XP Anti Virus 2011 issues

ultimatetoptrumps · May 6, 2011

I have used SAS for ages and well impressed with it as an AV and Malware killer and I use Kaspersky as the firewall.

A few days ago I began getting windows popping up and automatically doing a scna and finding a bucket load of issues as well as occasional tabs pointing at a red shield in the far bootom right of the screen telling me that my system has been hijacked, it is at severe risk of infection, that it is infected. I automatically assumed that this was another one of those spam things you soimeties get when surfing.

SAS would not run so after a little research I discovered that it was indeed a malware program so I used Malewarebytes to kill it. So far so good but I am unable to have windows make any updates.

Has anyone else had this issue and if so how did you resolve it please?

Many thanks

Nig

SAS Customer Service · May 6, 2011

I have used SAS for ages and well impressed with it as an AV and Malware killer and I use Kaspersky as the firewall.

A few days ago I began getting windows popping up and automatically doing a scna and finding a bucket load of issues as well as occasional tabs pointing at a red shield in the far bootom right of the screen telling me that my system has been hijacked, it is at severe risk of infection, that it is infected. I automatically assumed that this was another one of those spam things you soimeties get when surfing.

SAS would not run so after a little research I discovered that it was indeed a malware program so I used Malewarebytes to kill it. So far so good but I am unable to have windows make any updates.

Has anyone else had this issue and if so how did you resolve it please?

Many thanks

Nig

We have heard no reports of that in support. You may want to think about checking the mbam support system to see if they removed somthing critical to updating windows.

rise · May 6, 2011

It's possible that malware is blocking updates

If you want to check for malwares please do the following:

Download OTL from here: http://oldtimer.geekstogo.com/OTL.exe to your Dekstop.

Double click on the icon to run it select All users then under the Custom/scans fixes copy/paste the following:

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\Fonts\*.com

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.exe

%systemroot%\system32\spool\prtprocs\w32x86\*.*

%systemroot%\REPAIR\*.bak1

%systemroot%\REPAIR\*.ini

%systemroot%\system32\*.jpg

%systemroot%\*.jpg

%systemroot%\*.png

%systemroot%\*.scr

%systemroot%\*._sy

%APPDATA%\Adobe\Update\*.*

%ALLUSERSPROFILE%\Favorites\*.*

%APPDATA%\Microsoft\*.*

%PROGRAMFILES%\*.*

%APPDATA%\Update\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\bak. /s

%systemroot%\system32\bak. /s

%ALLUSERSPROFILE%\Start Menu\*.lnk /x

%systemroot%\system32\config\systemprofile\*.dat /x

%systemroot%\*.config

%systemroot%\system32\*.db

%PROGRAMFILES%\Internet Explorer\*.dat

%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x

%USERPROFILE%\Desktop\*.exe

%PROGRAMFILES%\Common Files\*.*

%systemroot%\*.src

%systemroot%\install\*.*

%systemroot%\system32\DLL\*.*

%systemroot%\system32\HelpFiles\*.*

%systemroot%\system32\rundll\*.*

%systemroot%\winn32\*.*

%systemroot%\Java\*.*

%systemroot%\system32\test\*.*

%systemroot%\system32\Rundll32\*.*

%systemroot%\AppPatch\Custom\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Now click Quick scan.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

Post both logs in your reply.

Then

-Download aswMBR.exe from here: http://public.avast.com/~gmerek/aswMBR.exe and save it to your Dekstop

-Double click the aswMBR.exe to run it

-Click the "Scan" button to start scan

-On completion of the scan click save log, save it to your desktop and post in your next reply

ultimatetoptrumps · May 7, 2011

Thank you rise!

I have run the scans and attached the files you have requested. I have noticed in the OTL scan names of programs that I uninstalled a long time ago and always check and remove them from regedit so not sure why they are still there.

The problems I am having now started less than a week ago.

Many thanks

Nig

aswMBR.txt

Extras.Txt

OTL.Txt

rise · May 7, 2011

I have noticed in the OTL scan names of programs that I uninstalled a long time ago and always check and remove them from regedit so not sure why they are still there.

Do not mess around with regedit you can do more harm then good, and there are some freeware unistastallers (like Revo Uninstaller)

1. Do you recognize this file:

C:\Documents and Settings\Owner\Desktop\123.exe

If not please go to http://virusscan.jotti.org, click on Browse, and upload the analysis:

C:\Documents and Settings\Owner\Desktop\123.exe

Then click Submit. Allow the file to be scanned, and then please copy/paste the results here for me to see.

If Jotti is busy, please go to http://www.virustotal.com.

============================================

2. Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - File not found [On_Demand | Stopped] --  -- (Roxio UPnP Renderer 11)
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-1482476501-823518204-1417001333-1003\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  File not found
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKU\S-1-5-21-1482476501-823518204-1417001333-1003..\Run: [DivXOP]  File not found
O4 - HKU\S-1-5-21-1482476501-823518204-1417001333-1003..\Run: [DriverScanner]  File not found
O4 - HKU\S-1-5-21-1482476501-823518204-1417001333-1003..\Run: [eMuleAutoStart]  File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} -  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-823518204-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-823518204-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} -  File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/xp_mail.cab (Reg Error: Value error.)
O33 - MountPoints2\{31f88d31-746f-11df-8b8a-000e50e860bf}\Shell - "" = AutoRun
O33 - MountPoints2\{31f88d31-746f-11df-8b8a-000e50e860bf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31f88d31-746f-11df-8b8a-000e50e860bf}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{a9514482-8f0b-11de-bcd9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a9514482-8f0b-11de-bcd9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
[2011/05/04 13:40:34 | 000,014,004 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\d74p7yjp6gw7ndw575n
[2011/05/04 13:40:34 | 000,014,004 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\d74p7yjp6gw7ndw575n
[2011/05/06 11:52:22 | 000,236,544 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/04 13:40:34 | 000,014,004 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\d74p7yjp6gw7ndw575n
[2011/05/04 13:40:34 | 000,014,004 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\d74p7yjp6gw7ndw575n
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ria.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\rer.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\rcf.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kwq.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\grl.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\eri.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\cth.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\cej.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\bum.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\uen.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ths.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\pxh.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\nss.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\mss.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\kut.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hxd.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\cya.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\bno.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yvf.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yps.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\xsm.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\vgn.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\qjq.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mhp.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kcl.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jpy.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\abh.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\yja.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\wds.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\urs.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ucd.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\tkb.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\nvh.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\knk.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hrn.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\amy.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\wav.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\vsj.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ueo.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\tga.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\sli.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qky.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prx.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\pin.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ncq.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\lho.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\jpf.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ihi.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\dqp.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\dke.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ctl.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\cfw.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\blt.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\bjg.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\vnv.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ulj.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qnt.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\odp.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\lbn.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\kfs.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\cpu.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ckw.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aes.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done
It will boot up slower so be patient and copy the log you get

============================================

3. Download ComboFix to your Dekstop from here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disable any realtime protection (AntiVirus,AntiSpyware...)so they don't interfere with ComboFix <- IMPORTANT!!
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

ultimatetoptrumps · May 9, 2011

Sorry for the delay!

123.exe is ComboFix. I Downloaded it after a discussion I had on the Kaspersky forum regarding another issue. The poster there suggested/recommended that I rename it as some malware will prevent it from running.

I have copied the code you suggested and here is the created file. I hope this may shed some light!

Thank you for your help, so far!

OTL.Txt

rise · May 9, 2011

Hi,

Please follow step 2 again, you clicked Quick Scan.

Again copy the script to OTL and click

ultimatetoptrumps · May 9, 2011

Oh, I thought I did run Full Scan! Well, I have this time.

One thing I noticed with this and the previous I got a warning saying that ther was no disc in Drive E. I choose Continue.

OTL.Txt

rise · May 9, 2011

Not good again

please follow the instruction once again and make sure to click Run Fix

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - File not found [On_Demand | Stopped] --  -- (Roxio UPnP Renderer 11)
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-1482476501-823518204-1417001333-1003\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  File not found
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKU\S-1-5-21-1482476501-823518204-1417001333-1003..\Run: [DivXOP]  File not found
O4 - HKU\S-1-5-21-1482476501-823518204-1417001333-1003..\Run: [DriverScanner]  File not found
O4 - HKU\S-1-5-21-1482476501-823518204-1417001333-1003..\Run: [eMuleAutoStart]  File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} -  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-823518204-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-823518204-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} -  File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/xp_mail.cab (Reg Error: Value error.)
O33 - MountPoints2\{31f88d31-746f-11df-8b8a-000e50e860bf}\Shell - "" = AutoRun
O33 - MountPoints2\{31f88d31-746f-11df-8b8a-000e50e860bf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31f88d31-746f-11df-8b8a-000e50e860bf}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{a9514482-8f0b-11de-bcd9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a9514482-8f0b-11de-bcd9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
[2011/05/04 13:40:34 | 000,014,004 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\d74p7yjp6gw7ndw575n
[2011/05/04 13:40:34 | 000,014,004 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\d74p7yjp6gw7ndw575n
[2011/05/06 11:52:22 | 000,236,544 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/04 13:40:34 | 000,014,004 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\d74p7yjp6gw7ndw575n
[2011/05/04 13:40:34 | 000,014,004 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\d74p7yjp6gw7ndw575n
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ria.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\rer.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\rcf.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kwq.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\grl.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\eri.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\cth.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\cej.exe
[2011/05/04 13:40:33 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\bum.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\uen.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ths.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\pxh.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\nss.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\mss.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\kut.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hxd.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\cya.exe
[2011/05/04 13:39:53 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\bno.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yvf.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yps.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\xsm.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\vgn.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\qjq.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mhp.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kcl.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jpy.exe
[2011/05/04 10:52:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\abh.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\yja.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\wds.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\urs.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ucd.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\tkb.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\nvh.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\knk.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hrn.exe
[2011/05/04 10:51:42 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\amy.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\wav.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\vsj.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ueo.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\tga.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\sli.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qky.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prx.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\pin.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ncq.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\lho.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\jpf.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ihi.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\dqp.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\dke.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ctl.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\cfw.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\blt.exe
[2011/05/04 10:51:36 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\bjg.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\vnv.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ulj.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qnt.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\odp.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\lbn.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\kfs.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\cpu.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ckw.exe
[2011/05/04 10:46:22 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aes.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done
It will boot up slower so be patient and copy the log you get

ultimatetoptrumps · May 9, 2011

I apologise for being a total pratt!!

I was not doing as you requested! I have just tried to attach the file but it says it is too big despite it being just 35kb.

All processes killed

========== OTL ==========

Service Roxio UPnP Renderer 11 stopped successfully!

Service Roxio UPnP Renderer 11 deleted successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1482476501-823518204-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1482476501-823518204-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\DivXOP deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1482476501-823518204-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\DriverScanner deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1482476501-823518204-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\eMuleAutoStart deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1482476501-823518204-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1482476501-823518204-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\WINDOWS\Downloaded Program Files\gp.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Starting removal of ActiveX control {FD0EBBED-0C42-4D0F-82DA-44399B5C420A}

C:\WINDOWS\Downloaded Program Files\download_xp.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31f88d31-746f-11df-8b8a-000e50e860bf}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31f88d31-746f-11df-8b8a-000e50e860bf}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31f88d31-746f-11df-8b8a-000e50e860bf}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31f88d31-746f-11df-8b8a-000e50e860bf}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31f88d31-746f-11df-8b8a-000e50e860bf}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31f88d31-746f-11df-8b8a-000e50e860bf}\ not found.

File F:\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9514482-8f0b-11de-bcd9-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9514482-8f0b-11de-bcd9-806d6172696f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9514482-8f0b-11de-bcd9-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9514482-8f0b-11de-bcd9-806d6172696f}\ not found.

C:\Documents and Settings\Owner\Local Settings\Application Data\d74p7yjp6gw7ndw575n moved successfully.

C:\Documents and Settings\All Users\Application Data\d74p7yjp6gw7ndw575n moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

File C:\Documents and Settings\Owner\Local Settings\Application Data\d74p7yjp6gw7ndw575n not found.

File C:\Documents and Settings\All Users\Application Data\d74p7yjp6gw7ndw575n not found.

C:\Documents and Settings\All Users\Application Data\ria.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\rer.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\rcf.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\kwq.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\grl.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\eri.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\cth.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\cej.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\bum.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\uen.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\ths.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\pxh.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\nss.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\mss.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\kut.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\hxd.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\cya.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\bno.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\yvf.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\yps.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\xsm.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\vgn.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\qjq.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\mhp.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\kcl.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\jpy.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\abh.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\yja.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\wds.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\urs.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\ucd.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\tkb.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\nvh.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\knk.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\hrn.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\amy.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\wav.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\vsj.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\ueo.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\tga.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\sli.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\qky.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\prx.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\pin.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\ncq.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\lho.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\jpf.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\ihi.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\dqp.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\dke.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\ctl.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\cfw.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\blt.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\bjg.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\vnv.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\ulj.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\qnt.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\odp.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\lbn.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\kfs.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\cpu.exe moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\ckw.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\aes.exe moved successfully.

C:\WINDOWS\74224F8D4A1748169EDB7BB854DE532C.TMP\WiseCustomCalla.dll deleted successfully.

C:\WINDOWS\74224F8D4A1748169EDB7BB854DE532C.TMP folder deleted successfully.

C:\WINDOWS\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP\WiseCustomCall.dll deleted successfully.

C:\WINDOWS\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP\WiseCustomCalla.dll deleted successfully.

C:\WINDOWS\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP\WiseCustomCalla17.dll deleted successfully.

C:\WINDOWS\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP\WiseCustomCalla18.exe deleted successfully.

C:\WINDOWS\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP\WiseCustomCalla19.dll deleted successfully.

C:\WINDOWS\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP\WiseCustomCalla2.dll deleted successfully.

C:\WINDOWS\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP\WiseCustomCalla20.dll deleted successfully.

C:\WINDOWS\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP\WiseCustomCalla21.dll deleted successfully.

C:\WINDOWS\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP\WiseCustomCalla21.exe deleted successfully.

C:\WINDOWS\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP\WiseData.ini deleted successfully.

C:\WINDOWS\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP folder deleted successfully.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5 deleted successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 2057080 bytes

->Temporary Internet Files folder emptied: 34714 bytes

User: NetworkService

->Temp folder emptied: 1980600 bytes

->Temporary Internet Files folder emptied: 429363449 bytes

User: Owner

->Temp folder emptied: 140042625 bytes

->Temporary Internet Files folder emptied: 48259815 bytes

->Java cache emptied: 35211059 bytes

->FireFox cache emptied: 120261401 bytes

->Flash cache emptied: 23422 bytes

User: TEMP

->Temporary Internet Files folder emptied: 32768 bytes

User: TEMP.HOME-PC

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 562810955 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 76845408 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 138611582 bytes

Total Files Cleaned = 1,484.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner

->Flash cache emptied: 0 bytes

User: TEMP

User: TEMP.HOME-PC

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05092011_160523

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\klsB7F5.tmp not found!

Registry entries deleted on Reboot...

It would not allow me to attach as it says it was too big!

Again, sorry

rise · May 9, 2011

Please delete your existing copy of ComboFix and download a fresh one from here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe and save to your Dekstop

Disable any realtime protection (AntiVirus,AntiSpyware...)so they don't interfere with ComboFix

Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

ultimatetoptrumps · May 9, 2011

I have tried again to attach the file but again it says it is too big. It is only 13.5kb!

ComboFix 11-05-08.04 - Owner 09/05/2011 16:46:32.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2248 [GMT 1:00]

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Owner\WINDOWS

C:\WINDOWS\system32\drivers\etc\lmhosts

((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))

2011-05-06 09:25:35 . 2011-05-06 09:25:35 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\Help

2011-05-04 12:54:00 . 2011-05-04 12:54:00 -------- d-----w- C:\Program Files\Enigma Software Group

2011-05-01 07:37:10 . 2011-04-14 16:41:09 142296 ----a-w- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

2011-05-01 07:37:09 . 2011-04-14 16:41:09 89048 ----a-w- C:\Program Files\Mozilla Firefox\libEGL.dll

2011-05-01 07:37:09 . 2011-04-14 16:41:09 781272 ----a-w- C:\Program Files\Mozilla Firefox\mozsqlite3.dll

2011-05-01 07:37:09 . 2011-04-14 16:41:09 465880 ----a-w- C:\Program Files\Mozilla Firefox\libGLESv2.dll

2011-05-01 07:37:09 . 2011-04-14 16:41:09 1874904 ----a-w- C:\Program Files\Mozilla Firefox\mozjs.dll

2011-05-01 07:37:09 . 2011-04-14 16:41:09 15832 ----a-w- C:\Program Files\Mozilla Firefox\mozalloc.dll

2011-05-01 07:37:09 . 2010-01-01 08:00:00 1974616 ----a-w- C:\Program Files\Mozilla Firefox\D3DCompiler_42.dll

2011-05-01 07:37:09 . 2010-01-01 08:00:00 1892184 ----a-w- C:\Program Files\Mozilla Firefox\d3dx9_42.dll

2011-04-28 13:34:50 . 2011-04-28 13:34:50 53816 ----a-w- C:\WINDOWS\system32\drivers\RapportKELL.sys

2011-04-24 07:26:11 . 2011-04-24 07:27:37 -------- d-----w- C:\Documents and Settings\TEMP.HOME-PC

2011-04-20 15:36:51 . 2011-04-20 15:36:51 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Malwarebytes

2011-04-20 15:36:43 . 2011-04-20 15:36:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2011-04-20 15:36:43 . 2010-12-20 17:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011-04-20 15:36:39 . 2011-04-20 15:36:45 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2011-04-20 15:36:39 . 2010-12-20 17:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2011-04-20 08:02:18 . 2011-04-20 08:02:37 -------- d-----w- C:\Program Files\Calibre2

2011-04-16 10:10:32 . 2010-05-07 11:37:58 150200 ----a-w- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

2011-04-16 10:10:31 . 2010-05-07 11:37:44 109240 ----a-w- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll

2011-04-16 10:10:23 . 2011-04-16 10:27:25 97859 ----a-w- C:\WINDOWS\system32\drivers\klick.dat

2011-04-16 10:10:23 . 2011-04-16 10:27:25 115267 ----a-w- C:\WINDOWS\system32\drivers\klin.dat

2011-04-16 10:09:04 . 2011-05-09 15:55:04 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2011-04-16 10:09:04 . 2011-04-16 10:09:04 -------- d-----w- C:\Program Files\Kaspersky Lab

2011-04-11 20:25:28 . 2011-04-11 20:28:28 -------- d-----w- C:\Program Files\DivX Operational Player

2011-04-10 08:42:00 . 2011-04-10 08:42:00 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\Winamp Toolbar

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-07 05:33:50 . 2009-08-22 10:17:02 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll

2011-03-04 06:37:06 . 2008-04-14 12:00:00 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll

2011-03-03 13:21:11 . 2008-04-14 12:00:00 1857920 ------w- C:\WINDOWS\system32\win32k.sys

2011-02-22 23:06:29 . 2008-04-14 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll

2011-02-22 23:06:29 . 2008-04-14 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll

2011-02-22 23:06:29 . 2008-04-14 12:00:00 1469440 ----a-w- C:\WINDOWS\system32\inetcpl.cpl

2011-02-22 11:41:59 . 2008-04-14 12:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec

2011-02-18 16:36:58 . 2009-08-22 13:26:20 41984 ----a-w- C:\WINDOWS\system32\drivers\usbaapl.sys

2011-02-18 16:36:58 . 2009-08-22 13:26:20 4184352 ----a-w- C:\WINDOWS\system32\usbaaplrc.dll

2011-02-17 13:18:24 . 2010-04-14 12:14:16 455936 ------w- C:\WINDOWS\system32\drivers\mrxsmb.sys

2011-02-17 13:18:03 . 2010-02-10 21:05:01 357888 ------w- C:\WINDOWS\system32\drivers\srv.sys

2011-02-17 12:32:12 . 2009-08-22 12:22:59 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll

2011-02-15 12:56:39 . 2008-04-14 12:00:00 290432 ----a-w- C:\WINDOWS\system32\atmfd.dll

2011-02-09 13:53:52 . 2008-04-14 12:00:00 270848 ------w- C:\WINDOWS\system32\sbe.dll

2011-02-09 13:53:52 . 2008-04-14 12:00:00 186880 ------w- C:\WINDOWS\system32\encdec.dll

1999-09-29 11:18:26 . 1999-09-29 12:19:14 3698688 -c--a-w- C:\Program Files\shadow-install.8bf

2011-04-14 16:41:09 . 2011-05-01 07:37:10 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="D:\Installed Progs\uTorrent.exe" [2011-04-02 16:01:33 399736]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-11 08:30:02 39408]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03:40 152872]

"Steam"="C:\program files\steam\steam.exe" [2010-11-17 13:26:51 1242448]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 22:24:21 2423752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2011-01-07 19:56:48 13880424]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2011-01-07 19:56:48 111208]

"nwiz"="C:\Program Files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 08:51:42 1753192]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-29 17:38:18 421888]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-03-07 15:33:40 421160]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-05-07 11:39:36 344736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-10-8 25214]

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2009-8-22 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2008-03-18 01:06:00 1848648 ----a-w- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2008-03-11 01:20:00 689488 ----a-w- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"D:\\Installed Progs\\uTorrent.exe"=

"C:\\Program Files\\Steam\\Steam.exe"=

"C:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\CivilizationV.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3306:TCP"= 3306:TCP:MySQL Server

R0 RapportKELL;RapportKELL;C:\WINDOWS\system32\drivers\RapportKELL.sys [28/04/2011 14:34:50 53816]

R1 RapportCerberus_26762;RapportCerberus_26762;C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [09/05/2011 11:46:50 57144]

R1 RapportEI;RapportEI;C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [28/04/2011 14:34:50 66360]

R1 RapportPG;RapportPG;C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [28/04/2011 14:34:48 158904]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25:48 12872]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41:30 67656]

R2 RapportMgmtService;Rapport Management Service;C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/04/2011 14:34:42 870200]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [14/09/2009 14:42:46 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\system32\drivers\klmouflt.sys [02/11/2009 20:27:24 19472]

S1 kl2;Kl2;C:\WINDOWS\system32\drivers\kl2.sys [07/05/2010 00:19:06 132184]

S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [11/10/2009 09:31:26 133104]

S3 esgiguard;esgiguard;\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys --> C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [11/10/2009 09:31:26 133104]

S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;C:\WINDOWS\system32\drivers\qcusbser.sys [10/06/2010 10:58:21 103552]

S3 SaiK0836;SaiK0836;C:\WINDOWS\system32\drivers\SaiK0836.sys [13/04/2010 12:58:14 107008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WUAUSERV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

Contents of the 'Scheduled Tasks' folder

2011-05-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]

2011-05-09 C:\WINDOWS\Tasks\Google Software Updater.job

- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-11 08:29:59 . 2009-10-11 08:29:59]

2011-05-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-11 08:31:26 . 2009-10-11 08:31:21]

2011-05-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-11 08:31:26 . 2009-10-11 08:31:21]

------- Supplementary Scan -------

uStart Page = hxxp://www.sky.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vgchf8fx.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

- - - - ORPHANS REMOVED - - - -

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - C:\Program Files\DivX\DivXCodecUninstall.exe

Again, thank you!

rise · May 9, 2011

Hi you didn't posted the whole log the last part is missing.

Run OTL click Quick scan

Zip the C:\ComboFix.txt and new OTL.txt log and attach them or if you cannot attach upload the zip to www.mediafire.com and post the link.

Also are you now able to update Windows?

ultimatetoptrumps · May 9, 2011

Yes, the annoying red shield and message have both gone so I guess I can receive automatic updates.

Upload still too big so I have used my site host

www.ultimate-top-trumps.co.uk/Logs.zip

The Zip contains both ComboFix and OTL scan results.

Thank you!

rise · May 9, 2011

Your logs look OK.

If you have any problems let me know

Lets do some housekeeping,

Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Next open OTL and click CleanUp button.This will remove OTL

ultimatetoptrumps · May 9, 2011

Everything seems to be back to normal!

Thank you rise your a star!

XP Anti Virus 2011 issues

Recommended Posts

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in