Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Black screen of death

Started by zorba the geek , Sep 13 2010 09:02 AM

Please log in to reply

#1
zorba the geek

Posted 13 September 2010 - 09:02 AM

Member

Member
758 posts

My sons PC has a virus. All started when opening a picture send via e-mail. Avast picked it up,and after restart windows does not load.I have only a black screen with a "-" in top left corner.Attempts to load in safemode failed.I've downloaded OTLPE and burned it to a cd.The infected pc now loads to the OTL screen and I managed to do the scan.

OTL logfile created on: 9/13/2010 4:37:01 PM - Run
OTLPE by OldTimer - Version 3.1.41.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000408 | Country: ????da | Language: ELL | Date Format: d/M/yyyy

511.00 Mb Total Physical Memory | 256.00 Mb Available Physical Memory | 50.00% Memory free
459.00 Mb Paging File | 309.00 Mb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 91.05 Gb Free Space | 61.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.72 Gb Total Space | 3.70 Gb Free Space | 99.50% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 282.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/05/01 20:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/14 12:31:03 | 000,073,796 | ---- | M] (Smart Link) [Auto] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/11/13 19:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/09/20 08:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2009/11/24 19:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 19:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 19:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/07/09 00:24:34 | 001,668,352 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) ?????aµµa ?d???s?? ???? USB (WDM)
DRV - [2008/02/28 21:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/28 21:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/17 16:15:48 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/01/16 02:55:11 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/10/26 22:45:08 | 001,391,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/02/17 21:49:44 | 000,124,160 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)
DRV - [2005/01/19 15:14:38 | 000,211,712 | R--- | M] (Labtec Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Labtec WebCam(PID_0928)
DRV - [2005/01/19 15:11:16 | 000,022,016 | R--- | M] (Labtec Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/10/20 07:57:52 | 000,029,312 | ---- | M] (Silicon Integrated Systems Corp) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SiSRaid2.sys -- (SiSRaid2)
DRV - [2004/09/14 00:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004/08/03 18:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/03 18:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/08/03 18:41:44 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/03 18:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/03 18:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/03 18:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2004/08/03 18:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/04/25 20:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/12/03 11:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2002/10/15 15:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/08/17 16:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://i24search.com
IE - HKU\user_ON_C\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
IE - HKU\user_ON_C\..\URLSearchHook: {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll (Conduit Ltd.)
IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 130.1.1.39:3128

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/25 14:27:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 14:27:38 | 000,000,000 | ---D | M]

[2010/05/03 10:11:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 12:55:39 | 000,001,525 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 12:55:39 | 000,000,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 12:55:39 | 000,001,219 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-el.xml

