Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect virus


  • This topic is locked This topic is locked

#1
ronnie10

ronnie10

    Member

  • Member
  • PipPip
  • 20 posts
I have tried everything possible to get rid of this virus but still no luck, any help with this problem will be much appreciated.
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello ronnie10 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you for the help, I have run these scans before and my TDSSkiller comes up with nothing. However i saved the logs for the OTL and aswMBW and hopefully you can see what the problem is.


OTL

OTL logfile created on: 1/08/2011 9:24:30 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\oficeworks\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 61.88% Memory free
3.96 Gb Paging File | 3.13 Gb Available in Paging File | 79.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.46 Gb Total Space | 45.25 Gb Free Space | 33.16% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.55 Gb Free Space | 35.53% Space Free | Partition Type: NTFS

Computer Name: OFICEWORKS-PC | User Name: oficeworks | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 21:23:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oficeworks\Desktop\OTL.exe
PRC - [2011/07/21 17:15:55 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10u_ActiveX.exe
PRC - [2009/01/06 02:17:30 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/13 23:04:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/11/12 21:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 21:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 21:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/07 16:50:02 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/07 16:49:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/07 16:49:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/07 16:49:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/08/28 15:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/07/27 18:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2006/11/02 19:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 21:23:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oficeworks\Desktop\OTL.exe
MOD - [2006/11/02 19:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/12/10 13:59:04 | 000,353,280 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/12 21:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 21:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2006/11/02 19:46:13 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2006/11/02 19:46:12 | 000,167,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2007/11/13 16:26:12 | 003,078,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/11/13 16:26:12 | 003,078,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/12 21:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/24 20:02:58 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/09/07 16:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 02:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 02:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 02:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 15:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 15:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/02/22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006/11/02 18:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2006/11/02 17:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/08/05 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{953CC089-C7C9-447A-9BD3-B731A59828AC}: C:\Users\oficeworks\AppData\Local\{953CC089-C7C9-447A-9BD3-B731A59828AC}


O1 HOSTS File: ([2011/08/01 21:02:32 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\oficeworks\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\oficeworks\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 21:23:42 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\oficeworks\Desktop\OTL.exe
[2011/08/01 21:13:39 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\Desktop\GooredFix Backups
[2011/08/01 21:12:17 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\oficeworks\Desktop\GooredFix.exe
[2011/08/01 21:01:19 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\oficeworks\Desktop\OTM.exe
[2011/08/01 17:15:44 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\oficeworks\Desktop\aswMBR.exe
[2011/08/01 01:11:41 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/01 01:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/01 01:11:38 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/01 01:10:53 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\oficeworks\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/31 23:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller
[2011/07/31 23:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2011/07/31 23:26:12 | 003,494,208 | ---- | C] (www.PerfectUninstaller.net ) -- C:\Users\oficeworks\Desktop\PerfectUninstaller_Setup.exe
[2011/07/31 23:16:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/31 23:16:08 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Local\temp
[2011/07/31 23:14:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/31 20:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/07/31 20:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/31 20:26:47 | 003,447,576 | ---- | C] (Piriform Ltd) -- C:\Users\oficeworks\Desktop\ccsetup309.exe
[2011/07/31 19:58:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/31 19:58:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/31 19:58:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/07/31 19:58:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/31 19:58:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/31 19:58:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/31 19:57:33 | 004,158,780 | R--- | C] (Swearware) -- C:\Users\oficeworks\Desktop\ComboFix.exe
[2011/07/31 19:25:23 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Local\NPE
[2011/07/31 19:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/07/31 19:05:08 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\oficeworks\Desktop\TDSSKiller.exe
[2011/07/31 18:52:32 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/31 05:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/07/31 04:47:15 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\Desktop\kav12.0.0.374en (manxx55)
[2011/07/31 04:25:48 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Local\Media Get LLC
[2011/07/31 04:25:24 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Local\MediaGet2
[2011/07/31 02:14:40 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Local\Threat Expert
[2011/07/31 00:18:32 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/07/31 00:12:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/31 00:12:34 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Roaming\AVG10
[2011/07/31 00:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/31 00:11:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/07/31 00:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/07/31 00:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/30 23:43:47 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Roaming\Byyk
[2011/07/30 23:43:47 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Roaming\Argiuz
[2011/07/30 23:43:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/30 23:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\NoAdware5.0
[2011/07/30 22:51:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/07/30 05:02:04 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Roaming\Malwarebytes
[2011/07/30 05:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/30 05:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/28 03:24:43 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\Documents\Downloads
[2011/07/28 03:24:43 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Roaming\DMCache
[2011/07/27 12:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

