Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hi guys, Badly Infected System, Please help!?

Started by zzedexx , May 02 2011 12:08 PM

  • This topic is locked This topic is locked

#31
Homburg
Posted 10 May 2011 - 12:50 PM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

We'll remove a task manager restriction you have with an OTL fix. Can you check if the admin tools are present on your admin account following the fix.

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

If that still makes no difference:
Next:

Boot the PC into safe mode with networking by starting the PC and continually tapping F8

While in the default administrator account, again try this, please go here and run option 2. This should reset Windows Update to default settings.



Homburg
  • 0

Advertisements

#32
zzedexx
Posted 10 May 2011 - 03:36 PM

zzedexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
thanks again homburg, here are my results:

STEP 1a - OTL FIX LOG

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: end user
->Temp folder emptied: 5702298 bytes
->Temporary Internet Files folder emptied: 23364016 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 195120472 bytes
->Flash cache emptied: 3821 bytes

User: Public

User: test
->Temp folder emptied: 33235 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: XO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 865952 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525225 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 215.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: end user
->Flash cache emptied: 0 bytes

User: Public

User: test

User: XO
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 05112011_065647

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



STEP 1b - OTL QUICK SCAN LOG:

OTL logfile created on: 2011,05,11 07:16:50 - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\end user\Desktop\iN
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: yyyy,MM,dd

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.04 Gb Total Space | 63.46 Gb Free Space | 14.01% Space Free | Partition Type: NTFS

Computer Name: BEUCEPHALUS | User Name: end user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011,05,01 00:16:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\end user\Desktop\iN\jug.exe
PRC - [2011,04,26 15:06:06 | 000,161,336 | ---- | M] (Google) -- C:\Users\end user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011,04,15 02:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011,01,07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011,01,07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011,01,06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011,01,06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010,12,05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010,12,05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010,10,22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010,10,22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009,11,22 01:52:16 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009,11,06 03:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009,11,06 03:15:02 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009,10,31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009,10,31 11:20:10 | 000,427,320 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
PRC - [2009,10,31 06:48:42 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009,10,31 06:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009,10,30 08:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009,10,30 08:08:34 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009,10,29 14:02:38 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2009,10,29 13:13:44 | 000,467,304 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2009,10,28 14:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009,10,27 04:15:40 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009,10,24 15:28:58 | 000,832,856 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2009,10,22 03:30:34 | 000,518,720 | -H-- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2009,10,07 03:23:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009,10,07 03:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009,10,03 07:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009,10,03 07:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009,10,01 13:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009,10,01 13:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009,09,29 08:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009,09,29 08:30:32 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe
PRC - [2009,07,30 10:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2009,07,29 09:43:04 | 000,128,344 | -H-- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009,07,29 08:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009,07,23 07:40:40 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009,07,22 05:43:44 | 000,701,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
PRC - [2009,07,14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009,07,14 11:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009,03,11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009,02,21 03:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009,01,14 15:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe


========== Modules (SafeList) ==========

MOD - [2011,05,01 00:16:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\end user\Desktop\iN\jug.exe
MOD - [2010,08,21 15:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2011,05,07 14:05:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011,01,06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010,10,22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009,11,06 03:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009,10,31 06:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009,10,30 08:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009,10,28 14:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009,10,22 04:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009,10,22 03:30:34 | 000,518,720 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2009,10,07 03:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009,10,03 07:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009,10,01 13:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009,10,01 13:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009,09,29 08:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009,08,28 04:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009,07,29 09:43:04 | 000,128,344 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009,07,14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009,03,11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009,02,21 03:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2010,12,08 04:12:38 | 000,251,728 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010,11,12 13:19:38 | 000,299,984 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010,11,09 14:56:12 | 000,098,392 | -H-- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010,09,13 15:27:54 | 000,025,680 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010,09,07 03:48:56 | 000,034,384 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010,09,07 03:48:50 | 000,026,064 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010,08,19 20:42:38 | 000,123,472 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010,08,19 20:42:38 | 000,030,288 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010,08,19 20:42:36 | 000,021,072 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009,11,14 09:07:04 | 009,927,176 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009,10,27 06:39:04 | 000,125,696 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009,10,03 07:33:24 | 000,862,208 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009,09,25 11:54:26 | 000,169,320 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009,09,24 04:25:18 | 000,120,432 | -H-- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009,09,18 06:54:14 | 000,041,088 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009,09,15 08:29:36 | 000,049,400 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009,09,10 15:31:48 | 000,102,912 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009,09,04 15:12:40 | 000,180,736 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009,08,22 07:24:04 | 000,066,592 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009,08,06 06:55:08 | 000,061,168 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009,07,31 15:02:34 | 000,036,208 | -H-- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009,07,31 11:45:56 | 000,022,912 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009,07,29 14:01:26 | 000,069,480 | -H-- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009,07,25 09:57:06 | 000,275,536 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009,07,25 05:31:58 | 000,021,608 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009,07,15 09:28:42 | 000,023,512 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009,07,14 16:13:10 | 000,015,216 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009,07,14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009,07,14 09:51:11 | 000,034,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009,07,14 08:13:48 | 001,035,776 | -H-- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009,06,30 10:16:22 | 000,013,120 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2009,06,30 04:25:24 | 000,030,272 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2009,06,30 04:17:00 | 000,059,904 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2009,06,23 11:04:58 | 000,024,064 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009,06,20 13:31:08 | 000,012,920 | -H-- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009,06,20 03:57:20 | 000,079,872 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009,06,20 03:56:48 | 000,042,472 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009,06,18 05:59:46 | 000,046,984 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009,06,12 07:05:04 | 000,626,688 | -H-- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2009,05,20 15:59:00 | 000,011,776 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid)
DRV - [2008,04,25 12:16:00 | 000,005,632 | -H-- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAU&bmod=TSAU
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSAU&bmod=TSAU


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAU&bmod=TSAU
IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-355442463-701767184-3524845949-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011,04,13 02:25:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011,05,04 14:52:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010,12,02 12:14:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\end user\AppData\Roaming\mozilla\Extensions
[2011,05,03 21:41:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\end user\AppData\Roaming\mozilla\Firefox\Profiles\hqzx4227.default\extensions
[2011,02,23 10:31:06 | 000,000,000 | -H-D | M] (Download Manager Tweak) -- C:\Users\end user\AppData\Roaming\mozilla\Firefox\Profiles\hqzx4227.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011,05,04 14:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011,04,13 02:25:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011,04,15 02:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010,01,01 18:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010,01,01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010,01,01 18:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010,01,01 18:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010,01,01 18:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-355442463-701767184-3524845949-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware[2]\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\end user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009,06,11 07:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2e6bb4ca-fdb3-11df-9625-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{2e6bb4ca-fdb3-11df-9625-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2e6bb4d0-fdb3-11df-9625-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{2e6bb4d0-fdb3-11df-9625-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{788daf0e-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788daf0e-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db08f-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db08f-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db20e-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db20e-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{788db8d7-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db8d7-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{788db8da-fb3c-11df-a11b-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{788db8da-fb3c-11df-a11b-705ab6816c8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dbc7ccab-fdd0-11df-9625-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc7ccab-fdd0-11df-9625-001e101fe5e1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{dbc7ccae-fdd0-11df-9625-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc7ccae-fdd0-11df-9625-001e101fe5e1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f640535e-a9ce-11df-982a-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{f640535e-a9ce-11df-982a-705ab6816c8d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f6405366-a9ce-11df-982a-705ab6816c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{f6405366-a9ce-11df-982a-705ab6816c8d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011,05,09 19:30:30 | 000,000,000 | ---D | C] -- C:\Users\end user\Documents\ResultReport_files
[2011,05,09 04:26:43 | 000,000,000 | ---D | C] -- C:\windows\System32\catroot2
[2011,05,09 00:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011,05,07 14:05:14 | 000,000,000 | ---D | C] -- C:\windows\System32\Wat
[2011,05,06 11:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2]
[2011,05,06 11:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2]
[2011,05,06 11:23:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011,05,03 04:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\ERDNT
[2011,05,03 04:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011,05,03 04:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011,05,01 10:40:12 | 000,000,000 | -H-D | C] -- C:\Users\end user\AppData\Roaming\Malwarebytes
[2011,05,01 10:39:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011,05,01 10:39:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011,05,01 10:39:48 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011,05,01 10:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011,05,01 00:52:24 | 000,098,392 | -H-- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011,05,01 00:52:24 | 000,027,984 | -H-- | C] (Sunbelt Software) -- C:\windows\System32\sbbd.exe
[2011,05,01 00:52:07 | 000,000,000 | -H-D | C] -- C:\VIPRERESCUE
[2011,05,01 00:37:47 | 007,734,240 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\end user\Desktop\mblam-setup.exe
[2011,04,29 12:11:24 | 000,000,000 | -H-D | C] -- C:\Users\end user\Desktop\HAND#
[2011,04,28 15:44:33 | 000,000,000 | ---D | C] -- C:\Users\end user\Documents\KPR
[2011,04,28 15:41:27 | 000,000,000 | ---D | C] -- C:\Users\end user\Documents\WiLDCATS
[2011,04,19 11:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageShack Uploader
[2011,04,18 23:56:57 | 000,000,000 | -H-D | C] -- C:\windows\Sun