O1 HOSTS File: ([2004/09/07 08:00:00 | 000,000,944 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (Absolutist Games Toolbar) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Absolutist Games Toolbar) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll (Conduit Ltd.)
O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (Absolutist Games Toolbar) - {631AC2D4-57B3-42B0-A148-DA33B462C1A3} - C:\Program Files\Absolutist_Games\tbAbso.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Java developer Script Browse] C:\WINDOWS\jusched.exe (dsgh )
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Labtec Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKU\user_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\user_ON_C..\Run: [Java developer Script Browse] C:\WINDOWS\jusched.exe (dsgh )
O4 - HKU\user_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\??????µµata\??????s?\HP Digital Imaging Monitor.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\??????µµata\??????s?\Logitech SetPoint.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FB 00 00 00 [binary data]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/15 05:06:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"Greek" /KBD:2) - C:\WINDOWS\System32\aswBoot.exe (ALWIL Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/13 16:13:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2010/09/13 16:09:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\IETldCache
[2010/08/24 16:33:23 | 000,188,416 | RHS- | C] (dsgh ) -- C:\WINDOWS\jusched.exe
[2007/01/17 16:15:48 | 000,024,192 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\user\usbsermptxp.sys
[2007/01/17 16:15:48 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\user\usbsermpt.sys
[2004/11/24 15:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/13 16:36:18 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/09/02 16:00:15 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/09/02 16:00:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/02 16:00:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/02 16:00:00 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{749AABE3-3BD3-4FE8-BAEE-054A1EF9384C}.job
[2010/09/02 15:59:50 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\user\ntuser.dat
[2010/09/02 15:59:50 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/09/02 15:20:03 | 000,001,182 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/02 15:08:19 | 000,001,178 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/02 15:07:57 | 000,003,968 | RHS- | M] () -- C:\WINDOWS\wintybrdf.jpg
[2010/09/02 15:07:57 | 000,003,416 | RHS- | M] () -- C:\WINDOWS\wintybrd.png
[2010/09/02 15:07:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/24 16:34:31 | 000,002,216 | ---- | M] () -- C:\WINDOWS\mdll.dl
[2010/08/24 16:33:23 | 000,188,416 | RHS- | M] (dsgh ) -- C:\WINDOWS\jusched.exe
[2010/08/23 20:09:04 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 16:24:53 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/23 15:04:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/23 15:03:01 | 000,000,749 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/23 14:59:30 | 001,235,152 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/23 14:59:30 | 000,592,658 | ---- | M] () -- C:\WINDOWS\System32\perfh008.dat
[2010/08/23 14:59:30 | 000,474,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/23 14:59:30 | 000,113,848 | ---- | M] () -- C:\WINDOWS\System32\perfc008.dat
[2010/08/23 14:59:30 | 000,084,496 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/24 16:34:56 | 000,003,968 | RHS- | C] () -- C:\WINDOWS\wintybrdf.jpg
[2010/08/24 16:34:56 | 000,003,416 | RHS- | C] () -- C:\WINDOWS\wintybrd.png
[2010/08/24 16:34:31 | 000,002,216 | ---- | C] () -- C:\WINDOWS\mdll.dl
[2010/03/21 11:38:21 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/20 16:01:45 | 000,071,630 | ---- | C] () -- C:\Documents and Settings\user\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2010/02/20 16:01:45 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2010/02/20 16:01:13 | 000,002,047 | ---- | C] () -- C:\Documents and Settings\user\Application Data\HPSU_48BitScanUpdate.log
[2010/02/20 16:01:13 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/02/20 15:57:38 | 000,045,053 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2010/02/20 15:57:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/12/19 16:24:48 | 006,291,456 | ---- | C] () -- C:\Documents and Settings\user\ntuser.dat
[2009/12/19 07:06:52 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\user\Application Data\setup.log
[2009/12/19 07:06:45 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\user\Application Data\setup_ldm.iss
[2009/03/25 13:14:24 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/04/05 16:03:23 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\user\default.pls
[2007/12/24 07:47:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/24 07:40:26 | 000,404,992 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/12/22 16:02:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/12/22 15:27:22 | 003,104,256 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/12/03 10:34:32 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/12/01 07:43:30 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/11/29 06:52:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/05/14 15:31:59 | 000,002,313 | ---- | C] () -- C:\WINDOWS\Pentium.ini
[2007/04/11 12:37:54 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2007/03/13 14:58:27 | 000,000,285 | ---- | C] () -- C:\WINDOWS\shrek2tm.ini
[2007/01/19 11:43:15 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/17 16:15:48 | 000,007,195 | ---- | C] () -- C:\Documents and Settings\user\USBMOT2000.INF
[2007/01/17 16:15:48 | 000,005,891 | ---- | C] () -- C:\Documents and Settings\user\USBMOT2000XP.INF
[2007/01/17 16:15:48 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\user\USB_CMCS_2000.INF
[2007/01/17 16:15:47 | 000,019,758 | ---- | C] () -- C:\Documents and Settings\user\1169064947-oem7.PNF
[2007/01/17 16:15:47 | 000,011,167 | ---- | C] () -- C:\Documents and Settings\user\1169064947-oem7.inf
[2007/01/17 16:15:44 | 000,010,207 | ---- | C] () -- C:\Documents and Settings\user\Motorola_Driver_Log.txt
[2007/01/17 15:41:42 | 000,222,208 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/16 03:21:12 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2007/01/16 02:49:24 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2007/01/16 02:49:24 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
[2007/01/15 06:17:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\Property.dll
[2007/01/15 05:44:02 | 000,000,380 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/15 05:10:20 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\user\ntuser.dat.LOG
[2007/01/15 05:10:20 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\user\ntuser.ini
[2007/01/15 05:09:49 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2007/01/15 05:09:49 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2007/01/15 05:09:37 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2007/01/15 05:09:36 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2007/01/15 05:09:36 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/05/24 18:47:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/10/03 13:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003/04/24 09:47:04 | 000,005,697 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/02 08:31:40 | 000,003,467 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 07:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 01:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2007/01/15 05:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2007/01/16 02:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ACD Systems
[2008/04/06 12:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG7
[2007/03/25 10:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BitsPaper
[2010/06/17 14:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FixCleaner
[2010/01/16 20:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Image Zone Express
[2009/01/01 06:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2010/09/02 16:00:00 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{749AABE3-3BD3-4FE8-BAEE-054A1EF9384C}.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/09/13 16:13:05 | 000,000,077 | -HS- | M] ()(C:\Documents and Settings\LocalService\?a ????af? µ??\desktop.ini) -- C:\Documents and Settings\LocalService\?a ????af? µ??\desktop.ini
[2010/09/13 16:13:05 | 000,000,077 | -HS- | C] ()(C:\Documents and Settings\LocalService\?a ????af? µ??\desktop.ini) -- C:\Documents and Settings\LocalService\?a ????af? µ??\desktop.ini
[2010/09/13 16:13:05 | 000,000,000 | R--D | M](C:\Documents and Settings\LocalService\?a ????af? µ??) -- C:\Documents and Settings\LocalService\?a ????af? µ??
[2010/09/13 16:13:05 | 000,000,000 | R--D | M](C:\Documents and Settings\LocalService\?a ????af? µ??) -- C:\Documents and Settings\LocalService\?a ????af? µ??
[2010/09/13 16:13:05 | 000,000,000 | R--D | C](C:\Documents and Settings\LocalService\?a ????af? µ??) -- C:\Documents and Settings\LocalService\?a ????af? µ??
[2010/08/25 15:44:45 | 000,000,000 | ---D | M](C:\Documents and Settings\user\?a ????af? µ??\??f???ta a??e?a) -- C:\Documents and Settings\user\?a ????af? µ??\??f???ta a??e?a
[2010/06/28 15:04:31 | 000,000,000 | ---D | M](C:\Documents and Settings\user\?a ????af? µ??\???G???????) -- C:\Documents and Settings\user\?a ????af? µ??\???G???????
[2010/06/26 15:51:49 | 000,000,000 | ---D | M](C:\Documents and Settings\user\?p?f??e?a e??as?a?) -- C:\Documents and Settings\user\?p?f??e?a e??as?a?
[2010/06/26 15:51:49 | 000,000,000 | ---D | M](C:\Documents and Settings\user\?p?f??e?a e??as?a?) -- C:\Documents and Settings\user\?p?f??e?a e??as?a?
[2010/06/26 15:34:09 | 000,000,000 | R--D | M](C:\Documents and Settings\user\?a ????af? µ??) -- C:\Documents and Settings\user\?a ????af? µ??
[2010/06/26 15:34:09 | 000,000,000 | R--D | M](C:\Documents and Settings\user\?a ????af? µ??) -- C:\Documents and Settings\user\?a ????af? µ??
[2010/06/26 15:21:24 | 000,000,000 | R--D | M](C:\Documents and Settings\user\?a ????af? µ??\? µ??s??? µ??) -- C:\Documents and Settings\user\?a ????af? µ??\? µ??s??? µ??
[2010/06/24 10:39:52 | 000,000,000 | ---D | M](C:\Documents and Settings\user\?a ????af? µ??\BINTEO) -- C:\Documents and Settings\user\?a ????af? µ??\BINTEO
[2010/06/15 13:30:03 | 000,000,000 | R--D | M](C:\Documents and Settings\user\?a ????af? µ??\?a ß??te? µ??) -- C:\Documents and Settings\user\?a ????af? µ??\?a ß??te? µ??
[2010/05/11 15:58:53 | 002,062,355 | ---- | M] ()(C:\Documents and Settings\user\?p?f??e?a e??as?a?\mplayerc_20080728.zip) -- C:\Documents and Settings\user\?p?f??e?a e??as?a?\mplayerc_20080728.zip
[2010/05/11 15:58:41 | 002,062,355 | ---- | C] ()(C:\Documents and Settings\user\?p?f??e?a e??as?a?\mplayerc_20080728.zip) -- C:\Documents and Settings\user\?p?f??e?a e??as?a?\mplayerc_20080728.zip
[2010/05/05 14:56:40 | 000,000,000 | ---D | C](C:\Documents and Settings\user\?a ????af? µ??\??f???ta a??e?a) -- C:\Documents and Settings\user\?a ????af? µ??\??f???ta a??e?a
[2010/05/03 11:23:47 | 000,000,000 | R--D | M](C:\Documents and Settings\user\?a ????af? µ??\?? e????e? µ??) -- C:\Documents and Settings\user\?a ????af? µ??\?? e????e? µ??
[2010/01/28 15:49:29 | 000,000,779 | ---- | M] ()(C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\??????s? t?? p?????µµat?? a?????s?? ?st?se??d?? Internet Explorer.lnk) -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\??????s? t?? p?????µµat?? a?????s?? ?st?se??d?? Internet Explorer.lnk
[2010/01/28 15:49:29 | 000,000,779 | ---- | C] ()(C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\??????s? t?? p?????µµat?? a?????s?? ?st?se??d?? Internet Explorer.lnk) -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\??????s? t?? p?????µµat?? a?????s?? ?st?se??d?? Internet Explorer.lnk
[2009/12/19 16:35:26 | 000,000,206 | -HS- | M] ()(C:\Documents and Settings\user\?a ????af? µ??\desktop.ini) -- C:\Documents and Settings\user\?a ????af? µ??\desktop.ini
[2009/12/19 05:12:26 | 000,001,904 | ---- | M] ()(C:\WINDOWS\ModemLog_??p??? µ??teµ.txt) -- C:\WINDOWS\ModemLog_??p??? µ??teµ.txt
[2009/12/19 05:12:26 | 000,001,904 | ---- | C] ()(C:\WINDOWS\ModemLog_??p??? µ??teµ.txt) -- C:\WINDOWS\ModemLog_??p??? µ??teµ.txt
[2009/10/26 13:37:12 | 000,000,000 | ---D | M](C:\Documents and Settings\user\?a ????af? µ??\My Scans) -- C:\Documents and Settings\user\?a ????af? µ??\My Scans
[2009/05/09 16:54:22 | 000,000,000 | ---D | C](C:\Documents and Settings\user\?a ????af? µ??\My Scans) -- C:\Documents and Settings\user\?a ????af? µ??\My Scans
[2009/01/16 15:34:53 | 000,237,568 | -HS- | M] ()(C:\Documents and Settings\user\?a ????af? µ??\Thumbs.db) -- C:\Documents and Settings\user\?a ????af? µ??\Thumbs.db
[2008/08/11 16:40:01 | 000,000,000 | R--D | C](C:\Documents and Settings\user\?a ????af? µ??\?a ß??te? µ??) -- C:\Documents and Settings\user\?a ????af? µ??\?a ß??te? µ??
[2008/04/21 12:03:17 | 000,000,694 | ---- | M] ()(C:\Documents and Settings\user\?p?f??e?a e??as?a?\S??t?µe?s? ??a t? ATF_Cleaner.lnk) -- C:\Documents and Settings\user\?p?f??e?a e??as?a?\S??t?µe?s? ??a t? ATF_Cleaner.lnk
[2008/04/21 12:03:17 | 000,000,694 | ---- | C] ()(C:\Documents and Settings\user\?p?f??e?a e??as?a?\S??t?µe?s? ??a t? ATF_Cleaner.lnk) -- C:\Documents and Settings\user\?p?f??e?a e??as?a?\S??t?µe?s? ??a t? ATF_Cleaner.lnk
[2008/04/05 15:40:10 | 000,000,000 | ---D | C](C:\Documents and Settings\user\?a ????af? µ??\BINTEO) -- C:\Documents and Settings\user\?a ????af? µ??\BINTEO
[2007/03/25 10:13:33 | 000,000,000 | ---D | C](C:\Documents and Settings\user\?a ????af? µ??\???G???????) -- C:\Documents and Settings\user\?a ????af? µ??\???G???????
[2007/03/25 10:03:36 | 000,237,568 | -HS- | C] ()(C:\Documents and Settings\user\?a ????af? µ??\Thumbs.db) -- C:\Documents and Settings\user\?a ????af? µ??\Thumbs.db
[2007/01/15 06:59:35 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\Default User\Start Menu\??????µµata\??????s?\desktop.ini) -- C:\Documents and Settings\Default User\Start Menu\??????µµata\??????s?\desktop.ini
[2007/01/15 06:59:35 | 000,000,000 | ---D | M](C:\WINDOWS\system32\config\systemprofile\?p?f??e?a e??as?a?) -- C:\WINDOWS\system32\config\systemprofile\?p?f??e?a e??as?a?
[2007/01/15 06:59:35 | 000,000,000 | ---D | M](C:\WINDOWS\system32\config\systemprofile\?a ????af? µ??) -- C:\WINDOWS\system32\config\systemprofile\?a ????af? µ??
[2007/01/15 06:59:35 | 000,000,000 | ---D | M](C:\WINDOWS\system32\config\systemprofile\?p?f??e?a e??as?a?) -- C:\WINDOWS\system32\config\systemprofile\?p?f??e?a e??as?a?
[2007/01/15 06:59:35 | 000,000,000 | ---D | M](C:\WINDOWS\system32\config\systemprofile\?a ????af? µ??) -- C:\WINDOWS\system32\config\systemprofile\?a ????af? µ??
[2007/01/15 05:10:31 | 000,000,079 | ---- | M] ()(C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\?µf???s? ep?f??e?a? e??as?a?.scf) -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\?µf???s? ep?f??e?a? e??as?a?.scf
[2007/01/15 05:10:31 | 000,000,079 | ---- | C] ()(C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\?µf???s? ep?f??e?a? e??as?a?.scf) -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\?µf???s? ep?f??e?a? e??as?a?.scf
[2007/01/15 05:10:22 | 000,000,206 | -HS- | C] ()(C:\Documents and Settings\user\?a ????af? µ??\desktop.ini) -- C:\Documents and Settings\user\?a ????af? µ??\desktop.ini
[2007/01/15 05:10:22 | 000,000,000 | R--D | C](C:\Documents and Settings\user\?a ????af? µ??\?? e????e? µ??) -- C:\Documents and Settings\user\?a ????af? µ??\?? e????e? µ??
[2007/01/15 05:10:22 | 000,000,000 | R--D | C](C:\Documents and Settings\user\?a ????af? µ??\? µ??s??? µ??) -- C:\Documents and Settings\user\?a ????af? µ??\? µ??s??? µ??
[2007/01/15 05:10:19 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\user\Start Menu\??????µµata\??????s?\desktop.ini) -- C:\Documents and Settings\user\Start Menu\??????µµata\??????s?\desktop.ini
[2007/01/15 05:06:30 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\user\Start Menu\??????µµata\??????s?\desktop.ini) -- C:\Documents and Settings\user\Start Menu\??????µµata\??????s?\desktop.ini
[2007/01/15 05:06:30 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\Default User\Start Menu\??????µµata\??????s?\desktop.ini) -- C:\Documents and Settings\Default User\Start Menu\??????µµata\??????s?\desktop.ini
[2007/01/15 05:03:29 | 000,065,978 | ---- | C] ()(C:\WINDOWS\Sap????f??s?e?.bmp) -- C:\WINDOWS\Sap????f??s?e?.bmp
[2007/01/15 05:03:29 | 000,065,954 | ---- | C] ()(C:\WINDOWS\??eµ??.bmp) -- C:\WINDOWS\??eµ??.bmp
[2007/01/15 05:03:29 | 000,065,832 | ---- | C] ()(C:\WINDOWS\G???? Santa Fe.bmp) -- C:\WINDOWS\G???? Santa Fe.bmp
[2007/01/15 05:03:29 | 000,026,680 | ---- | C] ()(C:\WINDOWS\??taµ?? Sumida.bmp) -- C:\WINDOWS\??taµ?? Sumida.bmp
[2007/01/15 05:03:29 | 000,026,582 | ---- | C] ()(C:\WINDOWS\?ef??t??.bmp) -- C:\WINDOWS\?ef??t??.bmp
[2007/01/15 05:03:29 | 000,017,362 | ---- | C] ()(C:\WINDOWS\??d?de?t??.bmp) -- C:\WINDOWS\??d?de?t??.bmp
[2007/01/15 05:03:29 | 000,017,336 | ---- | C] ()(C:\WINDOWS\???eµa.bmp) -- C:\WINDOWS\???eµa.bmp
[2007/01/15 05:03:29 | 000,017,062 | ---- | C] ()(C:\WINDOWS\?????? ?af?.bmp) -- C:\WINDOWS\?????? ?af?.bmp
[2007/01/15 05:03:29 | 000,016,730 | ---- | C] ()(C:\WINDOWS\??a????fa?t?.bmp) -- C:\WINDOWS\??a????fa?t?.bmp
[2007/01/15 05:03:29 | 000,009,522 | ---- | C] ()(C:\WINDOWS\??d????? .bmp) -- C:\WINDOWS\??d????? .bmp
[2007/01/15 05:03:28 | 000,001,272 | ---- | C] ()(C:\WINDOWS\?p?e s???t? 16.bmp) -- C:\WINDOWS\?p?e s???t? 16.bmp
[2004/09/07 08:00:00 | 000,065,978 | ---- | M] ()(C:\WINDOWS\Sap????f??s?e?.bmp) -- C:\WINDOWS\Sap????f??s?e?.bmp
[2004/09/07 08:00:00 | 000,065,954 | ---- | M] ()(C:\WINDOWS\??eµ??.bmp) -- C:\WINDOWS\??eµ??.bmp
[2004/09/07 08:00:00 | 000,065,832 | ---- | M] ()(C:\WINDOWS\G???? Santa Fe.bmp) -- C:\WINDOWS\G???? Santa Fe.bmp
[2004/09/07 08:00:00 | 000,026,680 | ---- | M] ()(C:\WINDOWS\??taµ?? Sumida.bmp) -- C:\WINDOWS\??taµ?? Sumida.bmp
[2004/09/07 08:00:00 | 000,026,582 | ---- | M] ()(C:\WINDOWS\?ef??t??.bmp) -- C:\WINDOWS\?ef??t??.bmp
[2004/09/07 08:00:00 | 000,017,362 | ---- | M] ()(C:\WINDOWS\??d?de?t??.bmp) -- C:\WINDOWS\??d?de?t??.bmp
[2004/09/07 08:00:00 | 000,017,336 | ---- | M] ()(C:\WINDOWS\???eµa.bmp) -- C:\WINDOWS\???eµa.bmp
[2004/09/07 08:00:00 | 000,017,062 | ---- | M] ()(C:\WINDOWS\?????? ?af?.bmp) -- C:\WINDOWS\?????? ?af?.bmp
[2004/09/07 08:00:00 | 000,016,730 | ---- | M] ()(C:\WINDOWS\??a????fa?t?.bmp) -- C:\WINDOWS\??a????fa?t?.bmp
[2004/09/07 08:00:00 | 000,009,522 | ---- | M] ()(C:\WINDOWS\??d????? .bmp) -- C:\WINDOWS\??d????? .bmp
[2004/09/07 08:00:00 | 000,001,272 | ---- | M] ()(C:\WINDOWS\?p?e s???t? 16.bmp) -- C:\WINDOWS\?p?e s???t? 16.bmp
[2004/09/07 08:00:00 | 000,000,075 | ---- | M] ()(C:\WINDOWS\System32\???ß??? ?a?a????.scf) -- C:\WINDOWS\System32\???ß??? ?a?a????.scf
[2004/09/07 08:00:00 | 000,000,075 | ---- | C] ()(C:\WINDOWS\System32\???ß??? ?a?a????.scf) -- C:\WINDOWS\System32\???ß??? ?a?a????.scf
(C:\WINDOWS\system32\config\systemprofile\?p?f??e?a e??as?a?) -- C:\WINDOWS\system32\config\systemprofile\?p?f??e?a e??as?a?
(C:\WINDOWS\system32\config\systemprofile\?a ????af? µ??) -- C:\WINDOWS\system32\config\systemprofile\?a ????af? µ??
(C:\Documents and Settings\user\?p?f??e?a e??as?a?) -- C:\Documents and Settings\user\?p?f??e?a e??as?a?
(C:\Documents and Settings\user\?a ????af? µ??) -- C:\Documents and Settings\user\?a ????af? µ??
< End of report >

PC got infected 02.09.2010 around 1500h

Thanks
zorba

#2
Rorschach112

Posted 13 September 2010 - 09:06 AM

Ralphie

Retired Staff
47,710 posts

do you have an avast log of what it removed ?

#3
zorba the geek

Posted 13 September 2010 - 09:29 AM

Member

Topic Starter
Member
758 posts

Hi Rorschach112
Thanks for the quick reply.No,where can i find it? Perhaps in the Avast folder?

#4
Rorschach112

Posted 13 September 2010 - 09:58 AM

Ralphie

Retired Staff
47,710 posts

have a look around C:\Program Files\Alwil Software\ for a folder called Chest or Quarantine

let me know the full location if you find it

#5
zorba the geek

Posted 13 September 2010 - 10:47 AM

Member

Topic Starter
Member
758 posts

Sorry,no luck!To check my sons PC,i need a 90min.drive.I'm also running avast on my PC,there is no folder called Chest or Quarantine in my program files.Do you need me to take further steps,scans or do you have additional instructions before i take a drive to my son?

PS.:I've downloaded OTLPENET several times from the link provided in this post=http://www.geekstogo.com/forum/topic/285768-my-computer-has-a-virus-and-wont-boot-up/,but when trying to burn to CD,i get the error message"extraction failed-file is corrupt".I run the scan with OTLEPE STD.Neither have i pasted the textfile into the scan/fix box,just done a scan

Edited by zorba the geek, 13 September 2010 - 12:12 PM.

#6
Rorschach112

Posted 13 September 2010 - 01:04 PM

Ralphie

Retired Staff
47,710 posts

open OTLPE click the none button paste this in the custom scan box

%APPDATA%\Alwil Software\Avast4\chest\*.* /s
C:\Program Files\Alwil Software\*. /s
%APPDATA%\Alwil Software\*. /s
/md5start
winlogon.*
svchost.*
winit.*
explorer.*
/md5stop

click run scan post that log

#7
zorba the geek

Posted 13 September 2010 - 01:27 PM

Member

Topic Starter
Member
758 posts

Thanks,will do that tomorrow

#8
Rorschach112

Posted 13 September 2010 - 01:32 PM

Ralphie

Retired Staff
47,710 posts

just one thing, I edited the script above, let me know how it goes tomorrow

#9
zorba the geek

Posted 13 September 2010 - 03:07 PM

Member

Topic Starter
Member
758 posts

Ok,copied the new script and see you tomorrow!
Thanks again for your help so far
cheers
zorba

#10
zorba the geek

Posted 14 September 2010 - 07:29 AM

Member

Topic Starter
Member
758 posts

Here are the scan results

OTL logfile created on: 9/14/2010 4:53:10 PM - Run
OTLPE by OldTimer - Version 3.1.41.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000408 | Country: ????da | Language: ELL | Date Format: d/M/yyyy

511.00 Mb Total Physical Memory | 250.00 Mb Available Physical Memory | 49.00% Memory free
459.00 Mb Paging File | 305.00 Mb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 91.05 Gb Free Space | 61.09% Space Free | Partition Type: NTFS
Drive D: | 3.72 Gb Total Space | 3.70 Gb Free Space | 99.49% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 282.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Custom Scans ==========

Invalid Environment Variable: %APPDATA%\Alwil Software\Avast4\chest\*.*

< C:\Program Files\Alwil Software\*. /s >
[2010/06/16 13:53:52 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4
[2010/09/02 15:14:44 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\DATA
[2009/12/19 06:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\GREEK
[2009/12/19 06:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\images
[2010/09/02 15:09:54 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\Setup
[2009/12/19 06:25:23 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\DATA\backup
[2010/09/02 15:48:30 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\DATA\chest
[2010/06/24 11:43:14 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\DATA\integ
[2010/05/01 16:08:11 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\DATA\journal
[2010/09/02 15:07:13 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\DATA\log
[2009/12/19 06:25:23 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\DATA\moved
[2009/12/19 07:03:19 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\DATA\report
[2009/12/19 06:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\DATA\Skin
[2009/12/19 06:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\GREEK\HELP
[2009/12/19 06:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\GREEK\HtmlData
[2009/12/19 06:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\Setup\INF
[2009/12/19 06:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64
[2009/12/19 06:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64

Invalid Environment Variable: %APPDATA%\Alwil Software\*.

< MD5 for: EXPLORER.EXE >
[2008/04/14 12:30:35 | 001,038,336 | ---- | M] (Microsoft Corporation) MD5=8B93A11CDA30DD8AD9902B59BB401411 -- C:\WINDOWS\explorer.exe
[2008/04/14 12:30:35 | 001,038,336 | ---- | M] (Microsoft Corporation) MD5=8B93A11CDA30DD8AD9902B59BB401411 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: EXPLORER.SCF >
[2004/09/07 08:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: SVCHOST.EXE >
[2008/04/14 12:31:05 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=274E9C78C12EBF74DC56B2BF64312F34 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 12:31:05 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=274E9C78C12EBF74DC56B2BF64312F34 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: SVCHOST.EXE-3530F672.PF >
[2010/08/29 03:54:24 | 000,018,258 | ---- | M] () MD5=00835D31E15D794980E6DD7282616259 -- C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf

< MD5 for: WINLOGON.EXE >
[2008/04/14 12:31:11 | 000,513,536 | ---- | M] (Microsoft Corporation) MD5=5C928CB57C89F8623608DBF5467379EE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 12:31:11 | 000,513,536 | ---- | M] (Microsoft Corporation) MD5=5C928CB57C89F8623608DBF5467379EE -- C:\WINDOWS\system32\winlogon.exe
< End of report >

I hope you can find something

cheers
zorba

#11
Rorschach112

Posted 14 September 2010 - 04:49 PM

Ralphie

Retired Staff
47,710 posts

open OTLPE click the none button paste this in the custom scan box

C:\Program Files\Alwil Software\Avast4\DATA\backup\*.* /s
C:\Program Files\Alwil Software\Avast4\DATA\chest\*.* /s
C:\Program Files\Alwil Software\Avast4\DATA\moved\*.* /s
C:\Program Files\Alwil Software\Avast4\DATA\report\*.* /s
C:\Program Files\Alwil Software\Avast4\DATA\log\*.* /s

click run scan post that log

#12
zorba the geek

Posted 15 September 2010 - 08:11 AM

Member

Topic Starter
Member
758 posts

Hi Rorschach112
Sorry,I left before you've posted the new instructions.However,while backing up my data with puppy linux,I've managed to get into the avast folder,and found some logs

avast chest
<?xml version="1.0" encoding="UTF-8" ?>
- <aswObject>
<NewId>0000000C</NewId>
<Size>3439496</Size>
- <ChestEntry>
<ChestId>00000001</ChestId>
<FileTime>1152093365</FileTime>
<OrigFileName>kernel32.dll</OrigFileName>
<OrigFolder>C:\WINDOWS\system32</OrigFolder>
<Comment />
<Category>System</Category>
<TransferTime>1261220599</TransferTime>
<FileSize>1079808</FileSize>
</ChestEntry>
- <ChestEntry>
<ChestId>00000002</ChestId>
<FileTime>1094554800</FileTime>
<OrigFileName>winsock.dll</OrigFileName>
<OrigFolder>C:\WINDOWS\system32</OrigFolder>
<Comment />
<Category>System</Category>
<TransferTime>1261220599</TransferTime>
<FileSize>2864</FileSize>
</ChestEntry>
- <ChestEntry>
<ChestId>00000003</ChestId>

avast log1
3/5/2010 5:01:56 ìì 1272895316 ¸ 1552 Function setifaceUpdateFiles() has failed. Return code is 0xC0000142, dwRes is C0000142.
3/5/2010 5:01:57 ìì 1272895317 ¸ 1552 An error has occured while attempting to update. Please check the logs.
5/5/2010 5:24:54 ìì 1273069494 SYSTEM 1548 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
5/5/2010 5:24:56 ìì 1273069496 SYSTEM 1548 An error has occured while attempting to update. Please check the logs.
29/8/2010 1:28:28 ðì 1283034508 SYSTEM 1576 Sign of "Win32:Small-MTP [Trj]" has been found in "C:\DOCUME~1\user\LOCALS~1\Temp\winservice.exe" file.
29/8/2010 1:29:11 ðì 1283034551 SYSTEM 1576 Sign of "Win32:Small-MTP [Trj]" has been found in "C:\DOCUME~1\user\LOCALS~1\Temp\winservice.exe" file.
29/8/2010 5:09:42 ìì 1283090982 user 1396 Sign of "Win32:Small-MTP [Trj]" has been found in "C:\DOCUME~1\user\LOCALS~1\Temp\winservice.exe" file.
2/9/2010 10:22:37 ìì 1283455357 SYSTEM 1488 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\iluj.tmp\setup.exe" file.
2/9/2010 10:36:56 ìì 1283456216 SYSTEM 1488 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\dfjc.tmp\setup.exe" file.
2/9/2010 10:47:54 ìì 1283456874 SYSTEM 1488 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\syuj.tmp\setup.exe" file.
2/9/2010 10:48:10 ìì 1283456890 SYSTEM 1488 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\syuj.tmp\setup.exe" file.
2/9/2010 10:58:32 ìì 1283457512 SYSTEM 1488 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\lknr.tmp\setup.exe" file.
2/9/2010 10:59:24 ìì 1283457564 SYSTEM 1488 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\lknr.tmp\setup.exe" file.

log 2
09/02/10 22:07:12 00000E38: Started as service, Log = 1
09/02/10 22:07:12 00000E38: Build 4.8.1368
09/02/10 22:07:12 00000E38: Windows XP Workstation (Service Pack 3)
09/02/10 22:07:12 00000E38: AutoRedirect settings changed 1
09/02/10 22:07:15 00000E38: IgnoreLocalhost settings changed 1
09/02/10 22:07:15 00000E38: POP Start settings changed: 1
09/02/10 22:07:15 00000E38: POP Listen settings changed: 127.0.0.1 12110
09/02/10 22:07:15 00000E38: POP RedirectPort: 110
09/02/10 22:07:15 00000E38: SMTP Start settings changed: 1
09/02/10 22:07:15 00000E38: SMTP Listen settings changed: 127.0.0.1 12025
09/02/10 22:07:15 00000E38: SMTP RedirectPort: 25
09/02/10 22:07:15 00000E38: IMAP Start settings changed: 1
09/02/10 22:07:15 00000E38: IMAP Listen settings changed: 127.0.0.1 12143
09/02/10 22:07:15 00000E38: IMAP RedirectPort: 143
09/02/10 22:07:15 00000E38: NNTP Start settings changed: 1
09/02/10 22:07:15 00000E38: NNTP Listen settings changed: 127.0.0.1 12119
09/02/10 22:07:15 00000E38: NNTP RedirectPort: 119
09/02/10 22:59:58 00000E38: Stopped

If you still want the otlpe scan,let me know
thanks so far

#13
Rorschach112

Posted 15 September 2010 - 08:14 AM

Ralphie

Retired Staff
47,710 posts

yeah do the otlpe step please

#14
zorba the geek

Posted 15 September 2010 - 08:29 AM

Member

Topic Starter
Member
758 posts

Ok,i'll post it tomorrow
thanks

#15
zorba the geek

Posted 15 September 2010 - 04:31 PM

Member

Topic Starter
Member
758 posts

Hi Rorschach!
Sorry for the double post,I've notest avast picked up a virus"Win32:Small-MTP [Trj]"! Since I'm using a usb stick to transfer the scans from my PC to my sons and vice versa,what are the chances to infect my PC?