Well a reboot did work eventually after 20 minutes.
Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 20/11/2013
Time: 20:21:05
User: N/A
Computer: USER-E862545A71
Description:
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 562 unused index entries from index $SII of file 0x9.
Cleaning up 562 unused index entries from index $SDH of file 0x9.
Cleaning up 562 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.
156280288 KB total disk space.
120207904 KB in 142461 files.
62100 KB in 12142 indexes.
0 KB in bad sectors.
724556 KB in use by the system.
65536 KB occupied by the log file.
35285728 KB available on disk.
4096 bytes in each allocation unit.
39070072 total allocation units on disk.
8821432 allocation units available on disk.
Internal Info:
00 01 03 00 f6 5b 02 00 7b fd 03 00 00 00 00 00 .....[..{.......
6b 23 00 00 06 00 00 00 af 04 00 00 00 00 00 00 k#..............
a4 a1 fd 07 00 00 00 00 08 43 65 77 00 00 00 00 .........Cew....
d8 af da 79 00 00 00 00 a0 37 23 41 0a 00 00 00 ...y.....7#A....
f4 81 ed c2 01 00 00 00 12 e4 9d 04 0d 00 00 00 ................
99 9e 36 00 00 00 00 00 98 38 07 00 7d 2c 02 00 ..6......8..},..
00 00 00 00 00 80 e8 a8 1c 00 00 00 6e 2f 00 00 ............n/..
Windows has finished checking your disk.
Please wait while your computer restarts.
For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-02 18:19:44
-----------------------------
18:19:44.296 OS Version: Windows 5.1.2600 Service Pack 3
18:19:44.296 Number of processors: 1 586 0x409
18:19:44.296 ComputerName: USER-E862545A71 UserName: Paul_2
18:19:44.750 Initialize success
18:21:15.125 AVAST engine defs: 13110200
18:21:58.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
18:21:58.046 Disk 0 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 3
18:21:58.187 Disk 0 MBR read successfully
18:21:58.203 Disk 0 MBR scan
18:21:58.265 Disk 0 Windows XP default MBR code
18:21:58.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
18:21:58.328 Disk 0 scanning sectors +312560640
18:21:58.546 Disk 0 scanning C:\WINDOWS\system32\drivers
18:22:12.046 Service scanning
18:22:47.140 Modules scanning
18:23:18.046 Disk 0 trace - called modules:
18:23:18.046 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:23:18.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6a58f0]
18:23:18.046 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005e[0x8a6309e8]
18:23:18.046 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a61f940]
18:23:18.406 AVAST engine scan C:\WINDOWS
18:23:23.109 AVAST engine scan C:\WINDOWS\system32
18:27:42.000 AVAST engine scan C:\WINDOWS\system32\drivers
18:28:18.625 AVAST engine scan C:\Documents and Settings\Paul_2
18:28:25.000 File: C:\Documents and Settings\Paul_2\Application Data\Betcat\dat\Desktop.OS.dll **INFECTED** Win32:Webcake-A [Adw]
18:28:25.109 File: C:\Documents and Settings\Paul_2\Application Data\Betcat\dat\Dora.dat **INFECTED** Win32:Webcake-A [Adw]
18:28:25.296 File: C:\Documents and Settings\Paul_2\Application Data\Betcat\dat\Maintain.dat **INFECTED** Win32:Webcake-A [Adw]
18:28:25.406 File: C:\Documents and Settings\Paul_2\Application Data\Betcat\dat\Paladin.dat **INFECTED** Win32:Webcake-A [Adw]
18:28:25.562 File: C:\Documents and Settings\Paul_2\Application Data\Betcat\dat\Phoenix.dat **INFECTED** Win32:Webcake-A [Adw]
18:28:25.921 File: C:\Documents and Settings\Paul_2\Application Data\Betcat\WebCakeDesktop.exe **INFECTED** Win32:Webcake-A [Adw]
18:40:22.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Paul_2\Desktop\MBR.dat"
18:40:23.046 The log file has been saved successfully to "C:\Documents and Settings\Paul_2\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-20 20:54:11
-----------------------------
20:54:11.546 OS Version: Windows 5.1.2600 Service Pack 3
20:54:11.546 Number of processors: 1 586 0x409
20:54:11.546 ComputerName: USER-E862545A71 UserName: Paul_2
20:54:12.000 Initialize success
21:01:10.375 AVAST engine defs: 13111900
21:02:32.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
21:02:32.468 Disk 0 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 3
21:02:32.656 Disk 0 MBR read successfully
21:02:32.656 Disk 0 MBR scan
21:02:32.703 Disk 0 Windows XP default MBR code
21:02:32.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
21:02:32.718 Disk 0 scanning sectors +312560640
21:02:32.781 Disk 0 scanning C:\WINDOWS\system32\drivers
21:02:48.390 Service scanning
21:03:18.234 Modules scanning
21:06:35.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Paul_2\Desktop\MBR.dat"
21:06:35.734 The log file has been saved successfully to "C:\Documents and Settings\Paul_2\Desktop\aswMBR.txt"
OTL logfile created on: 20/11/2013 21:12:27 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Paul_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.19% Memory free
3.35 Gb Paging File | 2.65 Gb Available in Paging File | 79.16% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 33.45 Gb Free Space | 22.44% Space Free | Partition Type: NTFS
Computer Name: USER-E862545A71 | User Name: Paul_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Paul_2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\WINDOWS\system32\mkunicode.dll ()
MOD - C:\WINDOWS\system32\mmfinfo.dll ()
========== Services (SafeList) ==========
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Paul_2\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\DOCUME~1\Paul_2\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (RapportCerberus_59849) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys ()
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 C4 D8 9E 58 A1 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/25 00:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/14 15:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/14 15:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/25 00:11:58 | 000,000,000 | ---D | M]
[2013/07/13 21:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul_2\Application Data\Mozilla\Extensions
[2013/11/20 17:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/20 17:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/20 17:08:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013/11/03 01:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1349191978390 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCCFDC7E-C44D-4C7C-8F3A-86869B58B6B8}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/24 16:44:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/11/20 17:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/20 16:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\VS Revo Group
[2013/11/20 16:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2013/11/20 16:55:22 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2013/11/20 16:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2013/11/20 16:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/11/20 16:54:05 | 010,031,224 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Paul_2\Desktop\RevoUninProSetup.exe
[2013/11/19 21:25:40 | 001,898,232 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Paul_2\Desktop\rkill.com
[2013/11/16 22:23:31 | 000,000,000 | ---D | C] -- C:\RK_Quarantine
[2013/11/15 18:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Desktop\RK_Quarantine
[2013/11/14 22:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/11/13 22:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/13 22:15:13 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Paul_2\Desktop\esetsmartinstaller_enu.exe
[2013/11/13 21:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Application Data\Malwarebytes
[2013/11/13 21:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/13 21:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/11/13 21:14:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/11/13 21:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/13 21:08:50 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Paul_2\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/10 23:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\My Documents\Breast milk for men preview
[2013/11/05 00:03:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/11/04 23:50:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/03 22:23:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/03 01:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/11/03 01:05:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/11/03 01:01:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/11/03 01:01:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/11/03 01:01:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/11/03 01:01:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/11/03 00:24:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/03 00:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/11/02 22:25:34 | 005,143,186 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul_2\Desktop\ComboFix.exe
[2013/11/02 22:10:34 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul_2\Desktop\TDSSKiller.exe
[2013/11/02 19:07:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul_2\Desktop\OTL.exe
[2013/11/02 18:15:15 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Paul_2\Desktop\aswMBR.exe
[2013/10/23 00:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Desktop\Old Firefox Data
[2012/10/01 14:48:38 | 048,745,576 | ---- | C] (Safer-Networking Ltd. ) -- C:\Program Files\spybotsd-2.0.10-rc2.exe
[1 C:\Documents and Settings\Paul_2\*.tmp files -> C:\Documents and Settings\Paul_2\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/20 21:23:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B4DD41ED-D92A-4751-8FBA-5EC5BF6021DA}.job
[2013/11/20 21:06:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.dat
[2013/11/20 20:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/20 20:22:22 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/20 20:22:22 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/20 20:22:22 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/20 20:22:21 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1009.job
[2013/11/20 20:22:21 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/20 20:22:21 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/20 20:22:21 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1006.job
[2013/11/20 20:20:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/20 16:55:24 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/11/20 16:54:07 | 010,031,224 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Paul_2\Desktop\RevoUninProSetup.exe
[2013/11/20 00:30:00 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/11/19 22:25:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1009.job
[2013/11/19 17:00:08 | 001,898,232 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Paul_2\Desktop\rkill.com
[2013/11/18 00:55:47 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/16 21:23:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/15 19:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1006.job
[2013/11/15 18:53:31 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/15 18:22:28 | 003,679,744 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\RogueKiller.exe
[2013/11/15 17:22:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/15 00:54:31 | 021,566,942 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-USGbini 72.wmv
[2013/11/13 22:15:53 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Paul_2\Desktop\esetsmartinstaller_enu.exe
[2013/11/13 21:17:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/13 21:09:12 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Paul_2\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/13 20:10:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/11/12 23:31:02 | 000,277,099 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+Yykjq9jzXF2x.jpg
[2013/11/12 23:30:44 | 000,322,065 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-z-Ik_r18KKx.jpg
[2013/11/12 23:30:17 | 000,243,259 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-d2jj5FYLnXx.jpg
[2013/11/12 17:43:52 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/11/12 17:43:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/11/08 23:08:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/03 22:20:35 | 001,060,070 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\AdwCleaner.exe
[2013/11/03 01:16:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/11/03 01:05:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/11/02 22:25:38 | 005,143,186 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul_2\Desktop\ComboFix.exe
[2013/11/02 19:07:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul_2\Desktop\OTL.exe
[2013/11/02 18:52:12 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.zip
[2013/11/02 18:15:15 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Paul_2\Desktop\aswMBR.exe
[2013/11/01 15:54:18 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul_2\Desktop\TDSSKiller.exe
[2013/10/30 23:10:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/30 23:07:37 | 000,071,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\Documents and Settings\Paul_2\*.tmp files -> C:\Documents and Settings\Paul_2\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/20 16:55:24 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/11/15 18:22:27 | 003,679,744 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\RogueKiller.exe
[2013/11/15 00:54:22 | 021,566,942 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-USGbini 72.wmv
[2013/11/13 21:17:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/12 23:31:01 | 000,277,099 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+Yykjq9jzXF2x.jpg
[2013/11/12 23:30:43 | 000,322,065 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-z-Ik_r18KKx.jpg
[2013/11/12 23:30:15 | 000,243,259 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-d2jj5FYLnXx.jpg
[2013/11/03 22:20:30 | 001,060,070 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\AdwCleaner.exe
[2013/11/03 01:05:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/11/03 01:05:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/11/03 01:01:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/11/03 01:01:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/11/03 01:01:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/11/03 01:01:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/11/03 01:01:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/11/02 18:42:39 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.zip
[2013/11/02 18:40:22 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.dat
[2013/01/23 22:33:35 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\dt.dat
[2013/01/22 21:13:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/25 00:03:39 | 000,172,507 | ---- | C] () -- C:\WINDOWS\hpoins38.dat
[2012/10/25 00:03:39 | 000,000,548 | ---- | C] () -- C:\WINDOWS\hpomdl38.dat
[2012/10/04 12:33:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/10/04 12:28:36 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/10/01 15:35:23 | 000,000,961 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/10/01 01:12:03 | 000,069,780 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sjpsusgqpvupxbp
[2012/08/16 21:57:30 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jejtrhljsoaszej
[2012/06/03 20:20:13 | 000,161,744 | ---- | C] () -- C:\Program Files\0cres.dll
[2012/02/16 22:10:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/02 01:06:22 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2011/12/02 01:06:21 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2011/06/10 21:46:52 | 000,174,592 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/20 19:00:52 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\FASTWiz.html
========== ZeroAccess Check ==========
[2011/09/29 20:42:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 12:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879
< End of report >
Edited by cousinkevin, 20 November 2013 - 04:28 PM.