========== Files - Modified Within 30 Days ==========

[2011/08/01 21:23:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oficeworks\Desktop\OTL.exe
[2011/08/01 21:16:03 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/01 21:16:03 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/01 21:15:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/01 21:15:54 | 2011,172,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/01 21:13:13 | 001,388,094 | ---- | M] () -- C:\Users\oficeworks\Desktop\tdsskiller.zip
[2011/08/01 21:12:19 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\oficeworks\Desktop\GooredFix.exe
[2011/08/01 21:02:32 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/08/01 21:01:24 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\oficeworks\Desktop\OTM.exe
[2011/08/01 17:16:02 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\oficeworks\Desktop\aswMBR.exe
[2011/08/01 17:03:44 | 000,000,945 | ---- | M] () -- C:\Users\oficeworks\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/01 17:00:59 | 000,271,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/01 16:52:19 | 001,654,487 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2011/08/01 16:18:09 | 035,192,832 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011/08/01 16:18:09 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011/08/01 16:18:09 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2011/08/01 01:58:59 | 000,087,832 | ---- | M] () -- C:\Users\oficeworks\Documents\cc_20110801_015841.reg
[2011/08/01 01:11:41 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/01 01:11:13 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\oficeworks\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/31 23:43:50 | 003,458,872 | ---- | M] () -- C:\Users\oficeworks\Desktop\Perfect.Uninstaller.6.3.3.9.Datecode.11.04.2011.Software.Serial.Key.zip
[2011/07/31 23:27:46 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
[2011/07/31 23:27:21 | 003,494,208 | ---- | M] (www.PerfectUninstaller.net ) -- C:\Users\oficeworks\Desktop\PerfectUninstaller_Setup.exe
[2011/07/31 20:26:53 | 003,447,576 | ---- | M] (Piriform Ltd) -- C:\Users\oficeworks\Desktop\ccsetup309.exe
[2011/07/31 19:57:38 | 004,158,780 | R--- | M] (Swearware) -- C:\Users\oficeworks\Desktop\ComboFix.exe
[2011/07/31 17:57:57 | 126,296,615 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/07/31 05:37:43 | 000,017,408 | ---- | M] () -- C:\Users\oficeworks\AppData\Local\WebpageIcons.db
[2011/07/31 04:51:31 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/31 04:36:15 | 000,237,056 | ---- | M] () -- C:\Users\oficeworks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/30 04:43:43 | 000,011,210 | -HS- | M] () -- C:\Users\oficeworks\AppData\Local\cls77se8vvtp5rpgcsu286p4l0
[2011/07/30 04:43:43 | 000,011,210 | -HS- | M] () -- C:\ProgramData\cls77se8vvtp5rpgcsu286p4l0
[2011/07/30 04:42:14 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/07/30 04:34:13 | 000,068,096 | ---- | M] () -- C:\Windows\System32\audiosrvs.dll
[2011/07/30 04:24:27 | 000,000,120 | ---- | M] () -- C:\Users\oficeworks\AppData\Local\Nxobukelikufevor.dat
[2011/07/30 04:24:27 | 000,000,000 | ---- | M] () -- C:\Users\oficeworks\AppData\Local\Gsixequwamoheyev.bin
[2011/07/29 17:26:08 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\oficeworks\Desktop\TDSSKiller.exe
[2011/07/24 21:08:09 | 000,012,448 | ---- | M] () -- C:\Users\oficeworks\AppData\Roaming\wklnhst.dat
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/03 17:29:49 | 002,791,259 | ---- | M] () -- C:\Users\oficeworks\Desktop\_DSC6094a.jpg

========== Files Created - No Company Name ==========

[2011/08/01 21:13:13 | 001,388,094 | ---- | C] () -- C:\Users\oficeworks\Desktop\tdsskiller.zip
[2011/08/01 16:52:19 | 001,654,487 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/08/01 03:23:48 | 035,192,832 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011/08/01 03:23:48 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011/08/01 03:23:48 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2011/08/01 01:58:52 | 000,087,832 | ---- | C] () -- C:\Users\oficeworks\Documents\cc_20110801_015841.reg
[2011/08/01 01:11:41 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 23:41:44 | 003,458,872 | ---- | C] () -- C:\Users\oficeworks\Desktop\Perfect.Uninstaller.6.3.3.9.Datecode.11.04.2011.Software.Serial.Key.zip
[2011/07/31 23:27:46 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie
[2011/07/31 23:19:49 | 2011,172,864 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/31 19:58:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/31 19:58:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/31 19:58:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/31 19:58:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/31 19:58:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/31 17:57:57 | 126,296,615 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/07/31 05:37:39 | 000,017,408 | ---- | C] () -- C:\Users\oficeworks\AppData\Local\WebpageIcons.db
[2011/07/31 02:37:03 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/30 04:42:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/07/30 04:41:30 | 000,011,210 | -HS- | C] () -- C:\Users\oficeworks\AppData\Local\cls77se8vvtp5rpgcsu286p4l0
[2011/07/30 04:34:21 | 000,011,210 | -HS- | C] () -- C:\ProgramData\cls77se8vvtp5rpgcsu286p4l0
[2011/07/30 04:34:13 | 000,068,096 | ---- | C] () -- C:\Windows\System32\audiosrvs.dll
[2011/07/30 04:24:27 | 000,000,120 | ---- | C] () -- C:\Users\oficeworks\AppData\Local\Nxobukelikufevor.dat
[2011/07/30 04:24:27 | 000,000,000 | ---- | C] () -- C:\Users\oficeworks\AppData\Local\Gsixequwamoheyev.bin
[2011/07/07 19:24:26 | 002,791,259 | ---- | C] () -- C:\Users\oficeworks\Desktop\_DSC6094a.jpg
[2011/05/03 15:36:55 | 000,023,888 | ---- | C] () -- C:\Users\oficeworks\AppData\Roaming\UserTile.png
[2009/06/29 19:05:53 | 000,023,172 | ---- | C] () -- C:\Users\oficeworks\AppData\Roaming\NMM-MetaData.db
[2009/04/04 11:11:51 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/04 11:11:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/19 13:44:36 | 000,011,168 | -H-- | C] () -- C:\ProgramData\yisebato
[2008/07/16 12:05:06 | 000,012,448 | ---- | C] () -- C:\Users\oficeworks\AppData\Roaming\wklnhst.dat
[2008/06/29 16:34:28 | 000,148,996 | ---- | C] () -- C:\Windows\hpoins19.dat
[2008/05/22 07:04:26 | 000,000,000 | ---- | C] () -- C:\Windows\Officeworks May Promo 01.ini
[2008/05/22 07:02:39 | 000,007,268 | ---- | C] () -- C:\Users\oficeworks\AppData\Local\d3d9caps.dat
[2008/05/13 13:37:42 | 000,237,056 | ---- | C] () -- C:\Users\oficeworks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/31 04:39:53 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/31 04:39:53 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/03/31 04:39:53 | 000,154,206 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/31 04:39:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/30 21:02:07 | 000,000,080 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2007/03/29 22:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2007/03/14 06:02:10 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 000,271,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,099,422 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 17:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 17:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== LOP Check ==========

[2011/07/31 00:18:33 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\Argiuz
[2011/07/31 00:12:34 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\AVG10
[2011/07/31 20:28:46 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\BitTorrent
[2011/07/30 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\Byyk
[2011/07/31 19:06:30 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\DMCache
[2011/01/21 11:12:21 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\Image Zone Express
[2009/06/29 19:05:53 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\Nokia
[2008/07/13 18:38:29 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\Nokia Multimedia Player
[2009/06/29 19:04:38 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\PC Suite
[2010/12/16 23:10:59 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\PCDr
[2009/08/15 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\Printer Info Cache
[2009/05/20 02:30:00 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\ptidle
[2008/07/16 12:05:09 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\Template
[2009/07/06 23:11:00 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\tmp
[2011/08/01 21:15:08 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/01/06 02:17:30 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\ERDNT\cache\explorer.exe
[2009/01/06 02:17:30 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2009/01/06 02:17:30 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/01/06 02:17:28 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/01/06 02:17:28 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/03/31 04:26:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/03/31 04:26:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/01/06 02:17:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 19:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 19:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\ERDNT\cache\svchost.exe
[2006/11/02 19:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 19:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/11/02 19:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\ERDNT\cache\userinit.exe
[2006/11/02 19:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 19:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 19:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\ERDNT\cache\winlogon.exe
[2006/11/02 19:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 19:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/01 16:56:11 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/01 16:56:11 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/01 16:56:11 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/08/01 16:56:13 | 000,634,632 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/01 16:56:11 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/01 16:56:11 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/01 16:56:11 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/08/01 16:56:13 | 000,634,632 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
  • 0

#4
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL Extras



OTL Extras logfile created on: 1/08/2011 9:24:30 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\oficeworks\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 61.88% Memory free
3.96 Gb Paging File | 3.13 Gb Available in Paging File | 79.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.46 Gb Total Space | 45.25 Gb Free Space | 33.16% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.55 Gb Free Space | 35.53% Space Free | Partition Type: NTFS

Computer Name: OFICEWORKS-PC | User Name: oficeworks | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1922846813-3972788176-1396402969-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04DB506B-D5B0-9BD0-2A7C-65587AB1794B}" = CCC Help Finnish
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07725550-2B37-0943-07FD-29453D88322D}" = CCC Help Chinese Standard
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}" = Nokia Connectivity Cable Driver
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{109DEFF3-0F9C-B90E-1FCF-B2D4C8D58E0A}" = ccc-utility
"{118CC60E-AE5A-EFEC-41E2-D2170BEB2D45}" = Catalyst Control Center Localization German
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{155EA411-1195-1607-16FF-37C49FCA6545}" = CCC Help French
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1E1300BC-6DBA-476B-8CCF-4AA81ED4DF6A}" = AVG 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{29466F9C-7C6A-419C-B301-F440FAF78760}" = Nokia PC Suite
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D5BB065-4495-ECED-E4D7-931AE91F4DCD}" = Catalyst Control Center Localization Chinese Standard
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30557C7D-C61B-E5DB-2FF6-C50694C1B361}" = CCC Help Swedish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5673C2CA-7DC5-C89D-B05B-D609F2EE9C23}" = ccc-core-static
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5884F0A6-A620-BC79-8B3A-729717DE6219}" = CCC Help Russian
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{605C5B33-D941-5462-62C3-845376592B16}" = CCC Help English
"{6403B252-6E0B-B691-B885-F8BFD1D8672C}" = CCC Help Spanish
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66523DDC-1A79-2C5C-747A-0544F9FE7DDF}" = Catalyst Control Center Localization Russian
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6D8C1A46-13F0-C881-146A-CB022BBB1A48}" = CCC Help Chinese Traditional
"{6DB44D01-6AE4-101A-67AD-2C844EF5A848}" = Catalyst Control Center Graphics Full Existing
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{744EE4F0-5CA7-E7BE-C751-CBE539C4163F}" = Catalyst Control Center Localization Japanese
"{7A0EF9C9-2B99-1120-BBF7-A681038A76E2}" = CCC Help Korean
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F2B02AF-BCD8-5F37-8022-C43B777BAF30}" = CCC Help Portuguese
"{7F2EF4C3-A0D0-8329-0E27-E248BB35C8EB}" = CCC Help Japanese
"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
"{82FB4277-C9BD-8C5C-FEEC-0D592E50A674}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{866DB074-CEAA-9ADE-5A2C-27B1ECD15E73}" = CCC Help Norwegian
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C15DD41-E96B-9209-0485-1EBB136604C3}" = Catalyst Control Center Localization Korean
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{940BEE17-AECB-F3EE-9886-344E9165AA6C}" = Catalyst Control Center Localization French
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A563AD6D-B517-65F2-0CC5-C1446AB1A0A4}" = Catalyst Control Center Localization Chinese Traditional
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC3E7ED0-6255-7996-04B6-265907528406}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6DCC604-288E-E573-DDA7-F8E5EA95C5C5}" = Catalyst Control Center Graphics Full New
"{B71AAB54-8712-07EB-73C8-20C6831B7D15}" = Catalyst Control Center Core Implementation
"{B7ED3BB2-C07C-D922-E80D-261433D9B483}" = Catalyst Control Center Localization Norwegian
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution
"{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}" = 6300_Help
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BFE6DE7B-3BAF-E798-7354-4B1F0A2ADF89}" = CCC Help Dutch
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7733-D6D0-966B-9179-6D462D56C0A5}" = Catalyst Control Center Localization Danish
"{CC9874F8-5C38-28A9-ABFB-098EA1C159C7}" = Catalyst Control Center Localization Finnish
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D93ADCCA-3BFD-4440-836D-4E4841EBD2A8}" = Catalyst Control Center - Branding
"{DA00D7A2-2F22-237D-70E5-02F8F43BC10C}" = Skins
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCFAC091-B2FD-899F-0ECA-B819A10EB7CB}" = CCC Help Italian
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E0DEB76B-B96C-42D7-6F5A-FBAFEFBF304B}" = Catalyst Control Center Localization Italian
"{E2CB21A2-FD45-4353-888B-FFD071270F35}" = 6300
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EABF6233-192F-C0E6-4977-B9B1472976B9}" = Catalyst Control Center Localization Spanish
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EFF5A560-0D45-19F9-4C72-3280AC25370F}" = Catalyst Control Center Graphics Previews Vista
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4E1C7FA-8BF7-9842-CE03-6DCD102111E1}" = Catalyst Control Center Graphics Light
"{F608FD0E-22AC-3BBA-17B0-ED6E906CCB80}" = Catalyst Control Center Localization Dutch
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FD94C977-C474-DABE-D984-A7BDBEA1B18F}" = Catalyst Control Center Localization Swedish
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF7B5D7-58A5-5313-21F6-CF9702228EA1}" = CCC Help Danish
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nokia PC Suite" = Nokia PC Suite
"Officeworks May Promo 01_is1" = Officeworks May Promo 01
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo!7 Messenger" = Yahoo!7 Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/08/2010 4:04:35 AM | Computer Name = oficeworks-PC | Source = LoadPerf | ID = 3002
Description =

Error - 31/08/2010 8:20:39 AM | Computer Name = oficeworks-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 31/08/2010 8:25:30 AM | Computer Name = oficeworks-PC | Source = LoadPerf | ID = 3002
Description =

Error - 31/08/2010 10:53:46 PM | Computer Name = oficeworks-PC | Source = LoadPerf | ID = 3002
Description =

Error - 1/09/2010 2:40:47 AM | Computer Name = oficeworks-PC | Source = EventSystem | ID = 4621
Description =

Error - 1/09/2010 9:33:33 AM | Computer Name = oficeworks-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/09/2010 9:38:50 AM | Computer Name = oficeworks-PC | Source = LoadPerf | ID = 3002
Description =

Error - 1/09/2010 12:42:26 PM | Computer Name = oficeworks-PC | Source = EventSystem | ID = 4621
Description =

Error - 1/09/2010 12:44:22 PM | Computer Name = oficeworks-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/09/2010 12:48:59 PM | Computer Name = oficeworks-PC | Source = LoadPerf | ID = 3002
Description =

[ System Events ]
Error - 1/08/2011 7:02:32 AM | Computer Name = oficeworks-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 1/08/2011 7:07:30 AM | Computer Name = oficeworks-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.

Error - 1/08/2011 7:07:30 AM | Computer Name = oficeworks-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
6, function 0. Please contact your system vendor for technical assistance.

Error - 1/08/2011 7:09:29 AM | Computer Name = oficeworks-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/08/2011 7:09:29 AM | Computer Name = oficeworks-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/08/2011 7:15:03 AM | Computer Name = oficeworks-PC | Source = DCOM | ID = 10010
Description =

Error - 1/08/2011 7:15:40 AM | Computer Name = oficeworks-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.

Error - 1/08/2011 7:15:40 AM | Computer Name = oficeworks-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
6, function 0. Please contact your system vendor for technical assistance.

Error - 1/08/2011 7:17:39 AM | Computer Name = oficeworks-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/08/2011 7:17:39 AM | Computer Name = oficeworks-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

#5
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
aswMBR



aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-01 21:31:59
-----------------------------
21:31:59.861 OS Version: Windows 6.0.6000
21:31:59.861 Number of processors: 2 586 0x6802
21:31:59.861 ComputerName: OFICEWORKS-PC UserName: oficeworks
21:32:07.286 Initialize success
21:32:11.549 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
21:32:11.549 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT0 11.01A11 Size: 152627MB BusType: 3
21:32:13.608 Disk 0 MBR read successfully
21:32:13.624 Disk 0 MBR scan
21:32:13.624 Disk 0 Windows VISTA default MBR code
21:32:13.624 Disk 0 scanning sectors +312578048
21:32:13.733 Disk 0 scanning C:\Windows\system32\drivers
21:32:21.674 Service scanning
21:32:24.154 Modules scanning
21:32:30.035 Disk 0 trace - called modules:
21:32:30.051 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:32:30.051 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c36270]
21:32:30.066 3 ntkrnlpa.exe[824b07e2] -> nt!IofCallDriver -> [0x83d93868]
21:32:30.066 5 acpi.sys[8023232a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x84196bb0]
21:32:30.066 Scan finished successfully
21:36:06.939 Disk 0 MBR has been saved successfully to "C:\Users\oficeworks\Desktop\MBR.dat"
21:36:06.939 The log file has been saved successfully to "C:\Users\oficeworks\Desktop\aswMBR.txt"
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's do some cleaning.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/07/30 04:43:43 | 000,011,210 | -HS- | M] () -- C:\Users\oficeworks\AppData\Local\cls77se8vvtp5rpgcsu286p4l0
    [2011/07/30 04:43:43 | 000,011,210 | -HS- | M] () -- C:\ProgramData\cls77se8vvtp5rpgcsu286p4l0
    [2011/07/30 04:24:27 | 000,000,120 | ---- | M] () -- C:\Users\oficeworks\AppData\Local\Nxobukelikufevor.dat
    [2011/07/30 04:24:27 | 000,000,000 | ---- | M] () -- C:\Users\oficeworks\AppData\Local\Gsixequwamoheyev.bin
    [2011/07/24 21:08:09 | 000,012,448 | ---- | M] () -- C:\Users\oficeworks\AppData\Roaming\wklnhst.dat
    [2011/07/30 04:24:27 | 000,000,120 | ---- | C] () -- C:\Users\oficeworks\AppData\Local\Nxobukelikufevor.dat
    [2011/07/30 04:24:27 | 000,000,000 | ---- | C] () -- C:\Users\oficeworks\AppData\Local\Gsixequwamoheyev.bin
    [2009/02/19 13:44:36 | 000,011,168 | -H-- | C] () -- C:\ProgramData\yisebato
    [2011/07/30 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\Byyk

    :Files
    ipconfig /flushdns /c
    ipconfig /all /c
    nslookup google.com /c
    nslookup yahoo.com /c
    ping -n 2 google.com /c
    ping -n 2 yahoo.com /c
    route print /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download ComboFix here (If you already have Combofix downloaded please delete it and download new version) :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#7
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL fix


