Harddrive diagnostics ??

can anyone help on this issue i have.
i have a virus called HardDrive which looks the same as harddrive diagnostics but the icon display for this virus is 4 jigsaw puzzle pieces instead of the block icon you get in your system defragger if that makes sense.

i have tried to remove with malwarebytes anti malware going through safe mode and using i explore to cancel the process but to no avail, now when i boot up even in safe mode the virus kicks in so i cannot even see my desktop and cannot use task manager (control alt delete) as it pops up that this has been disabled by my administrator even though i am logged in on that account ?

if i boot up in normal mode it gives the impression i am in safe mode but again i cannot see my desk top to run anything ?

any help on this would be very much appreciated as i'm in desparate need to get on it again to retrieve some work files ( i know i should of backed info up but its a bit too late for that)

does anyone have the activation code for this as i am thinking if i can activate it it will give me access to my desktop again ??

i am a total noobie to this sort of issue so any help would be gratefully received.

Thanks in advance for ANY help

Hello.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

hi there and thanks for the reply, thats the problem i cannot even get to my desk top even in safe mode !? and when i boot up normally it goes into like a spoof safe mode and again i cannot gain access to any programs or functions.

i was thinking if i went into the bios and pick boot from usb and have an external HDD with a copy of windows on it with up to date malware etc that i could run any programs from there ? or will having 2 copies of windows confuse the pc?

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
  
• Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  

• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
  
• Please post the contents of the OTL.txt file in your reply.
  

hi there i've burnt OTLPE to disk and booted from cd but when i double click on the OTLPE icon it asks BROWSE FOR FOLDER and the options are as follows

CHOOSE WINDOWS DIRECTORY

my computer
31/2 floppy(a)
ram disk (b)
local disk (c)
reatogo PE (x)
shared documents

FOLDER: MY COMPUTER

and its in like an apple window
when i click ok after it automatically put me on MY COMPUTER it comes up with

RUN SCANNER
NO WINDOWS INSTALLATION FOUND with just an ok button to confirm

when i click on the c drive and press ok again it comes up with
RUN SCANNER ERROR
TARGET IS NOT WINDOWS 2000 OR LATER with just an ok button to confirm

anything else i can try ??

hi there i have been playing round with the OTLPE and i pointed the scan to the windows file within the C drive but did not get the prompt to load remote registry but i got all the other prompts as you said and i have a copy of the .TXT file placed on my desktop but i cannot find the other file c:\ _OTL\ MOVEDFILES.
here is a copy the desktop file, hope this is correct.
Can you help me locate the other file as i have searched for it using the xplorer2_lite but cannot find it

OTL logfile created on: 3/8/2011 2:08:05 AM - Run
OTLPE by OldTimer - Version 3.1.45.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 20.74 Gb Free Space | 13.92% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet005

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/10/13 07:53:40 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Disabled] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2010/10/13 07:36:02 | 001,406,264 | ---- | M] (Virgin Media) [Disabled] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2010/09/14 09:06:50 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand] -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll -- (scan)
SRV - [2010/01/04 07:17:30 | 000,165,408 | ---- | M] (Virgin Media) [Auto] -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/01/04 07:16:30 | 000,371,920 | ---- | M] (Virgin Media) [Auto] -- C:\Program Files\Virgin Media\Security\Fws.exe -- (RP_FWS)
SRV - [2009/11/02 10:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/06/08 07:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [Disabled] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/06/08 07:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [Disabled] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2008/05/26 11:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Disabled] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2007/12/16 23:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/02/05 04:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 04:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/10 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/13 20:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/13 20:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/13 19:46:16 | 000,057,344 | ---- | M] () [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/04/06 11:03:28 | 000,110,592 | ---- | M] () [Disabled] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2004/05/06 06:21:04 | 000,496,640 | ---- | M] () [Disabled] -- C:\WINDOWS\system32\ASWLSVC.exe -- (ASWLSVC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\bunny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\bunny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKU\bunny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\bunny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 8A E4 21 83 43 CB 01 [binary data]
IE - HKU\bunny_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\bunny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\bunny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes




O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\bunny_ON_C\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\bunny_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKU\bunny_ON_C..\Run: [{AEC7D994-D065-E5EF-0607-402F9EDFD841}] C:\Documents and Settings\bunny\Application Data\Exzuy\quxou.exe ()
O4 - HKU\bunny_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\bunny_ON_C..\Run: [EPSON BX300F Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\bunny_ON_C..\Run: [FGKMiKxxbMcsY.exe] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\bunny_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\bunny_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} [You must be registered and logged in to see this link.] (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (pdboot.exe) - C:\windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll) - C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll (ACTS)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/02 02:24:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/03/02 02:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Hard Drive
[2011/03/01 19:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Start Menu\Programs\Hard Drive
[2011/03/01 15:59:51 | 038,357,320 | ---- | C] (PC Tools ) -- C:\Documents and Settings\bunny\Desktop\8.0.0.623j-SDAFFsetup_en-RevenueWire(207).exe
[2011/03/01 13:12:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bunny\Recent
[2011/03/01 12:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Start Menu\Programs\Windows Disk
[2011/02/27 15:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Application Data\Mytu
[2011/02/27 15:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Application Data\Exzuy
[2011/02/19 04:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Desktop\pkg
[2011/02/12 06:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\AllToAVI
[2008/06/30 08:34:44 | 000,151,552 | ---- | C] ( ) -- C:\windows\rsnp2std.dll
[2008/06/30 08:34:30 | 000,077,824 | ---- | C] ( ) -- C:\windows\System32\csnp2std.dll
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/07 16:16:10 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Hard Drive.lnk
[2011/03/07 16:16:10 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Shortcut to uTorrent.lnk
[2011/03/07 16:16:10 | 000,000,443 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\bluetooth.lnk
[2011/03/07 12:04:04 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/07 11:55:01 | 000,000,236 | ---- | M] () -- C:\windows\tasks\OGALogon.job
[2011/03/07 11:54:59 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/03/02 14:59:27 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2011/03/02 02:24:08 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hard Drive.lnk
[2011/03/01 22:31:43 | 000,081,191 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2011/03/01 15:59:51 | 038,357,320 | ---- | M] (PC Tools ) -- C:\Documents and Settings\bunny\Desktop\8.0.0.623j-SDAFFsetup_en-RevenueWire(207).exe
[2011/03/01 15:39:21 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Shortcut to iExplore.lnk
[2011/03/01 15:34:40 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\shell.reg
[2011/03/01 14:03:21 | 000,693,448 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
[2011/03/01 13:20:12 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Windows Disk.lnk
[2011/02/28 17:16:42 | 003,527,664 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\3010-0006 HDS - AVPM.zip
[2011/02/28 16:59:23 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2011/02/28 15:27:44 | 000,017,955 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\GuySmiley.jpg
[2011/02/27 15:02:35 | 000,037,680 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\4.jpg
[2011/02/27 14:50:56 | 000,006,003 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\3rd.jpg
[2011/02/25 14:42:44 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/22 15:33:48 | 000,092,014 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\all the girls.jpg
[2011/02/21 18:38:23 | 000,531,932 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/02/21 18:38:23 | 000,092,036 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/02/20 07:32:20 | 001,630,680 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Big Carp Bait Secrets[1].pdf
[2011/02/14 14:49:31 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\bunny\default.pls
[2011/02/13 09:58:01 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\bunny\Desktop\Virgin Media - Broadband, digital TV, phone & mobile phone plus broadband.url
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/02 02:24:08 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard Drive.lnk
[2011/03/01 19:38:45 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Hard Drive.lnk
[2011/03/01 15:39:21 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Shortcut to iExplore.lnk
[2011/03/01 15:39:21 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\shell.reg
[2011/03/01 14:02:35 | 000,693,448 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
[2011/03/01 13:20:11 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Windows Disk.lnk
[2011/02/28 17:16:39 | 003,527,664 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\3010-0006 HDS - AVPM.zip
[2011/02/28 15:28:02 | 000,017,955 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\GuySmiley.jpg
[2011/02/27 15:06:39 | 000,037,680 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\4.jpg
[2011/02/27 14:51:03 | 000,006,003 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\3rd.jpg
[2011/02/22 15:33:33 | 000,092,014 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\all the girls.jpg
[2011/02/20 07:32:19 | 001,630,680 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Big Carp Bait Secrets[1].pdf
[2011/02/17 15:56:35 | 003,079,067 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\P9131236.JPG
[2011/02/17 15:49:46 | 003,621,544 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\DSC00071.JPG
[2011/02/12 20:33:12 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\bunny\Desktop\Virgin Media - Broadband, digital TV, phone & mobile phone plus broadband.url
[2011/02/12 09:32:54 | 000,494,696 | ---- | C] () -- C:\Documents and Settings\bunny\My Documents\P3HUB2 Firmware1.71.mHex
[2010/12/06 08:58:56 | 002,496,715 | ---- | C] () -- C:\windows\System32\abgx360.exe
[2010/12/04 09:20:58 | 000,000,129 | ---- | C] () -- C:\windows\POSTER.INI
[2010/08/02 23:18:00 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2010/08/01 05:18:29 | 000,250,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/31 04:05:53 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2010/06/29 15:08:22 | 000,000,332 | ---- | C] () -- C:\windows\desctemp.dat
[2010/04/05 19:58:37 | 000,012,188 | -HS- | C] () -- C:\Documents and Settings\bunny\Local Settings\Application Data\K6sEH5Ir2Is
[2010/04/05 14:11:58 | 000,012,594 | -HS- | C] () -- C:\Documents and Settings\bunny\Local Settings\Application Data\GbW53PfLB
[2010/03/22 17:52:36 | 000,011,384 | -HS- | C] () -- C:\Documents and Settings\bunny\Local Settings\Application Data\Mh3jm32txN
[2010/02/05 18:51:56 | 000,013,304 | ---- | C] () -- C:\windows\System32\drivers\BTNetFilter.sys
[2010/02/05 18:51:56 | 000,011,860 | ---- | C] () -- C:\windows\System32\drivers\vbtenum.sys
[2010/02/01 18:05:46 | 000,053,299 | ---- | C] () -- C:\windows\System32\pthreadVC.dll
[2009/12/17 18:37:10 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/08 13:44:24 | 051,699,232 | -HS- | C] () -- C:\windows\System32\drivers\fidbox.dat
[2009/11/08 13:44:06 | 000,718,880 | -HS- | C] () -- C:\windows\System32\drivers\fidbox2.dat
[2009/10/21 08:20:08 | 000,005,504 | ---- | C] () -- C:\windows\System32\drivers\StarOpen_x86.sys
[2009/08/08 11:31:57 | 000,532,480 | ---- | C] () -- C:\windows\System32\CddbPlaylist2Sony.dll
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 09:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/03/29 17:01:18 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2009/03/29 17:01:17 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2009/03/29 17:01:17 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2009/03/29 17:01:17 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2009/03/29 17:01:17 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2009/03/29 17:01:17 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2009/03/29 17:01:17 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2009/03/29 17:01:17 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2009/03/29 17:01:17 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2009/03/29 17:01:17 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2009/03/29 17:01:17 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat
[2009/03/29 17:01:17 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2009/03/29 17:01:17 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2009/03/29 17:01:17 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2009/03/29 17:01:17 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2009/03/29 17:01:17 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2009/03/29 17:01:17 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat
[2009/03/29 17:01:17 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat
[2009/03/29 17:01:17 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2009/03/29 16:55:23 | 000,000,025 | ---- | C] () -- C:\windows\CDEBX300DEFGIPS.ini
[2008/07/15 11:16:08 | 000,000,036 | ---- | C] () -- C:\windows\marscam.ini
[2008/06/30 08:34:50 | 000,015,497 | ---- | C] () -- C:\windows\snp2std.ini
[2008/06/30 08:34:48 | 000,024,832 | ---- | C] () -- C:\windows\System32\drivers\sncamd.sys
[2008/06/30 08:34:46 | 012,006,784 | ---- | C] () -- C:\windows\System32\drivers\snp2sxp.sys
[2008/04/09 16:01:38 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\bunny\default.pls
[2008/04/08 13:52:04 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2008/04/05 12:26:35 | 000,208,384 | ---- | C] () -- C:\Documents and Settings\bunny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/01 10:54:41 | 000,021,265 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2008/03/31 12:08:08 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2008/03/30 15:25:46 | 000,516,096 | ---- | C] () -- C:\windows\System32\ASWL2K.exe
[2008/03/30 15:25:46 | 000,496,640 | ---- | C] () -- C:\windows\System32\ASWLSVC.exe
[2008/03/30 15:25:46 | 000,159,827 | ---- | C] () -- C:\windows\System32\RemSvc.exe
[2006/08/23 20:03:02 | 000,442,368 | ---- | C] () -- C:\windows\System32\nvappbar.exe
[2006/08/23 20:03:02 | 000,196,608 | ---- | C] () -- C:\windows\System32\nvapi.dll
[2006/08/23 20:03:00 | 001,519,616 | ---- | C] () -- C:\windows\System32\nwiz.exe
[2006/08/23 20:03:00 | 000,425,984 | ---- | C] () -- C:\windows\System32\keystone.exe
[2006/08/23 20:02:58 | 001,662,976 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2006/08/23 20:02:58 | 001,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2006/08/23 20:02:58 | 000,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2006/08/23 20:02:58 | 000,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2006/08/23 20:02:56 | 001,470,464 | ---- | C] () -- C:\windows\System32\nview.dll
[2006/08/23 20:02:56 | 001,339,392 | ---- | C] () -- C:\windows\System32\nvdspsch.exe
[2006/08/23 20:02:56 | 000,581,632 | ---- | C] () -- C:\windows\System32\nvhwvid.dll
[2006/08/03 17:07:27 | 000,000,070 | ---- | C] () -- C:\windows\798F9493.ini
[2006/08/03 16:35:42 | 000,006,550 | ---- | C] () -- C:\windows\jautoexp.dat
[2006/08/03 16:32:53 | 000,663,552 | ---- | C] () -- C:\windows\System32\libeay32_1-1-0_DDR.dll
[2006/08/03 16:32:53 | 000,532,594 | ---- | C] () -- C:\windows\System32\xerces-c_1_40_0_DDR.dll
[2006/08/03 16:32:53 | 000,524,377 | ---- | C] () -- C:\windows\System32\stlport_4_0_0_DDR.dll
[2006/08/03 16:32:53 | 000,307,329 | ---- | C] () -- C:\windows\System32\BJBase_2-2-2_DDR.dll
[2006/08/03 16:32:53 | 000,159,744 | ---- | C] () -- C:\windows\System32\ssleay32_1-1-0_DDR.dll
[2006/08/03 16:26:42 | 000,024,576 | R--- | C] () -- C:\windows\System32\AsIO.dll
[2006/08/03 16:26:42 | 000,005,685 | R--- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2006/08/03 16:26:40 | 000,005,120 | ---- | C] () -- C:\windows\System32\drivers\AsInsHelp64.sys
[2006/08/03 16:26:40 | 000,003,328 | ---- | C] () -- C:\windows\System32\drivers\AsInsHelp32.sys
[2006/08/03 16:25:30 | 000,063,232 | R--- | C] () -- C:\windows\System32\drivers\mv614x.sys
[2006/08/03 16:21:26 | 000,143,360 | R--- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2006/08/03 16:21:26 | 000,049,152 | R--- | C] () -- C:\windows\System32\ChCfg.exe
[2006/08/03 16:17:48 | 000,005,810 | R--- | C] () -- C:\windows\System32\drivers\ASACPI.sys
[2006/08/03 16:17:31 | 000,005,824 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2006/03/18 08:16:04 | 000,540,178 | ---- | C] () -- C:\windows\System32\x264vfw.dll
[2004/08/03 19:07:22 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin
[2004/08/03 16:59:54 | 000,062,976 | ---- | C] () -- C:\windows\System32\drivers\cdrom.sys
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2003/07/29 10:03:48 | 000,073,728 | ---- | C] () -- C:\windows\System32\btsendto_ie.dll
[2003/07/29 10:02:50 | 000,065,536 | ---- | C] () -- C:\windows\System32\btsendto_wab.dll
[2003/07/29 09:56:42 | 000,065,536 | ---- | C] () -- C:\windows\System32\btprn2k.dll
[2003/07/01 06:29:10 | 000,022,183 | ---- | C] () -- C:\windows\System32\drivers\btserial.sys
[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2002/01/01 12:19:20 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2002/01/01 12:12:16 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2002/01/01 11:43:31 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2002/01/01 11:41:41 | 000,196,160 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2001/08/23 07:00:00 | 000,531,932 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2001/08/23 07:00:00 | 000,092,036 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\windows\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat

========== LOP Check ==========

[2010/09/04 14:34:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Radialpoint
[2011/01/22 11:36:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Virgin Media
[2010/08/03 16:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Izta
[2010/08/03 14:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Yrinfo
[2011/02/07 14:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Affinegy
[2011/01/14 16:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Azureus
[2010/08/28 03:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\CBL-Electronics
[2008/09/23 19:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/29 05:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Datel
[2010/12/26 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\DriverCure
[2009/05/19 21:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\EPSON
[2011/02/27 15:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Exzuy
[2008/12/09 19:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\ImgBurn
[2009/12/18 16:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\ImTOO Software Studio
[2011/03/01 13:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Inoqm
[2011/03/01 13:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Mytu
[2010/01/22 17:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\NCH Swift Sound
[2011/02/28 17:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Ofyqim
[2008/10/15 10:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\ooVoo Details
[2010/08/28 05:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Radialpoint
[2008/07/08 15:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Snapfish
[2008/07/21 20:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\TomTom
[2011/03/01 16:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\uTorrent
[2011/01/22 11:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\Virgin Media
[2010/01/22 17:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bunny\Application Data\WinFF
[2011/03/07 11:55:01 | 000,000,236 | ---- | M] () -- C:\windows\Tasks\OGALogon.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/11/29 10:04:40 | 000,000,040 | ---- | M] ()(C:\windows\System32\????????????????????????????????????g) -- C:\windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/11/08 13:40:37 | 000,000,040 | ---- | C] ()(C:\windows\System32\????????????????????????????????????g) -- C:\windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
< End of report >

Hello.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  IE - HKU\bunny_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKU\bunny_ON_C\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
  O4 - HKU\bunny_ON_C..\Run: [{AEC7D994-D065-E5EF-0607-402F9EDFD841}] C:\Documents and Settings\bunny\Application Data\Exzuy\quxou.exe ()
  O4 - HKU\bunny_ON_C..\Run: [FGKMiKxxbMcsY.exe] File not found
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
  O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
  O7 - HKU\bunny_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
  O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll) - C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll (ACTS)
  [2011/03/02 02:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Hard Drive
  [2011/03/01 19:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Start Menu\Programs\Hard Drive
  [2011/03/01 12:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Start Menu\Programs\Windows Disk
  [2011/02/27 15:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Application Data\Mytu
  [2011/02/27 15:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bunny\Application Data\Exzuy
  
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

followed your instructions and here you go

========== OTL ==========
Registry value HKEY_USERS\bunny_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\bunny_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\bunny_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\{AEC7D994-D065-E5EF-0607-402F9EDFD841} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEC7D994-D065-E5EF-0607-402F9EDFD841}\ not found.
C:\Documents and Settings\bunny\Application Data\Exzuy\quxou.exe moved successfully.
Registry value HKEY_USERS\bunny_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\FGKMiKxxbMcsY.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\bunny_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Session Manager\AppCertDlls\\AppSecDll:C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll moved successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Hard Drive folder moved successfully.
C:\Documents and Settings\bunny\Start Menu\Programs\Hard Drive folder moved successfully.
C:\Documents and Settings\bunny\Start Menu\Programs\Windows Disk folder moved successfully.
C:\Documents and Settings\bunny\Application Data\Mytu folder moved successfully.
C:\Documents and Settings\bunny\Application Data\Exzuy folder moved successfully.

OTLPE by OldTimer - Version 3.1.45.0 log created on 03092011_114043

i hope this helps you out ! And again many thanks for the assistance

Okay, now boot into normal mode in Windows, see if it will boot properly now.

so far so good i can boot up normally with my usual account profile and also i can boot into safe mode with the administrator account profile and also safe mode with networking with my administrator account.
however it seems that my desktop picture is of the spoof safe mode when i boot up normally and unable to change it but i suppose this is due to you having made me run a command of some sort?

i also have 2 icons of virus on my desktop of disk manager and hard drive when logging in as normal

but when i log into safe mode using administrator account i only have the harddrive icon

i presume because i semi removed the disk manager virus just prior to all this

what would be the next course of action to completely remove these 2 ?

again many thanks for the assistance

Don't worry about anything just yet, we got the machine working now so lets kill whatever is left.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

heres the copy of MBAM log .......

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6014

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/11/2011 1:23:01 AM
mbam-log-2011-03-11 (01-23-01).txt

Scan type: Quick scan
Objects scanned: 161471
Time elapsed: 14 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)


i did as you asked and removed the 4 files which was showing ......

whats next on the adgenda ?

you have been a real help ans so much appreciate all the help!

Hello.

• Download combofix from here
  Link 1
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

hi there here is the combofix log

ComboFix 11-03-11.01 - bunny 03/12/2011 1:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2694 [GMT 0:00]
Running from: E:\Combo-Fix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\bunny\Desktop\Windows Disk.lnk
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qs.txt
c:\windows\system32\system
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-02-12 to 2011-03-12 )))))))))))))))))))))))))))))))
.
.
2011-03-09 16:40 . 2011-03-09 16:40 -------- d-----w- C:\_OTL
2011-03-02 07:24 . 2011-03-02 07:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-02-12 11:35 . 2011-02-12 18:56 -------- d-----w- c:\program files\AllToAVI
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 18:09 . 2010-07-31 12:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-07-31 12:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-24 86016]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-02 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2010-10-13 4314424]
"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2010-10-13 2032952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2003-01-27 16:16 376912 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Control Center]
2005-09-13 20:55 1668096 ----a-w- c:\program files\ASUS\WLAN Card Utilities\Center.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 02:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 16:27 5248312 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-24 01:03 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-09-06 03:44 16262656 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 03:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 16:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SSScsiSV"=3 (0x3)
"SPTISRV"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"NBService"=3 (0x3)
"iPod Service"=3 (0x3)
"EPSON_PM_RPCV4_01"=2 (0x2)
"EPSON_EB_RPCV4_01"=2 (0x2)
"btwdins"=2 (0x2)
"BthServ"=2 (0x2)
"Browser"=2 (0x2)
"YahooAUService"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)
"ose"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"rpcapd"=2 (0x2)
"idsvc"=3 (0x3)
"TomTomHOMEService"=2 (0x2)
"ServicepointService"=2 (0x2)
"RadialpointIDSAgent"=2 (0x2)
"PDEngine"=3 (0x3)
"PDAgent"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"NMIndexingService"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"IDriverT"=3 (0x3)
"HsdService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ASWLSVC"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AffinegyService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Documents and Settings\\bunny\\My Documents\\utorrents\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [8/3/2006 9:25 PM 63232]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [3/30/2008 9:44 PM 11886]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [8/3/2006 9:25 PM 35712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [8/3/2006 9:17 PM 5824]
S3 Navcar;Navman In-car Navigator USB Driver Service;c:\windows\system32\drivers\Navcar.sys [3/28/2010 11:11 PM 30329]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [1/22/2011 4:36 PM 1406264]
S4 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [1/22/2011 4:35 PM 689464]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Trusted Zone: skillport.com
Trusted Zone: skilwsa.com
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp--FreedomNeedsReboot - c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe
MSConfigStartUp-Broadbandadvisor - c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe
MSConfigStartUp-DigitalHomeSupport - c:\program files\Virgin Media\Digital Home Support\DigitalHomeSupport.exe
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
MSConfigStartUp-VirginMediaHUB - c:\program files\Virgin Media\HUB\VirginMediaHUB.exe
HKLM_ActiveSetup-{0AE0334B-5CD1-4168-92D7-5FE18D4AC681} - xjnerwlq.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-03-12 02:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Virgin Broadband Wireless\ndis_events.exe
c:\program files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
.
**************************************************************************
.
Completion time: 2011-03-12 02:23:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-12 02:23
.
Pre-Run: 22,504,644,608 bytes free
Post-Run: 22,383,587,328 bytes free
.
- - End Of File - - 49C6A730232CA2225A646730E686C8A7

Microsoft Windows Recovery Console was not installed on my machine but i followed the on screen prompts via combofix, hope this helps .

regards

D

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

ok done that and here is the log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=7664868a066f544e8c940a3931f3862
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-13 02:45:52
# local_time=2011-03-13 02:45:52 (+0000, GMT Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 32604566 32604566 0 0
# compatibility_mode=1024 16777215 100 0 31548106 31548106 0 0
# compatibility_mode=8192 67108863 100 0 3716 3716 0 0
# scanned=73866
# found=4
# cleaned=4
# scan_time=7911
C:\Documents and Settings\bunny\Application Data\Sun\Java\Deployment\cache\6.0\22\24993596-719228a6 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\bunny\Application Data\Sun\Java\Deployment\cache\6.0\32\640116e0-55654657 a variant of Java/TrojanDownloader.OpenStream.NBI trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\bunny\Application Data\Sun\Java\Deployment\cache\6.0\62\772442be-4a70ab14 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\bunny\My Documents\Azureus Downloads\Nero 7 Premium Reloaded 7.10.1.0 & Keygen\Nero-7.10.1.0_all_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C


i still have a hard\drive icon on my desktop but it looks now more like a window(white rectangle with a blue line and three dots in the top right corner.) is this just a short cut which just needs to be deleted as the main program has been removed ?

whats next in line ?

many thanks
D

Hello.

Please download CKScanner by askey127 from here
Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify that the file is saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  

hi i've ran the scanner and the results are below

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\bunny\my documents\azureus downloads\nero 7 premium reloaded 7.10.1.0 & keygen\readme.txt
scanner sequence 3.AP.11
----- EOF -----

i think were getting there now but whats next ??

many thanks

D

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\documents and settings\bunny\my documents\azureus downloads\nero 7 premium reloaded 7.10.1.0 & keygen
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

hi there i hav done that and here is the log .........

========== FILES ==========
c:\documents and settings\bunny\my documents\azureus downloads\Nero 7 Premium Reloaded 7.10.1.0 & Keygen folder moved successfully.

OTLPE by OldTimer - Version 3.1.45.0 log created on 03162011_173551


any else i need to do now ?


many thanks

D

Hello.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

hi there her is the list from hijack this......


µTorrent
ABBYY FineReader 6.0 Sprint
abgx360 v1.0.5
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS WLAN Card Utilities/Driver
Athlon 64 Processor Driver
Attansic Giga Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
Azureus
BlueSoleil
Bonjour
BroadJump Client Foundation
CCleaner
Cool & Quiet
coverXP (remove only)
Critical Update for Windows Media Player 11 (KB959772)
DVD Decrypter (Remove Only)
EPSON BX300F Series Printer Uninstall
Epson Easy Photo Print 2
EPSON Scan
EPSON Stylus Office BX300F_TX300F Manual
EPSON Web-To-Page
ESET Online Scanner v3
Games Engine
Games Engine
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
Java(TM) 6 Update 5
Look 1320 V2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Navman F Series Connection Pack
Nero 7 Ultra Edition
neroxml
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PC Probe II
PeerGuardian 2.0
PerfectDisk 10 Professional
Photo Viewer
PhotoScape
PowerQuest PartitionMagic 8.0
QuickTime
Realtek High Definition Audio Driver
RPS CRT
RPS CRT
RPS PerfectDiskStub
RPS RpsCore
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
SIMCardReaderPro
SonicStage 4.3
Speccy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
Virgin Media HUB 3.5.12
Virgin Media Security
WBFS Manager 3.0
WIDCOMM Bluetooth Software
WiFi Engine
Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XPort 360
Yahoo! Messenger

anything else i need to do now ??

many thanks


D

Hello.

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

µTorrent
Adobe Reader 9.4.2
Azureus
Java(TM) 6 Update 5

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 24.
  
• Click the "Download JRE" button to the right.
  
• In the Window that opens, select your platform, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u24-windows-i586.exe that you downloaded to install the newest version.
  

Then download and install Adobe Reader X

How is the machine running now?

Hi there i know the threat of using utorrent however this is a piece of software that i use often so i have kept that installed however i have removed the following

Adobe Reader 9.4.2
Java(TM) 6 Update 5

and i have followed your instructions on updating java and adobe reader x

when i try to unistall Azureus using the control panel / add remove programs a window pops up saying "couldn't load main class" ?

Is there a way i can remove this ?

Also would you recommend that i also uninstall the following now

eset online scanner 3
hijack this

The machine now seems to be working as normal now and would like to thank you so much in restoring it back to working condition your knowledge and help has been invaluable to me ! thank you again so much and be rest assured i will spread the word of how helpful GeekPolice has been to me to my friends and work colleagues!

Hello.

Please download Revo Uninstall from here: Revo Uinstaller

1. Download and run the setup file for Revo Uninstaller.
   
2. Once setup, run Revo Uninstaller.
   
3. Select the following item for removal by clicking on it once.
   
   Azureus
   
   
4. Then hit the "Uninstall" button at the top.
   
5. Close Revo Uninstaller.
   

Did that remove Azureus?