========== Files - Modified Within 30 Days ==========

[2011,05,11 07:13:11 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011,05,11 07:13:11 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011,05,11 07:05:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011,05,11 07:04:38 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011,05,11 06:40:00 | 000,000,920 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-355442463-701767184-3524845949-1004UA.job
[2011,05,10 14:40:00 | 000,000,868 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-355442463-701767184-3524845949-1004Core.job
[2011,05,10 09:57:25 | 114,642,990 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2011,05,10 04:10:01 | 000,001,537 | ---- | M] () -- C:\Users\end user\Desktop\Reset_Reregister_Windows_Update_Components.bat
[2011,05,09 19:30:30 | 000,038,384 | ---- | M] () -- C:\Users\end user\Documents\ResultReport.htm
[2011,05,08 13:09:16 | 000,446,904 | -H-- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011,05,06 11:43:16 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011,05,04 14:52:46 | 000,002,021 | -H-- | M] () -- C:\Users\end user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011,05,04 14:52:20 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011,05,03 04:12:18 | 000,001,097 | ---- | M] () -- C:\Users\end user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011,05,03 04:11:40 | 000,000,917 | ---- | M] () -- C:\Users\end user\Desktop\NTREGOPT.lnk
[2011,05,03 04:11:40 | 000,000,898 | ---- | M] () -- C:\Users\end user\Desktop\ERUNT.lnk
[2011,05,01 22:56:39 | 000,711,442 | -H-- | M] () -- C:\windows\System32\perfh009.dat
[2011,05,01 22:56:39 | 000,139,504 | -H-- | M] () -- C:\windows\System32\perfc009.dat
[2011,05,01 00:38:44 | 000,000,000 | -H-- | M] () -- C:\Users\end user\Desktop\mbam-setup.exe
[2011,05,01 00:36:24 | 007,734,240 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\end user\Desktop\mblam-setup.exe
[2011,04,30 15:08:50 | 000,000,355 | -H-- | M] () -- C:\Users\end user\Desktop\BEAUCEPHELUS.lnk
[2011,04,29 12:32:14 | 000,000,939 | -H-- | M] () -- C:\Users\end user\IMAGES.lnk
[2011,04,26 02:58:53 | 000,000,112 | -H-- | M] () -- C:\ProgramData\aDRCIj.dat
[2011,04,20 00:55:38 | 000,212,355 | ---- | M] () -- C:\Users\end user\Documents\hayden's 1st birthday invite.jpg
[2011,04,19 16:31:13 | 000,017,408 | -H-- | M] () -- C:\Users\end user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011,04,18 10:56:22 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011,04,15 17:43:47 | 000,154,909 | -H-- | M] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2011,04,13 03:04:41 | 000,016,274 | ---- | M] () -- C:\Users\end user\Documents\SearchResults20110413.csv

========== Files Created - No Company Name ==========

[2011,05,11 07:04:38 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011,05,10 04:09:56 | 000,001,537 | ---- | C] () -- C:\Users\end user\Desktop\Reset_Reregister_Windows_Update_Components.bat
[2011,05,09 19:30:30 | 000,038,384 | ---- | C] () -- C:\Users\end user\Documents\ResultReport.htm
[2011,05,06 11:43:16 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011,05,04 14:52:20 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011,05,04 14:52:20 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011,05,03 04:12:18 | 000,001,097 | ---- | C] () -- C:\Users\end user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011,05,03 04:11:40 | 000,000,917 | ---- | C] () -- C:\Users\end user\Desktop\NTREGOPT.lnk
[2011,05,03 04:11:40 | 000,000,898 | ---- | C] () -- C:\Users\end user\Desktop\ERUNT.lnk
[2011,05,01 00:38:44 | 000,000,000 | -H-- | C] () -- C:\Users\end user\Desktop\mbam-setup.exe
[2011,04,30 15:08:50 | 000,000,355 | -H-- | C] () -- C:\Users\end user\Desktop\BEAUCEPHELUS.lnk
[2011,04,29 12:32:14 | 000,000,939 | -H-- | C] () -- C:\Users\end user\IMAGES.lnk
[2011,04,26 02:58:53 | 000,000,112 | -H-- | C] () -- C:\ProgramData\aDRCIj.dat
[2011,04,20 00:50:55 | 000,212,355 | ---- | C] () -- C:\Users\end user\Documents\hayden's 1st birthday invite.jpg
[2011,04,18 11:26:24 | 000,017,408 | -H-- | C] () -- C:\Users\end user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011,04,18 10:56:22 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011,04,13 03:04:41 | 000,016,274 | ---- | C] () -- C:\Users\end user\Documents\SearchResults20110413.csv
[2010,03,11 16:37:27 | 000,000,000 | -H-- | C] () -- C:\windows\NDSTray.INI
[2010,03,11 16:22:35 | 000,073,728 | -H-- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010,03,11 16:15:54 | 000,000,852 | -H-- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2010,03,11 16:15:54 | 000,000,520 | -H-- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2010,03,11 16:15:54 | 000,000,520 | -H-- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010,03,11 16:15:54 | 000,000,096 | -H-- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010,03,11 16:11:50 | 000,045,056 | -H-- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2009,11,13 21:08:56 | 000,040,588 | -H-- | C] () -- C:\windows\System32\nvcoproc.bin
[2009,08,03 18:21:54 | 000,197,912 | -H-- | C] () -- C:\windows\System32\physxcudart_20.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2009,08,03 18:21:54 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2009,08,03 18:21:52 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2009,08,03 18:21:52 | 000,058,648 | -H-- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2009,07,14 14:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009,07,14 14:33:53 | 000,446,904 | -H-- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009,07,14 12:05:48 | 000,711,442 | -H-- | C] () -- C:\windows\System32\perfh009.dat
[2009,07,14 12:05:48 | 000,291,294 | -H-- | C] () -- C:\windows\System32\perfi009.dat
[2009,07,14 12:05:48 | 000,139,504 | -H-- | C] () -- C:\windows\System32\perfc009.dat
[2009,07,14 12:05:48 | 000,031,548 | -H-- | C] () -- C:\windows\System32\perfd009.dat
[2009,07,14 12:05:05 | 000,000,741 | -H-- | C] () -- C:\windows\System32\NOISE.DAT
[2009,07,14 12:04:11 | 000,215,943 | -H-- | C] () -- C:\windows\System32\dssec.dat
[2009,07,14 09:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009,07,14 09:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009,07,14 09:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009,06,11 07:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009,04,28 22:37:00 | 000,028,672 | -H-- | C] () -- C:\windows\System32\SPCtl.dll

========== LOP Check ==========

[2010,12,02 11:18:59 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\AVG10
[2011,05,01 00:46:04 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\foobar2000
[2010,07,01 08:45:38 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Toshiba
[2010,06,06 04:14:07 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Ulead Systems
[2011,04,29 16:32:29 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\uTorrent
[2010,08,17 17:23:29 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\Vodafone
[2010,04,18 04:23:43 | 000,000,000 | -H-D | M] -- C:\Users\end user\AppData\Roaming\WildTangent
[2011,05,10 04:15:21 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\AVG10
[2011,05,10 04:16:50 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Toshiba
[2011,02,05 19:17:43 | 000,000,000 | -H-D | M] -- C:\Users\XO\AppData\Roaming\AVG10
[2011,04,29 18:09:38 | 000,000,000 | -H-D | M] -- C:\Users\XO\AppData\Roaming\foobar2000
[2010,07,01 09:28:15 | 000,000,000 | -H-D | M] -- C:\Users\XO\AppData\Roaming\Toshiba
[2011,05,08 22:49:43 | 000,032,544 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



Still no admin tools available - will now try safe mode suggestion

t.b.c..
  • 0

#33
zzedexx
Posted 10 May 2011 - 04:57 PM

zzedexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
hi homburg,


just finished trying the above but sad to say still no success with either admin tools or win update. :unsure:

also, discovered C:\Users\Administrator folder is empty (and 'hidden') apart from one AppData folder with no content other than empty (hidden) subfolders..
who knows what else i haven't seen or may not notice missing?


when i searched this missing admin tool issue the following two suggestions looked most like they had potential incase it's any help..

http://www.sevenforu...-shortcuts.html

http://answers.micro...d0-6f8e6c25810d
=> http://support.microsoft.com/kb/929833

i appreciate you trying to figure this out

:)

Zed
  • 0

#34
Homburg
Posted 12 May 2011 - 02:47 AM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello,

I did see that option on the WindowsSeven forum and as we've not been successful so far it's probably a good time to do it :)

Restore tools and shortcuts

Go to here and start at where it says here's how



System file checker

Go to start > All Programs > Accessories
Right Click Command Prompt and select run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot

Please post back with how you got on :unsure:
  • 0

#35
zzedexx
Posted 12 May 2011 - 10:09 AM

zzedexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
hi homburg.

just carried out the above instructions.

finally some GOOD NEWS!

Admin tools shortcuts have been restored and seem to be correctly referencing their targets.

(YAY!) :unsure: :yes: :)


Alas, it's not *all* good news: :)

Accessories shortcuts and other expected contents of folders in the following directory

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\...

are all missing. ;)

(had to search for cmd.exe to run the sfc scan)


Also, not convinced the account permission for this (Administator) user is as it should be.
should "right click / run as admin" make a difference if i'm already logged in as Administrator???
:)

thanks for being patient/persistent..

xo

Zed
  • 0

#36
Homburg
Posted 13 May 2011 - 11:32 AM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello zed,

Glad we're making some progress, I think your programs are being hidden so we'll try to reset the attributes:

Please download this file here

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. Reboot when finished. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

Homburg
  • 0

#37
zzedexx
Posted 13 May 2011 - 03:19 PM

zzedexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
hey homburg.

done thx!

what nxt?

:)

Zed
  • 0

#38
Homburg
Posted 14 May 2011 - 02:04 AM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
How is the PC running? Can you now see all your programs?
  • 0

#39
zzedexx
Posted 14 May 2011 - 07:22 AM

zzedexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
C:\Program Files subfolders are visible

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ subfolders are all still stripped of their shortcuts(/any other contents) except for:
  • Admin Tools links (repaired) and couple other system/microsoft type folders like Maintennance, and
  • folders for v recent installs eg: MalwareBytes, ERUNT c:\\program data .. start menu\programs folders have content.
Typical folders that show up 'empty' in the start menu including empty subfolders if present eg:
  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011\ is currently empty,
  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005 empty incl subfolders
  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA DVD PLAYER
  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
etc etc..

PC overall running infinitely better.
blue screens seem over (yay)
issues w/ web redirects seem over (yay)
regular virus/malware alerts/warnings seem over (yay)

Found a recommended microsoft fix for windows update errors which was supposed to reset (admin) permissions for files and folders that are "required" for update to succeed.
Managed to check for and install almost all updates, but about four of them are still causing issues wherein they will download and install, but on restart required for changes to take effect, they repeatedly fail during 'windows configuration' when the re-start is almost done and windows automatically 'undoes' the changes and restarts without the update being successfully applied.

relevant screenshots showing failed/successful updates are zipped and attached.
=> Attached File  Win(won't)Update - ScreenShots.zip   507.23KB   77 downloads

PC almost seems back to normal running aside from the update error and occasional 'slowness' i am not sure what causes.

hope this info is helpful

thx

Zed
  • 0

#40
Homburg
Posted 14 May 2011 - 09:57 AM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi zed,

I'd like you to manually install service pack 1 KB976932

Please do the following:
  • Check your drives and remove any discs or memory cards important
  • Temporarily disable your anti-virus.
  • Click Start, All Programs and then click Windows Update.
  • In the left pane click check for updates if there are none listed there.
  • Select only Service Pack for Microsoft Windows KB976932 and then click ok
  • Click Install updates. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Follow the instructions on your screen.
  • After the installation is complete, log on to your computer at the Windows logon prompt. You might see a notification indicating whether the update was successful.
  • Re-enable your AntiVirus software.

If it is unsuccesful please post the error code

Homburg
  • 0

Advertisements

#41
zzedexx
Posted 14 May 2011 - 12:59 PM

zzedexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
hey homburg

SP1 finally finally installed.

a check revealed another new update which installed but there is still the other remaining update stubbornly insisting on failing

also, PC Analyser (part of AVG) is telling me i have 257 Registry Errors

screenshots of the details of both these issues are attached in subsequent posts

Zed
  • 0

#42
zzedexx
Posted 14 May 2011 - 01:00 PM

zzedexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Attached File  winupfail(KB2515325).zip   289.05KB   88 downloads
  • 0

#43
zzedexx
Posted 14 May 2011 - 01:00 PM

zzedexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Attached File  PCAnalyserDetails-ScreenShots PartA.zip   687.19KB   96 downloads
  • 0

#44
zzedexx
Posted 14 May 2011 - 01:01 PM

zzedexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Attached File  PCAnalyserDetails-ScreenShots PartB.zip   866.06KB   97 downloads
  • 0

#45
zzedexx
Posted 14 May 2011 - 01:02 PM

zzedexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Attached File  PCAnalyserDetails-ScreenShots PartC.zip   940.8KB   91 downloads
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP