mutantdale

Seems to run fine thank you. Your help was great....

Scan 3 and nothing found.. Logs attached system-log.txt mbar-log-2012-11-12 (07-20-22).txt

Scan 2 found 1 more so I am leaving scan 3 going while I go to work..

First scan is done logs attached. I have just started the second scan and will leave it to run while i sleep. Thank you for the help so far system-log.txt mbar-log-2012-11-11 (22-01-14).txt

The rest of the startup items have appeared it just took a while..

It has booted up. None of the usual items that load on startup have loaded except avast which I will be getting rid of soon for a paid copy of malwarebytes instead :-) What next as I'm guessing ukash is still there

========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Update deleted successfully. C:\WINDOWS\system32\wgsdgsdgdsgsd.exe moved successfully. Registry value HKEY_USERS\Dale.HOMESVILLE_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\irociivikcurwyz deleted successfully. Registry value HKEY_USERS\Dale.HOMESVILLE_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Update deleted successfully. File C:\WINDOWS\system32\wgsdgsdgdsgsd.exe not found. File C:\WINDOWS\System32\wgsdgsdgdsgsd.exe not found. C:\Documents and Settings\All Users.WINDOWS\Application Data\aueztifxssetqvq moved successfully. OTLPE by OldTimer - Version 3.1.48.0 log created on 11112012_200622

Error: Unable to interpret <:OTLO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O4 - HKLM..\Run: [update] C:\WINDOWS\system32\wgsdgsdgdsgsd.exe ()O4 - HKU\Dale.HOMESVILLE_ON_C..\Run: [irociivikcurwyz] File not foundO4 - HKU\Dale.HOMESVILLE_ON_C..\Run: [update] C:\WINDOWS\system32\wgsdgsdgdsgsd.exe ()[2012/11/09 16:33:41 | 000,158,720 | ---- | M] () -- C:\WINDOWS\System32\wgsdgsdgdsgsd.exe[2012/09/29 12:29:07 | 000,069,780 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\aueztifxssetqvq> in the current context! OTLPE by OldTimer - Version 3.1.48.0 log created on 11112012_193105

OTLPE log below OTL logfile created on: 11/11/2012 6:02:02 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 6.35 Gb Free Space | 17.03% Space Free | Partition Type: NTFS Drive D: | 37.27 Gb Total Space | 21.28 Gb Free Space | 57.09% Space Free | Partition Type: NTFS Drive E: | 232.88 Gb Total Space | 43.79 Gb Free Space | 18.80% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet004 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- -- (HidServ) SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - [2012/09/29 13:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 13:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/05/12 09:10:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist) SRV - [2008/11/11 03:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5) DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand] -- -- (FsUsbExDisk) DRV - File not found [Kernel | On_Demand] -- -- (dgderdrv) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2012/09/29 13:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011/03/13 03:47:26 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pssdklbf.sys -- (PSSDKLBF) DRV - [2011/01/26 17:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2010/09/04 05:57:34 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009/12/07 06:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2009/12/07 06:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2009/02/26 06:40:10 | 000,099,856 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/05/08 16:23:22 | 000,238,080 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2008/02/14 09:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt) DRV - [2007/11/20 22:09:22 | 000,104,320 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007/07/19 17:44:54 | 000,110,120 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pnp680r.sys -- (Pnp680r) DRV - [2004/08/14 13:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1&ucc=GB&dcc=GB&opt=0&ocid=iehp IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 4B B4 8A 26 91 CD 01 [binary data] IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Dale.HOMESVILLE_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en-uk IE - HKU\Dale.HOMESVILLE_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\Dale.HOMESVILLE_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LocalService.NT_AUTHORITY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/25 03:39:25 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKU\Dale.HOMESVILLE_ON_C\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [update] C:\WINDOWS\system32\wgsdgsdgdsgsd.exe () O4 - HKU\Dale.HOMESVILLE_ON_C..\Run: [irociivikcurwyz] File not found O4 - HKU\Dale.HOMESVILLE_ON_C..\Run: [update] C:\WINDOWS\system32\wgsdgsdgdsgsd.exe () O4 - Startup: C:\Documents and Settings\Dale.HOMESVILLE\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Documents and Settings\Dale.HOMESVILLE\Local Settings\Application Data\vghd\bin\vghd.exe (Totem Entertainment) O4 - Startup: C:\Documents and Settings\Dale.HOMESVILLE\Start Menu\Programs\Startup\Dropbox.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Dale.HOMESVILLE_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\Dale.HOMESVILLE_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\Dale.HOMESVILLE_ON_C Winlogon: Shell - (C:\Documents and Settings\Dale.HOMESVILLE\Application Data\msconfig.dat) - File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/05/12 08:36:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/11/10 15:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware [2012/11/09 16:42:01 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/11/05 14:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\RealNetworks [2012/11/03 08:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dale.HOMESVILLE\Desktop\Ebay [2012/10/21 04:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dale.HOMESVILLE\Start Menu\Programs\VirtuaGirl [2012/10/21 04:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dale.HOMESVILLE\Local Settings\Application Data\vghd [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/10 16:05:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/11/09 16:42:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/11/09 16:42:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-1532298954-839522115-1004.job [2012/11/09 16:41:33 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-1532298954-839522115-1004.job [2012/11/09 16:40:15 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/11/09 16:40:05 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express FilesUpdate.job [2012/11/09 16:33:41 | 000,158,720 | ---- | M] () -- C:\WINDOWS\System32\wgsdgsdgdsgsd.exe [2012/11/09 16:25:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/11/08 14:51:11 | 000,059,840 | ---- | M] () -- C:\Documents and Settings\Dale.HOMESVILLE\Desktop\wes.jpg [2012/11/08 14:36:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/11/04 09:39:01 | 001,309,126 | ---- | M] () -- C:\Documents and Settings\Dale.HOMESVILLE\Desktop\attachments_2012_11_04.zip [2012/11/04 05:24:45 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\Dale.HOMESVILLE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/11/03 08:44:48 | 000,175,839 | ---- | M] () -- C:\Documents and Settings\Dale.HOMESVILLE\Desktop\DSCN3879.JPG [2012/11/03 08:44:48 | 000,121,017 | ---- | M] () -- C:\Documents and Settings\Dale.HOMESVILLE\Desktop\ZM0095DMillward1.pdf [2012/10/28 02:15:41 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/10/28 02:15:41 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/10/23 10:09:32 | 083,023,306 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\gifnocsm.pad [2012/10/23 05:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/10/23 05:21:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/10/23 05:20:55 | 083,023,306 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\sqj.pad [2012/10/21 04:14:40 | 000,001,165 | ---- | M] () -- C:\Documents and Settings\Dale.HOMESVILLE\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/09 16:33:47 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\wgsdgsdgdsgsd.exe [2012/11/08 14:51:49 | 000,059,840 | ---- | C] () -- C:\Documents and Settings\Dale.HOMESVILLE\Desktop\wes.jpg [2012/11/04 09:38:57 | 001,309,126 | ---- | C] () -- C:\Documents and Settings\Dale.HOMESVILLE\Desktop\attachments_2012_11_04.zip [2012/11/03 08:45:06 | 000,175,839 | ---- | C] () -- C:\Documents and Settings\Dale.HOMESVILLE\Desktop\DSCN3879.JPG [2012/11/03 08:45:06 | 000,121,017 | ---- | C] () -- C:\Documents and Settings\Dale.HOMESVILLE\Desktop\ZM0095DMillward1.pdf [2012/10/23 09:59:57 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\gifnocsm.pad [2012/10/23 05:20:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/10/23 05:19:58 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\sqj.pad [2012/10/21 04:14:40 | 000,001,165 | ---- | C] () -- C:\Documents and Settings\Dale.HOMESVILLE\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2012/10/06 15:16:33 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\rt1.bmp [2012/10/06 15:16:29 | 000,253,366 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\rt1.png [2012/10/06 15:14:17 | 002,359,350 | -HS- | C] () -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\rt1.bmp [2012/09/29 12:29:07 | 000,069,780 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\aueztifxssetqvq [2012/09/12 14:52:33 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\msconfig.ini [2012/05/30 04:03:26 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Dale.HOMESVILLE\Local Settings\Application Data\recently-used.xbel [2012/02/16 12:40:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/12/23 15:58:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011/02/19 15:40:30 | 000,000,445 | ---- | C] () -- C:\Documents and Settings\Dale.HOMESVILLE\test [2011/01/04 11:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011/01/04 11:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011/01/04 11:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011/01/04 11:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2010/09/25 08:59:33 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010/09/20 01:19:33 | 000,068,640 | ---- | C] () -- C:\WINDOWS\unTMV.exe [2010/08/30 11:03:07 | 000,136,192 | ---- | C] () -- C:\Documents and Settings\Dale.HOMESVILLE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/29 08:04:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2010/08/29 07:41:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2010/08/29 07:20:50 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2010/08/29 07:20:22 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2010/08/29 07:20:18 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2010/08/29 07:20:18 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2010/08/29 06:39:52 | 000,013,598 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2010/08/29 06:39:30 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010/08/29 06:39:20 | 000,013,355 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010/08/29 06:39:20 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010/08/29 06:29:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/08/29 06:28:29 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/29 05:58:46 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\$_hpcst$.hpc [2010/08/29 05:46:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/08/29 05:40:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/10/28 12:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2008/07/21 10:14:10 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 07:00:00 | 000,436,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 07:00:00 | 000,068,796 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2012/09/12 22:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit [2012/09/12 15:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ProgSense [2012/10/06 23:49:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\Application Data\System [2010/08/29 06:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\Acreon [2012/05/30 06:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\BitLord [2012/01/15 16:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\BitTorrent [2012/08/04 09:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\Cyne [2012/11/09 16:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\Dropbox [2012/01/15 16:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\Ebcup [2012/08/04 10:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\ExpressFiles [2011/03/13 03:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\GrabPro [2012/08/04 11:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\Isuxuh [2010/08/29 05:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\Moyea [2012/11/04 10:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\Orbit [2011/03/13 03:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\ProgSense [2012/05/27 04:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\Python-Eggs [2012/08/03 14:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\Qelyh [2012/01/09 05:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\Samsung [2012/10/06 15:16:23 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\System [2011/11/30 16:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\TS3Client [2010/08/29 05:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\Uhsy [2010/08/29 05:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\VDownloader [2012/01/15 16:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale.HOMESVILLE\Application Data\VS Revo Group [2012/08/04 11:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\036DFF85000808B661CAC4B07B07D329 [2010/08/29 08:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software [2012/05/13 16:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Battle.net [2011/01/12 13:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Citrix [2011/06/03 15:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Electronic Arts [2012/09/29 12:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hcyuwvxikhnylwi [2011/06/03 15:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Origin [2012/11/09 16:40:05 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\Express FilesUpdate.job ========== Purity Check ========== < End of report >

I have made the OTLPE cd now. Not run it yet as I'm not sure what you need me to do after I run it.

I cannot access the usb as I cannot boot my system and run anything. It will need to autorun on startup which can only be a cd or my harddrive..

I can use usb on the pc normally but the bios has no setting to boot from usb. I can create a cd if we need to but that will take a day or 2

I went into the bios settings and I only have options for dvd Rom floppy drive and the hard drive no usb option even when the usb is plugged into the port. I'm guessing the motherboard is to old or its because I'm running xp

Forgot to mention my pc does not support flashdrive or usb startup in the bits but I can use cd's

Hello. My pc has got the ukash virus on it. I have tried to go into Safemode with networking but it fails to load as does all other Safemode with or without network cable attached. Restore to a previous working session does nothing. I used a friend pc to put windows defender offline onto it. This found some trojans and removed them but upon relocating ukash is still there. I cannot login to anything except the single user login which has the virus. I don't even have time to try switch user to go in as admin.. I do not have another user login to switch to on my pc like some use to remove it and I cannot get into Safemode please help