Solved Malware disabling mcafee, redirecting internet searches and other symptoms

[Broni]

I suggest you uninstall McAfee using this tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml
Install fresh copy.

===============================================================

You posted Extras.txt twice.
I still need OTL.txt log.

 

[funkduck]

Heres the OTL
OTL logfile created on: 11/08/2011 09:33:01 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Alex\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 58.94% Memory free
5.93 Gb Paging File | 4.67 Gb Available in Paging File | 78.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.83 Gb Total Space | 142.43 Gb Free Space | 49.48% Space Free | Partition Type: NTFS

Computer Name: ALEXCURTIS | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 09:32:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 18:38:20 | 000,174,064 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/09 10:18:00 | 000,016,384 | ---- | M] (thinkbroadband.com) -- C:\Program Files\thinkbroadband.com\tbbMeter\tbbLoaderService.exe
PRC - [2010/06/08 17:41:48 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/23 16:04:12 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2 Assistant\bin\sprtsvc.exe
PRC - [2010/04/23 16:04:12 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2 Assistant\bin\tgsrvc.exe
PRC - [2010/04/23 16:04:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2 Assistant\bin\sprtcmd.exe
PRC - [2010/03/02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/04/13 21:16:31 | 000,180,224 | ---- | M] (ALPS) -- C:\Program Files\Apoint\Apvfb.exe
PRC - [2009/04/13 21:16:30 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2009/04/13 21:16:28 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2009/03/24 03:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/03/02 07:21:32 | 002,329,128 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/03/02 07:21:32 | 000,789,032 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/03/02 07:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/02/05 20:41:46 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
PRC - [2009/02/05 20:41:44 | 000,390,440 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
PRC - [2009/02/05 20:41:44 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
PRC - [2009/02/05 20:41:44 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
PRC - [2009/02/05 20:41:44 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
PRC - [2009/01/20 00:43:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/01/19 13:49:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/06 03:04:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2008/12/18 18:53:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/09/18 18:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 09:32:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NMSAccessU)
SRV - [2011/08/03 11:10:31 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/10/09 10:18:00 | 000,016,384 | ---- | M] (thinkbroadband.com) [Auto | Running] -- C:\Program Files\thinkbroadband.com\tbbMeter\tbbLoaderService.exe -- (tbbLoaderService)
SRV - [2010/09/24 17:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/06/24 09:28:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/23 16:04:12 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\O2 Assistant\bin\sprtsvc.exe -- (sprtsvc_O2DA) SupportSoft Sprocket Service (O2DA)
SRV - [2010/04/23 16:04:12 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\O2 Assistant\bin\tgsrvc.exe -- (tgsrvc_O2DA) SupportSoft Repair Service (O2DA)
SRV - [2010/02/01 20:02:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/02 07:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/02/05 20:41:46 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/02/05 20:41:44 | 000,390,440 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/02/05 20:41:44 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/02/05 20:41:44 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/02/05 20:41:44 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/01/20 00:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/01/19 13:49:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/17 05:59:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/01/06 03:04:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2008/09/18 18:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/06/07 16:19:40 | 000,202,280 | R--- | M] () [Auto | Stopped] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)
SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/09/30 19:22:50 | 000,098,304 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/08/03 11:25:32 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2011/08/03 11:12:28 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pssdklbf.sys -- (PSSDKLBF)
DRV - [2011/08/03 11:11:28 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/14 02:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/03/04 17:36:59 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RapportBuka.sys -- (RapportBuka)
DRV - [2009/11/11 12:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 12:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 01:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/04/13 21:16:29 | 000,173,616 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/02/23 21:07:18 | 000,155,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/11/25 00:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/11/19 01:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/10/23 01:02:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/10/23 01:02:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/22 12:06:02 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/06/07 01:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/24 22:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/08 17:43:15 | 000,000,000 | ---D | M]

[2009/12/22 02:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2009/10/18 22:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/08/10 10:07:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\lam\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [O2DA] C:\Program Files\O2 Assistant\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll File not found
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 09:32:04 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/08/10 10:55:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/10 10:54:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/10 09:35:52 | 004,167,902 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2011/08/08 10:59:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/08 10:59:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/08 10:59:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/08 10:58:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/08 10:58:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/07 16:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2011/08/06 18:30:13 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
[2011/08/04 23:28:56 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
[2011/08/04 23:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lam
[2011/08/04 23:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\lam
[2011/08/04 19:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\BabylonUpdater
[2011/08/04 19:28:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Babylon
[2011/08/04 19:28:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Babylon
[2011/08/04 19:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/08/04 19:23:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\Adobe Dreamweaver CS5.5
[2011/08/04 19:09:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/04 19:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/07/31 15:49:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Spotify
[2011/07/31 15:49:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Spotify
[2011/07/22 15:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/22 15:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/22 15:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/13 18:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[1 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]

 

[funkduck]

========== Files - Modified Within 30 Days ==========

[2011/08/11 09:32:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/08/11 09:29:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/11 09:29:32 | 000,044,560 | -HS- | M] () -- C:\Windows\System32\c_18145.nl_
[2011/08/11 09:29:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/10 10:49:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/10 10:07:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/10 09:35:53 | 004,167,902 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2011/08/10 09:34:18 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/09 12:02:30 | 000,230,619 | ---- | M] () -- C:\Users\Alex\Documents\Capture.PNG
[2011/08/09 11:50:16 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/09 11:50:16 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/09 11:42:54 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/08/09 11:41:47 | 2389,987,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/06 18:42:43 | 000,631,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/06 18:42:43 | 000,111,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/06 18:30:14 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
[2011/08/05 08:36:08 | 000,139,264 | ---- | M] () -- C:\Users\Alex\Desktop\RKUnhookerLE.EXE
[2011/08/05 00:07:31 | 000,294,216 | ---- | M] () -- C:\Users\Alex\Desktop\gmer.zip
[2011/08/04 23:29:00 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
[2011/08/04 23:26:45 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\28sz8j2d.exe
[2011/08/04 23:10:17 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/04 19:09:28 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/03 11:12:28 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdklbf.sys
[2011/08/03 11:11:28 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdk42.sys
[2011/08/01 20:23:01 | 000,006,555 | ---- | M] () -- C:\Users\Alex\.recently-used.xbel
[2011/07/31 15:49:45 | 000,000,949 | ---- | M] () -- C:\Users\Alex\Desktop\Spotify.lnk
[2011/07/23 19:06:40 | 000,328,059 | ---- | M] () -- C:\Users\Alex\Documents\Lars Purring.caf
[2011/07/23 19:06:36 | 000,767,937 | ---- | M] () -- C:\Users\Alex\Documents\Looking Through The Window.caf
[2011/07/23 19:06:32 | 000,643,107 | ---- | M] () -- C:\Users\Alex\Documents\Cold November.caf
[2011/07/23 19:06:30 | 001,222,677 | ---- | M] () -- C:\Users\Alex\Documents\MyRecording.caf
[2011/07/23 19:06:24 | 000,467,751 | ---- | M] () -- C:\Users\Alex\Documents\Long Way Acoustic.caf
[2011/07/23 19:06:23 | 001,564,476 | ---- | M] () -- C:\Users\Alex\Documents\Long Way.caf
[2011/07/23 19:06:18 | 001,103,791 | ---- | M] () -- C:\Users\Alex\Documents\Time Delay.caf
[2011/07/22 15:36:40 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/14 17:48:16 | 002,339,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/10 10:49:00 | 000,044,560 | -HS- | C] () -- C:\Windows\System32\c_18145.nl_
[2011/08/09 12:02:30 | 000,230,619 | ---- | C] () -- C:\Users\Alex\Documents\Capture.PNG
[2011/08/08 10:59:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/08 10:59:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/08 10:59:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/08 10:59:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/08 10:59:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/05 08:36:07 | 000,139,264 | ---- | C] () -- C:\Users\Alex\Desktop\RKUnhookerLE.EXE
[2011/08/05 00:07:28 | 000,294,216 | ---- | C] () -- C:\Users\Alex\Desktop\gmer.zip
[2011/08/04 23:26:45 | 000,302,592 | ---- | C] () -- C:\Users\Alex\Desktop\28sz8j2d.exe
[2011/08/04 19:09:28 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/08/04 19:09:28 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/01 20:23:01 | 000,006,555 | ---- | C] () -- C:\Users\Alex\.recently-used.xbel
[2011/07/31 15:49:45 | 000,000,949 | ---- | C] () -- C:\Users\Alex\Desktop\Spotify.lnk
[2011/07/31 15:49:44 | 000,000,979 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011/07/23 19:06:39 | 000,328,059 | ---- | C] () -- C:\Users\Alex\Documents\Lars Purring.caf
[2011/07/23 19:06:35 | 000,767,937 | ---- | C] () -- C:\Users\Alex\Documents\Looking Through The Window.caf
[2011/07/23 19:06:32 | 000,643,107 | ---- | C] () -- C:\Users\Alex\Documents\Cold November.caf
[2011/07/23 19:06:27 | 001,222,677 | ---- | C] () -- C:\Users\Alex\Documents\MyRecording.caf
[2011/07/23 19:06:24 | 000,467,751 | ---- | C] () -- C:\Users\Alex\Documents\Long Way Acoustic.caf
[2011/07/23 19:06:21 | 001,564,476 | ---- | C] () -- C:\Users\Alex\Documents\Long Way.caf
[2011/07/23 19:06:16 | 001,103,791 | ---- | C] () -- C:\Users\Alex\Documents\Time Delay.caf
[2011/07/22 15:36:40 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/28 10:44:53 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/04/28 10:44:53 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/04/28 10:44:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/04/28 10:44:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/04/28 10:44:53 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/04/28 10:44:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/04/28 10:44:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/04/28 10:44:53 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/04/28 10:44:53 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/04/28 10:44:53 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/04/28 10:44:53 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/04/28 10:44:52 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/04/28 10:44:52 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/04/28 10:44:52 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/04/28 10:44:52 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/04/28 10:44:52 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/04/28 10:44:52 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/04/28 10:44:52 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/04/28 10:44:52 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/04/22 12:01:12 | 000,007,617 | ---- | C] () -- C:\Users\Alex\AppData\Local\resmon.resmoncfg
[2010/12/22 12:38:13 | 000,020,459 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\UserTile.png
[2010/09/03 09:12:42 | 000,166,272 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/02 11:38:53 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/25 21:14:56 | 002,654,262 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\ZBWallpaper.bmp
[2010/01/17 18:46:42 | 000,005,632 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/27 19:09:49 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/12/27 19:09:49 | 000,000,088 | RHS- | C] () -- C:\ProgramData\47B7AA6C58.sys
[2009/12/22 02:30:55 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/12/22 01:44:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/12/21 23:53:32 | 000,000,062 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/10/02 19:23:08 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2009/09/24 20:21:00 | 000,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 002,339,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,631,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,111,456 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/17 17:52:40 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/15 19:54:35 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/05/15 19:34:34 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

========== LOP Check ==========

[2011/03/28 16:15:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Amazon
[2011/08/04 19:28:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Babylon
[2011/03/30 22:36:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Canon
[2011/08/04 19:09:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/03/01 17:14:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Facebook
[2010/08/19 23:00:25 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\fltk.org
[2011/07/29 23:36:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\gtk-2.0
[2010/10/24 16:23:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\inkscape
[2009/12/22 02:15:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\InterVideo
[2009/12/22 02:15:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Jasc
[2009/12/22 02:15:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\NASA
[2011/03/30 11:13:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2011/03/30 10:49:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Smart PDF Converter Pro
[2011/07/31 17:19:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify
[2010/08/31 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Tatara Systems
[2010/03/04 17:11:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Trusteer
[2010/04/15 12:25:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/04/15 12:25:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2011/05/28 19:52:56 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2009/12/22 09:37:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/08/10 10:54:03 | 000,019,121 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/12/22 10:49:09 | 000,049,072 | ---- | M] () -- C:\Entries.lst
[2011/08/09 11:41:47 | 2389,987,328 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/17 17:21:53 | 000,000,187 | ---- | M] () -- C:\Installer_Setup.log
[2010/03/06 18:01:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/17 17:25:36 | 000,737,308 | ---- | M] () -- C:\lv.log
[2010/03/06 18:01:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/08/09 11:41:51 | 3186,651,136 | -HS- | M] () -- C:\pagefile.sys
[2010/03/04 00:06:11 | 000,000,714 | ---- | M] () -- C:\qhdebug.log
[2009/05/15 19:58:56 | 000,002,420 | ---- | M] () -- C:\RHDSetup.log
[2009/06/17 17:25:08 | 000,000,073 | -H-- | M] () -- C:\splash.idx
[2011/08/06 18:32:03 | 000,075,122 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_06.08.2011_18.30.45_log.txt
[2009/06/17 17:53:30 | 000,385,952 | ---- | M] () -- C:\vcredist_x86.log
[2009/05/12 19:38:16 | 000,003,632 | -H-- | M] () -- C:\version

< %systemroot%\Fonts\*.com >
[2009/07/14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/09/12 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD7L.DLL
[2010/04/24 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD9X.DLL
[2010/08/25 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPDAE.DLL
[2006/09/12 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP7L.DLL
[2010/04/24 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP9X.DLL
[2010/08/25 05:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPPAE.DLL
[2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/27 03:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2010/11/20 13:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2009/10/02 19:23:08 | 000,000,604 | -H-- | M] () -- C:\Program Files\STLL Notifier

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/10/01 12:11:10 | 000,000,444 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2011/04/14 12:40:10 | 000,000,221 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/10/26 21:11:21 | 000,000,260 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hotmail.url

< %USERPROFILE%\Desktop\*.exe >
[2011/08/04 23:26:45 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\28sz8j2d.exe
[2011/08/10 09:35:53 | 004,167,902 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2011/08/11 09:32:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/08/05 08:36:08 | 000,139,264 | ---- | M] () -- C:\Users\Alex\Desktop\RKUnhookerLE.EXE
[2011/08/06 18:30:14 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe
[1 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/02/25 13:29:18 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/02/25 13:29:18 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2009/12/25 11:14:05 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2009/12/25 11:14:06 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/02/25 13:29:18 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/02/25 13:31:54 | 000,000,402 | -HS- | M] () -- C:\Users\Alex\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/10 18:46:03 | 000,000,088 | RHS- | M] () -- C:\ProgramData\47B7AA6C58.sys
[2010/09/10 18:46:22 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB42752$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
  O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
  O15 - HKU\S-1-5-21-3286186691-3134294517-363437892-1000\..Trusted Ranges: GD ([http] in Local intranet)
  [1 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ] 
  [2009/12/27 19:09:49 | 000,000,088 | RHS- | C] () -- C:\ProgramData\47B7AA6C58.sys
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

==================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[funkduck]

Do you think my laptop will get better soon?! : (

 

[funkduck]

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_USERS\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\o2.co.uk\*.broadband\ deleted successfully.
Invalid CLSID key: *.broadband
Registry key HKEY_USERS\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\o2.co.uk\*.broadband\ not found.
Invalid CLSID key: *.broadband
Registry value HKEY_USERS\S-1-5-21-3286186691-3134294517-363437892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
C:\Users\Alex\Desktop\~WRL0005.tmp deleted successfully.
C:\ProgramData\47B7AA6C58.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 286726476 bytes
->Temporary Internet Files folder emptied: 907725143 bytes
->Java cache emptied: 26005133 bytes
->Google Chrome cache emptied: 420480679 bytes
->Apple Safari cache emptied: 8725504 bytes
->Flash cache emptied: 74512 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2432 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 18932416 bytes

Total Files Cleaned = 1,591.00 mb


[EMPTYFLASH]

User: Alex
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08122011_003808

Files\Folders moved on Reboot...
File\Folder C:\Users\Alex\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe not found!

Registry entries deleted on Reboot...

 

[Broni]

The only thing I can guarantee is your computer being clean.
Then we'll see.
Did you try my advice regarding McAfee?

 

[funkduck]

Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee AntiVirus Plus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 26
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

 

[Broni]

Uninstall Java(TM) 6 Update 22 .

What about McAfee?

 

[funkduck]

Uninstalled Java(TM) 6 Update 22.

I have removed McAfee, but not yet reinstalled.

 

[funkduck]

Should I continue with Temp File Cleaner and then ESET?

 

[Broni]

Did you use the tool I suggested to uninstall McAfee?

 

[Broni]

Yes go ahead with TFC and Eset.

 

[funkduck]

Yes I used the tool you suggested.
Mcafee is reinstalled but it is warning about infection W32/Katusha virus still.

 

[Broni]

Virus detected
W32/Katusha (virus)
Quarantined From: C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

I suspect false positive.
This is a part of your online banking security.

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

 

[funkduck]

File name:
RapportMgmtService.exe

Submission date:
2011-08-12 00:57:50 (UTC)

Current status:
finished




Result:
36/ 43 (83.7%)


VT Community

not reviewed
Safety score: -



Compact

Print results




Antivirus

Version

Last Update

Result



AhnLab-V3

2011.08.11.01

2011.08.11

Win-Trojan/Patched.DD



AntiVir

7.11.13.26

2011.08.11

W32/PatchLoad.A



Antiy-AVL

2.0.3.7

2011.08.11

-



Avast

4.8.1351.0

2011.08.11

Win32atched-WQ [Trj]



Avast5

5.0.677.0

2011.08.11

Win32atched-WQ [Trj]



AVG

10.0.0.1190

2011.08.11

Win32/Katusha.A



BitDefender

7.2

2011.08.11

Trojan.Patched.HE



CAT-QuickHeal

11.00

2011.08.11

W32.Patchload.O



ClamAV

0.97.0.0

2011.08.12

Trojan.Patched-167



Commtouch

5.3.2.6

2011.08.11

W32/Patched.G



Comodo

9712

2011.08.12

TrojWare.Win32.Patched.HN



DrWeb

5.0.2.03300

2011.08.12

Trojan.Starter.1695



Emsisoft

5.1.0.8

2011.08.12

Trojan-Spy.Win32.Zbot!IK



eSafe

7.0.17.0

2011.08.10

-



eTrust-Vet

36.1.8497

2011.08.11

Win32/Patchload.U



F-Prot

4.6.2.117

2011.08.11

W32/Patched.G



F-Secure

9.0.16440.0

2011.08.12

Trojan.Patched.HE



Fortinet

4.2.257.0

2011.08.12

-



GData

22

2011.08.11

Trojan.Patched.HE



Ikarus

T3.1.1.107.0

2011.08.12

Trojan-Spy.Win32.Zbot



Jiangmin

13.0.900

2011.08.11

TrojanSpy.Zbot.adxr



K7AntiVirus

9.109.5003

2011.08.10

Trojan



Kaspersky

9.0.0.837

2011.08.12

Trojan.Win32.Patched.mf



McAfee

5.400.0.1158

2011.08.12

W32/Katusha



McAfee-GW-Edition

2010.1D

2011.08.12

W32/Katusha



Microsoft

1.7104

2011.08.11

Virus:Win32/Patchload.O



NOD32

6370

2011.08.12

Win32/Patched.HN



Norman

6.07.10

2011.08.11

W32/Patched.BH



nProtect

2011-08-11.01

2011.08.11

-



Panda

10.0.3.5

2011.08.11

W32/Katusha.BN



PCTools

8.0.0.5

2011.08.12

Trojan.Paccyn



Prevx

3.0

2011.08.12

-



Rising

23.70.03.03

2011.08.11

Win32.Loader.li



Sophos

4.67.0

2011.08.12

W32/Patched-AK



SUPERAntiSpyware

4.40.0.1006

2011.08.12

-



Symantec

20111.2.0.82

2011.08.12

Trojan.Paccyn!inf



TheHacker

6.7.0.1.276

2011.08.11

-



TrendMicro

9.500.0.1008

2011.08.11

PTCH_KATUSHA.W



TrendMicro-HouseCall

9.500.0.1008

2011.08.12

PTCH_KATUSHA.W



VBA32

3.12.16.4

2011.08.10

Trojan-Spy.Zbot.gen



VIPRE

10143

2011.08.12

Virus.Win32.Agent.mpq (v)



ViRobot

2011.8.11.4617

2011.08.11

Win32.Patched.BE



VirusBuster

14.0.164.0

2011.08.11

Win32.Katusha.Gen





Additional information

Show all



MD5 : 1ac0335744ee811c8494443ce1bbe7f2



SHA1 : 5cec7e24351a1baef64bb33e9a4e48a6b91fb276



SHA256: 6f65280dd321700473211fac74356ade83941a4408a0aa066086935c7341befd

 

[Broni]

Go ahead with TFC and Eset.

 

[funkduck]

TFC Done.
ESET running. 56% done and 6 threats found so far.

 

[funkduck]

C:\Program Files\Bonjour\mDNSResponder.exe Win32/Patched.HN trojan
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojan
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe Win32/Patched.HN trojan
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe Win32/Patched.HN trojan
C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe Win32/Patched.HN trojan
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Windows\System32\c_18145.nl_.vir probably a variant of Win32/Rootkit.KHEBOKS trojan
C:\Windows\System32\c_18145.nl_ probably a variant of Win32/Rootkit.KHEBOKS trojan

 

[Broni]

Were those files removed, or they're still there?

Did you reinstall McAfee?

 

[funkduck]

Files are still there. Do I need to check "Remove files" and redo the scan ?

McAfee is reinstalled.

 

[Broni]

Do I need to check "Remove files" and redo the scan ?

Yes.

 

[funkduck]

C:\Program Files\Bonjour\mDNSResponder.exe Win32/Patched.HN trojan cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojan cleaned - quarantined
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe Win32/Patched.HN trojan cleaned - quarantined
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe Win32/Patched.HN trojan cleaned - quarantined
C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe Win32/Patched.HN trojan cleaned - quarantined
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe Win32/Patched.HN trojan error while cleaning
C:\Qoobox\Quarantine\C\Windows\System32\c_18145.nl_.vir probably a variant of Win32/Rootkit.KHEBOKS trojan cleaned by deleting - quarantined
C:\Windows\System32\c_18145.nl_ probably a variant of Win32/Rootkit.KHEBOKS trojan cleaned by deleting - quarantined

 

[Broni]

How is computer doing?

 

[funkduck]

Mcafee is persistently complaining about this still.

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

And restarting as it suggests does not fix the problem.

How do I get rid of this ?