:06:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/03 12:06:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/03/29 17:07:56 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/03/29 17:07:56 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/03/29 17:07:56 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/03/29 17:07:55 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/03/29 17:07:55 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005/03/29 17:07:55 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/03/29 17:07:55 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/03/29 17:07:55 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/03/29 17:07:55 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/03/29 17:07:55 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/21 23:41:10 | 000,004,476 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/21 23:40:33 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/21 23:40:29 | 000,483,084 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/21 23:40:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/21 23:40:29 | 000,080,104 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/21 23:40:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/21 23:40:29 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/21 23:40:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/21 23:40:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/21 23:40:22 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/21 23:40:22 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/21 23:40:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/21 23:40:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/21 16:51:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/21 16:50:58 | 000,241,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/21 16:29:26 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/21 16:02:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/21 16:00:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/21 15:56:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/11/10 16:06:08 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2002/02/27 17:28:16 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002/02/27 17:28:16 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002/02/27 17:28:14 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002/02/27 17:28:14 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002/02/27 17:28:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2002/01/22 17:54:28 | 000,010,539 | ---- | C] () -- C:\WINDOWS\System32\NICFIND.EXE
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/25 13:00:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HWINV.DLL
[2001/07/25 13:00:10 | 000,026,572 | ---- | C] () -- C:\WINDOWS\System32\INV16.DLL

========== LOP Check ==========

[2008/11/23 17:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2009/04/04 05:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2008/11/26 21:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2010/10/31 18:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/12/01 19:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2005/05/12 21:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2010/09/02 23:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/10/15 15:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2008/04/04 23:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/09/02 23:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/09/02 23:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/09/02 23:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/05/09 09:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011/05/09 09:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2009/04/28 21:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirginMedia
[2009/03/28 18:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/10/31 18:43:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2010/04/10 21:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 18:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/13 21:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/31 18:30:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2008/11/23 18:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Acoustica
[2009/04/04 05:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Affinegy
[2005/08/02 19:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DataLayer
[2010/12/29 12:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GARMIN
[2005/05/12 21:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GlobalSCAPE
[2005/05/09 17:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\InterVideo
[2009/12/29 15:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\My Games
[2010/10/12 17:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Nokia
[2010/09/02 23:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Nokia Ovi Suite
[2008/10/14 20:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\OfficeUpdate12
[2010/09/02 23:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PC Suite
[2011/05/09 09:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Radialpoint
[2009/09/15 22:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Samsung
[2006/12/09 17:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SecondLife
[2009/12/30 11:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SPORE
[2008/09/14 22:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\System Tweaker
[2007/03/03 23:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Telewest
[2010/05/30 08:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\TrojanHunter
[2009/04/01 20:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Trusteer
[2010/10/31 18:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Uniblue
[2010/05/20 20:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Virgin Broadband
[2011/05/08 15:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Virgin Media
[2011/05/24 22:57:31 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{54D96064-2D58-43FB-A163-6A5FEA55DCAF}.job

========== Purity Check ==========

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-24 22:50:36

< >

< >

< >

< >

========== Files - Unicode (All) ==========
[2009/09/10 19:04:42 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/09/10 19:04:42 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

< End of report >

I think I said yesterday but automatic updates seem to be working again windows said to wait before I shutdown and today I can access and check the windows update site which I couldn't before.

I also spen about 20 minutes surfing before this post with no apparent problems so definately an improvement.

Cumbiebob

#34 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 25 May 2011 - 10:41 AM

Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.
Copy and Paste the following code into the textbox.
```
:Commands
[ClearAllRestorePoints]
```
Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

NEXT:

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.

Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Extra Goodies

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:
- Open Malwarebytes' Anti-Malware
- Select the Update tab
- Click Check for Updates
Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for Chrome and Opera.
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

#35 cumbiebob

Member

Group: Members
Posts: 33
Joined: 25-October 10

Posted 25 May 2011 - 05:34 PM

Hi SweetTech,

Boy am I glad we have finally got to this point I thought for a while there we might have been losing the whole disk!

Ran OTL and please find below the log:

========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 05252011_223930

Have cleared out the logs and programs that were downloaded.

Prior to starting I used Spybot Search&Destroy and the Virgin Media supplied suite both of which have been restored however I notice that the hosts file is now blank I take it that it's OK to use the spybot hostfile provided and lock it?

I still have malwarebytes and Superantispyware available so that I can run as required.

I will certainly have a look at the software suggested.

One final question though, prior to this I had backed up my data to a usb disk drive and i am concerned that if I reconnect it it may contain infected files. Is it enough to do a full system scan first to make sure the machine is clean before reconnecting the usb drive and scanning it or do you have a suggested procedure?

Once again thanks for all the time and effort you have put in in getting me to this point it is very much appreciated, a vert grateful
Cumbiebob

This post has been edited by cumbiebob: 25 May 2011 - 05:36 PM

#36 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 26 May 2011 - 10:06 AM

Hi cumbiebob!

Quote

Prior to starting I used Spybot Search&Destroy and the Virgin Media supplied suite both of which have been restored however I notice that the hosts file is now blank I take it that it's OK to use the spybot hostfile provided and lock it?

That shouldn't be an issue.

Quote

One final question though, prior to this I had backed up my data to a usb disk drive and i am concerned that if I reconnect it it may contain infected files. Is it enough to do a full system scan first to make sure the machine is clean before reconnecting the usb drive and scanning it or do you have a suggested procedure?

Yeah, I'd actually do the following with the disk drive before I even scanned it with a virus scanner.

Running Flash Disinfector
Download Flash_Disinfector.exe by sUBs from HERE and save it to your desktop.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Quote

Once again thanks for all the time and effort you have put in in getting me to this point it is very much appreciated, a vert grateful

You're more than welcome! I'm truly glad that we were able to work together to solve the issues you were experiencing with your computer.

Please take care.

Kindest Regards,
SweetTech.

#37 cumbiebob

Member

Group: Members
Posts: 33
Joined: 25-October 10

Posted 27 May 2011 - 05:01 AM

Hi SweetTech,

Ran the flashdisinfector and the two usb sticks came up clear as did the backup drive. When I did a full scan on the backup drive it found JS.Trojan.Winbomb.F in a zipped archive which I have since deleted.

I believe we can now close this thread.

Thank you once again

Cumbiebob

#38 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 27 May 2011 - 12:10 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.