========== OTL ==========
C:\Users\oficeworks\AppData\Local\cls77se8vvtp5rpgcsu286p4l0 moved successfully.
C:\ProgramData\cls77se8vvtp5rpgcsu286p4l0 moved successfully.
C:\Users\oficeworks\AppData\Local\Nxobukelikufevor.dat moved successfully.
C:\Users\oficeworks\AppData\Local\Gsixequwamoheyev.bin moved successfully.
C:\Users\oficeworks\AppData\Roaming\wklnhst.dat moved successfully.
File C:\Users\oficeworks\AppData\Local\Nxobukelikufevor.dat not found.
File C:\Users\oficeworks\AppData\Local\Gsixequwamoheyev.bin not found.
C:\ProgramData\yisebato moved successfully.
C:\Users\oficeworks\AppData\Roaming\Byyk folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\oficeworks\Desktop\cmd.bat deleted successfully.
C:\Users\oficeworks\Desktop\cmd.txt deleted successfully.
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : oficeworks-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : BigPond
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : BigPond
Description . . . . . . . . . . . : Dell Wireless 1490 Dual Band WLAN Mini-Card
Physical Address. . . . . . . . . : 00-1F-3A-6E-BA-E3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f87d:422f:e0a9:a47f%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.18(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, 1 August 2011 9:16:10 PM
Lease Expires . . . . . . . . . . : Tuesday, 2 August 2011 9:16:09 PM
Default Gateway . . . . . . . . . : 10.0.0.138
DHCP Server . . . . . . . . . . . : 10.0.0.138
DHCPv6 IAID . . . . . . . . . . . : 167780154
DNS Servers . . . . . . . . . . . : 10.0.0.138
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : BigPond
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-1D-09-36-38-F2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . : BigPond
Description . . . . . . . . . . . : isatap.BigPond
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:10.0.0.18%12(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.0.0.138
NetBIOS over Tcpip. . . . . . . . : Disabled
C:\Users\oficeworks\Desktop\cmd.bat deleted successfully.
C:\Users\oficeworks\Desktop\cmd.txt deleted successfully.
< nslookup google.com /c >
Server: BigPond.BigPond
Address: 10.0.0.138:53
Name: google.com
Addresses: 74.125.237.17, 74.125.237.19, 74.125.237.16, 74.125.237.18
74.125.237.20
C:\Users\oficeworks\Desktop\cmd.bat deleted successfully.
C:\Users\oficeworks\Desktop\cmd.txt deleted successfully.
< nslookup yahoo.com /c >
Server: BigPond.BigPond
Address: 10.0.0.138:53
Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65
C:\Users\oficeworks\Desktop\cmd.bat deleted successfully.
C:\Users\oficeworks\Desktop\cmd.txt deleted successfully.
< ping -n 2 google.com /c >
Pinging google.com [74.125.237.16] with 32 bytes of data:
Reply from 74.125.237.16: bytes=32 time=41ms TTL=51
Reply from 74.125.237.16: bytes=32 time=38ms TTL=52
Ping statistics for 74.125.237.16:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 38ms, Maximum = 41ms, Average = 39ms
C:\Users\oficeworks\Desktop\cmd.bat deleted successfully.
C:\Users\oficeworks\Desktop\cmd.txt deleted successfully.
< ping -n 2 yahoo.com /c >
Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=186ms TTL=47
Reply from 98.137.149.56: bytes=32 time=186ms TTL=47
Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 186ms, Maximum = 186ms, Average = 186ms
C:\Users\oficeworks\Desktop\cmd.bat deleted successfully.
C:\Users\oficeworks\Desktop\cmd.txt deleted successfully.
< route print /c >
===========================================================================
Interface List
10 ...00 1f 3a 6e ba e3 ...... Dell Wireless 1490 Dual Band WLAN Mini-Card
9 ...00 1d 09 36 38 f2 ...... Realtek RTL8139/810x Family Fast Ethernet NIC
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
12 ...00 00 00 00 00 00 00 e0 isatap.BigPond
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.138 10.0.0.18 25
10.0.0.0 255.255.255.0 On-link 10.0.0.18 281
10.0.0.18 255.255.255.255 On-link 10.0.0.18 281
10.0.0.255 255.255.255.255 On-link 10.0.0.18 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.18 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.18 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
12 286 fe80::5efe:10.0.0.18/128 On-link
10 281 fe80::f87d:422f:e0a9:a47f/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\Users\oficeworks\Desktop\cmd.bat deleted successfully.
C:\Users\oficeworks\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 08012011_230617
  • 0

#8
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Combofix



ComboFix 11-07-31.04 - oficeworks 01/08/2011 23:11:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.61.1033.18.1917.1286 [GMT 10:00]
Running from: c:\users\oficeworks\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))
.
.
2011-08-01 13:17 . 2011-08-01 13:17 -------- d-----w- c:\users\oficeworks\AppData\Local\temp
2011-08-01 13:17 . 2011-08-01 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-01 13:08 . 2011-08-01 13:09 -------- d-----w- C:\32788R22FWJFW
2011-08-01 13:06 . 2011-08-01 13:06 -------- d-----w- C:\_OTL
2011-08-01 06:57 . 2011-08-01 06:57 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-08-01 06:57 . 2011-08-01 06:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-08-01 06:57 . 2011-08-01 06:57 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-08-01 06:57 . 2011-08-01 06:57 24064 ----a-w- c:\windows\system32\lpk.dll
2011-08-01 06:57 . 2011-08-01 06:57 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-08-01 06:57 . 2011-08-01 06:57 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-08-01 06:54 . 2011-08-01 06:54 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-08-01 06:54 . 2011-08-01 06:54 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-08-01 06:53 . 2011-08-01 06:53 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-08-01 06:53 . 2011-08-01 06:53 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-08-01 06:53 . 2011-08-01 06:53 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-08-01 06:53 . 2011-08-01 06:53 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-08-01 06:53 . 2011-08-01 06:53 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-08-01 06:53 . 2011-08-01 06:53 15360 ----a-w- c:\windows\system32\netevent.dll
2011-08-01 06:53 . 2011-08-01 06:53 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-08-01 06:53 . 2011-08-01 06:53 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-08-01 06:53 . 2011-08-01 06:53 10240 ----a-w- c:\windows\system32\finger.exe
2011-08-01 06:52 . 2011-08-01 06:52 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-08-01 06:52 . 2011-08-01 06:52 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-08-01 06:52 . 2011-08-01 06:52 502784 ----a-w- c:\windows\system32\wlansvc.dll
2011-08-01 06:52 . 2011-08-01 06:52 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-08-01 06:52 . 2011-08-01 06:52 299520 ----a-w- c:\windows\system32\wlansec.dll
2011-08-01 06:52 . 2011-08-01 06:52 289280 ----a-w- c:\windows\system32\wlanmsm.dll
2011-08-01 06:51 . 2011-08-01 06:51 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-08-01 06:51 . 2011-08-01 06:51 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-08-01 06:51 . 2011-08-01 06:51 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-08-01 06:51 . 2011-08-01 06:51 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-08-01 06:50 . 2011-08-01 06:50 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-08-01 06:50 . 2011-08-01 06:50 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-01 06:50 . 2011-08-01 06:50 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-01 06:50 . 2011-08-01 06:50 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-01 06:49 . 2011-08-01 06:49 98816 ----a-w- c:\windows\system32\mfps.dll
2011-08-01 06:49 . 2011-08-01 06:49 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-08-01 06:49 . 2011-08-01 06:49 2855424 ----a-w- c:\windows\system32\mf.dll
2011-08-01 06:49 . 2011-08-01 06:49 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-08-01 06:49 . 2011-08-01 06:49 2048 ----a-w- c:\windows\system32\mferror.dll
2011-08-01 06:48 . 2011-08-01 06:48 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-01 06:48 . 2011-08-01 06:48 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-01 06:48 . 2011-08-01 06:48 376832 ----a-w- c:\windows\system32\winhttp.dll
2011-08-01 06:47 . 2011-08-01 06:47 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-08-01 06:47 . 2011-08-01 06:47 71680 ----a-w- c:\windows\system32\atl.dll
2011-08-01 06:44 . 2011-08-01 06:44 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-08-01 06:44 . 2011-08-01 06:44 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-08-01 06:44 . 2011-08-01 06:44 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-08-01 06:43 . 2011-08-01 06:43 36352 ----a-w- c:\windows\system32\tsgqec.dll
2011-08-01 06:43 . 2011-08-01 06:43 1871872 ----a-w- c:\windows\system32\mstscax.dll
2011-08-01 06:43 . 2011-08-01 06:43 116736 ----a-w- c:\windows\system32\aaclient.dll
2011-08-01 06:42 . 2011-08-01 06:42 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2011-08-01 06:42 . 2011-08-01 06:42 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-08-01 06:42 . 2011-08-01 06:42 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2011-08-01 06:42 . 2011-08-01 06:42 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2011-08-01 06:40 . 2011-08-01 06:40 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-01 06:39 . 2011-08-01 06:39 696832 ----a-w- c:\windows\system32\localspl.dll
2011-08-01 06:38 . 2011-08-01 06:38 494592 ----a-w- c:\windows\system32\kerberos.dll
2011-08-01 06:38 . 2011-08-01 06:38 7680 ----a-w- c:\windows\system32\lsass.exe
2011-08-01 06:38 . 2011-08-01 06:38 72704 ----a-w- c:\windows\system32\secur32.dll
2011-08-01 06:38 . 2011-08-01 06:38 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-08-01 06:38 . 2011-08-01 06:38 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-08-01 06:38 . 2011-08-01 06:38 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2011-08-01 06:38 . 2011-08-01 06:38 272384 ----a-w- c:\windows\system32\schannel.dll
2011-08-01 06:37 . 2011-08-01 06:37 549888 ----a-w- c:\windows\system32\rpcss.dll
2011-08-01 06:37 . 2011-08-01 06:37 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-08-01 06:37 . 2011-08-01 06:37 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-08-01 06:37 . 2011-08-01 06:37 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2011-08-01 06:37 . 2011-08-01 06:37 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2011-08-01 06:37 . 2011-08-01 06:37 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-08-01 06:37 . 2011-08-01 06:37 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2011-08-01 06:37 . 2011-08-01 06:37 97280 ----a-w- c:\windows\system32\iasrecst.dll
2011-08-01 06:37 . 2011-08-01 06:37 53248 ----a-w- c:\windows\system32\iasads.dll
2011-08-01 06:37 . 2011-08-01 06:37 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2011-08-01 06:37 . 2011-08-01 06:37 158720 ----a-w- c:\windows\system32\sdohlp.dll
2011-08-01 06:27 . 2011-08-01 06:27 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-08-01 06:27 . 2011-08-01 06:27 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-08-01 06:27 . 2011-08-01 06:27 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-08-01 06:27 . 2011-08-01 06:27 11264 ----a-w- c:\windows\system32\icardres.dll
2011-08-01 06:27 . 2011-08-01 06:27 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-08-01 06:27 . 2011-08-01 06:27 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-08-01 06:27 . 2011-08-01 06:27 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-01 06:27 . 2011-08-01 06:27 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-31 17:20 . 2011-07-31 17:20 96760 ----a-w- c:\windows\system32\dfshim.dll
2011-07-31 17:20 . 2011-07-31 17:20 41984 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-31 17:20 . 2011-07-31 17:20 282112 ----a-w- c:\windows\system32\mscoree.dll
2011-07-31 17:20 . 2011-07-31 17:20 83968 ----a-w- c:\windows\system32\mscories.dll
2011-07-31 17:20 . 2011-07-31 17:20 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-07-31 15:11 . 2011-07-06 09:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 15:11 . 2011-07-06 09:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-31 13:27 . 2011-07-31 13:27 -------- d-----w- c:\program files\Perfect Uninstaller
2011-07-31 10:27 . 2011-07-31 10:27 -------- d-----w- c:\program files\CCleaner
2011-07-31 09:25 . 2011-07-31 09:43 -------- d-----w- c:\users\oficeworks\AppData\Local\NPE
2011-07-31 09:25 . 2011-07-31 09:26 -------- d-----w- c:\programdata\Norton
2011-07-31 08:52 . 2011-07-31 08:52 -------- d-----w- C:\_OTM
2011-07-30 19:28 . 2011-07-30 19:28 268800 ----a-w- c:\windows\system32\es.dll
2011-07-30 19:28 . 2011-07-30 19:28 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-07-30 19:27 . 2011-07-30 19:27 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-07-30 19:27 . 2011-07-30 19:27 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-07-30 19:26 . 2011-07-30 19:26 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-07-30 19:26 . 2011-07-30 19:26 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-07-30 19:26 . 2011-07-30 19:26 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-07-30 19:26 . 2011-07-30 19:26 85504 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-07-30 19:26 . 2011-07-30 19:26 818688 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-30 19:26 . 2011-07-30 19:26 543232 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2011-07-30 19:26 . 2011-07-30 19:26 22016 ----a-w- c:\windows\system32\netiougc.exe
2011-07-30 19:26 . 2011-07-30 19:26 213896 ----a-w- c:\windows\system32\drivers\netio.sys
2011-07-30 19:26 . 2011-07-30 19:26 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2011-07-30 19:26 . 2011-07-30 19:26 416768 ----a-w- c:\windows\system32\IKEEXT.DLL
2011-07-30 19:26 . 2011-07-30 19:26 317440 ----a-w- c:\windows\system32\BFE.DLL
2011-07-30 19:24 . 2011-07-30 19:24 25600 ----a-w- c:\windows\system32\amxread.dll
2011-07-30 19:24 . 2011-07-30 19:24 14848 ----a-w- c:\windows\system32\apilogen.dll
2011-07-30 19:24 . 2011-07-30 19:24 97792 ----a-w- c:\windows\system32\cabview.dll
2011-07-30 19:23 . 2011-07-30 19:23 2031104 ----a-w- c:\windows\system32\win32k.sys
2011-07-30 19:19 . 2011-07-30 19:19 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2011-07-30 19:19 . 2011-07-30 19:19 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-07-30 19:19 . 2011-07-30 19:19 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-07-30 19:19 . 2011-07-30 19:19 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-07-30 19:19 . 2011-07-30 19:19 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-07-30 19:19 . 2011-07-30 19:19 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2011-07-30 19:19 . 2011-07-30 19:19 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-07-30 19:19 . 2011-07-30 19:19 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-07-30 19:19 . 2011-07-30 19:19 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-07-30 19:19 . 2011-07-30 19:19 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2011-07-30 19:18 . 2011-07-30 19:18 60928 ----a-w- c:\windows\system32\msasn1.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-01 06:56 . 2011-08-01 06:56 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-07-30 19:24 . 2011-07-30 19:24 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 11:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 07:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-23 16:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-05-31 23:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 06:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2007-12-10 00:12 695808 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 07:39 189736 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 01:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1922846813-3972788176-1396402969-1000]
"EnableNotificationsRef"=dword:00000001
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.138
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-01 23:17
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-01 23:19:30
ComboFix-quarantined-files.txt 2011-08-01 13:19
ComboFix2.txt 2011-07-31 13:16
.
Pre-Run: 47,295,111,168 bytes free
Post-Run: 47,051,509,760 bytes free
.
- - End Of File - - B4FE736D50242A004F510EFAFF4BEA6A
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
DO you still get redirected?

If you do, do you get redirected in all browsers you use or this redirection only effect one browser?
  • 0

#10
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Yes i'm still getting redirected, and I am only using Internet Explorer at the moment, is there anything else I can do to fix this problem without having to change browsers or formatting?
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We will try our best to solve this. We need to narrow the problem first.

  • Do you use router to to access internet?
  • Do you have any other PCs connected to that router and does they get redirected?

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Complete scan sometimes takes up to 3 hours to finish so please be patient.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
  • 0

#12
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Currently using the ISP's wireless modem, I have my PC connected via Ethernet and my Laptop (virus infected) via Wi-Fi. My PC is not affected at all, I am currently doing the scan and will post the result as soon as it finishes. Is it normal that the quick scan is taking around 10-15 mins and is only half way through it?
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. I think that scan will take some time to finish. Usually it takes one to three hours.
  • 0

#14
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Sorry I ment for the short scan, after this I still have to do the Complete scan yes?

Do I post my result for the short scan? Also do I restart after this scan or wait until the Complete scan is finished?
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Yes. You must do Complete scan after short one. Scan time are very PC depended and it changes from scan to scan.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP