All exe files wont work, safe mode not working and antivirus/antimalwa
#1
Posted 31 August 2011 - 06:44 AM
#2
Posted 31 August 2011 - 07:12 AM
My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:
NOTE:
- Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
- Absence of symptoms does not always mean the computer is clean
- Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
- Please DO NOT run any scans or fix on your own without my direction.
- Please read all of my response through at least once before attempting to follow the procedures described.
- If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
- Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
- You must reply within 3 days or your topic will be closed
Step 1
We need to disable malware processes on your system first
- Download TheKiller to your Desktop
- Note that TheKiller is renamed as explorer.exe
- Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
- Press OK button after program finish
- Do not restart your system after this step
Step 2
Download OTL to your Desktop
- Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in
netsvcs %SYSTEMDRIVE%\*.exe /md5start explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.
Step 3
Please don't forget to include these items in your reply:
- OTL log
- OTL Extras log
#3
Posted 31 August 2011 - 07:19 AM
#4
Posted 31 August 2011 - 12:19 PM
But I hope it will open...
#5
Posted 01 September 2011 - 11:25 PM
Are you still with me?
#6
Posted 03 September 2011 - 02:25 AM
------------------
Attached Files
#7
Posted 03 September 2011 - 08:41 AM
We have work to do...
Step 1
Please close all running programs and Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:processes
killallprocesses
:OTL
MOD - [2011/09/03 16:11:01 | 000,012,970 | ---- | M] () -- C:\Documents and Settings\pab\Local Settings\Temp\winjosoef.exe
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
[2011/09/02 23:38:35 | 000,050,703 | ---- | M] () -- C:\WINDOWS\System32\lpdd.exe
[2011/08/29 12:38:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ug.exe
[2011/08/28 20:48:44 | 000,069,336 | ---- | M] () -- C:\WINDOWS\System32\mq.exe
[2011/08/28 02:59:49 | 000,069,336 | ---- | M] () -- C:\WINDOWS\System32\cq.exe
[2011/08/25 21:03:50 | 000,069,336 | ---- | M] () -- C:\WINDOWS\System32\ge.exe
[2011/08/22 21:51:39 | 000,005,894 | ---- | M] () -- C:\a.bat
[2011/08/22 21:51:12 | 000,505,856 | RHS- | M] () -- C:\WINDOWS\System32\upds.exe
[2011/08/20 16:03:50 | 000,036,864 | R--- | M] () -- C:\WINDOWS\System32\TFTP3476
[2002/08/05 13:54:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\tutildel.exe
[2002/08/01 14:53:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
:Files
C:\Documents and Settings\pab\Local Settings\Temp\winjosoef.exe
ipconfig /flushdns /c
:Commands
[purity]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Step 3
Please read carefully and follow these steps.
Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
- Extract the zip file to its own folder.
- Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
- Click Start scan to start scanning.
- If infection is detected, the default setting for "action" should be Cure
- (If suspicious file is detected please click on it and change it to Skip).
- Click Continue button
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
Step 4
Please don't forget to include these items in your reply:
- OTL fix log
- Malwarebytes log
- TDSSKiller log
#8
Posted 03 September 2011 - 11:22 AM
Attached Files
#9
Posted 03 September 2011 - 11:55 AM
#10
Posted 03 September 2011 - 12:28 PM
#11
Posted 03 September 2011 - 02:06 PM
Please read carefully and follow these steps.
Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
- Extract the zip file to its own folder.
- Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
- Click Start scan to start scanning.
- If infection is detected, the default setting for "action" should be Cure
- (If suspicious file is detected please click on it and change it to Skip).
- Click Continue button
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
#12
Posted 03 September 2011 - 10:02 PM
#13
Posted 03 September 2011 - 11:31 PM
Please do OTL Quick Scan but tis time make sure All Users option is selected. Post/attach OTL.txt log after the scan.
#14
Posted 04 September 2011 - 06:09 AM
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\pab\Desktop
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.36 Mb Total Physical Memory | 818.07 Mb Available Physical Memory | 79.94% Memory free
2.40 Gb Paging File | 2.09 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 17.56 Gb Free Space | 62.82% Space Free | Partition Type: NTFS
Drive E: | 24.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: TOSHIBA-USER | User Name: pab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/02 00:04:42 | 000,642,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
PRC - [2011/07/18 21:20:28 | 002,286,592 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2011/07/18 21:20:28 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/02 14:12:25 | 000,176,128 | ---- | M] () -- C:\Program Files\Globe Broadband\Globe Broadband.exe
PRC - [2002/07/31 11:41:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe
PRC - [2002/07/03 17:17:00 | 000,102,400 | R--- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
PRC - [2002/04/15 18:35:38 | 000,311,296 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2002/04/03 17:19:22 | 000,237,568 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2002/03/19 20:38:26 | 000,286,720 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPWRTRAY.EXE
PRC - [2001/08/18 05:00:00 | 001,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/03 17:08:28 | 000,135,168 | ---- | M] (Toshiba Corp.) -- C:\WINDOWS\system32\TFNF5.exe
========== Modules (No Company Name) ==========
MOD - [2011/07/02 14:12:25 | 000,176,128 | ---- | M] () -- C:\Program Files\Globe Broadband\Globe Broadband.exe
MOD - [2010/01/12 18:27:48 | 000,061,440 | ---- | M] () -- C:\Program Files\Globe Broadband\XCodec.dll
MOD - [2010/01/12 18:27:46 | 000,159,744 | ---- | M] () -- C:\Program Files\Globe Broadband\SMSPlugin.dll
MOD - [2010/01/12 18:27:46 | 000,151,552 | ---- | M] () -- C:\Program Files\Globe Broadband\DetectDev.dll
MOD - [2010/01/12 18:27:46 | 000,135,168 | ---- | M] () -- C:\Program Files\Globe Broadband\LocaleMgrPlugin.dll
MOD - [2010/01/12 18:27:46 | 000,090,112 | ---- | M] () -- C:\Program Files\Globe Broadband\FileManager.dll
MOD - [2010/01/12 18:27:46 | 000,086,016 | ---- | M] () -- C:\Program Files\Globe Broadband\DialUpPlugin.dll
MOD - [2010/01/12 18:27:46 | 000,061,440 | ---- | M] () -- C:\Program Files\Globe Broadband\DeviceOperate.dll
MOD - [2010/01/12 18:27:46 | 000,057,344 | ---- | M] () -- C:\Program Files\Globe Broadband\ConfigFilePlugin.dll
MOD - [2010/01/12 18:27:46 | 000,032,768 | ---- | M] () -- C:\Program Files\Globe Broadband\NotifyServicePlugin.dll
MOD - [2010/01/12 18:27:46 | 000,014,848 | ---- | M] () -- C:\Program Files\Globe Broadband\isaputrace.dll
MOD - [2010/01/12 18:27:44 | 000,552,960 | ---- | M] () -- C:\Program Files\Globe Broadband\atcomm.dll
MOD - [2010/01/12 18:27:44 | 000,073,728 | ---- | M] () -- C:\Program Files\Globe Broadband\CallPlugin.dll
MOD - [2009/12/10 11:40:20 | 000,991,232 | ---- | M] () -- C:\Program Files\Globe Broadband\NDISAPI.dll
MOD - [2009/12/10 10:53:38 | 000,172,032 | ---- | M] () -- C:\Program Files\Globe Broadband\DeviceMgrUIPlugin.dll
MOD - [2009/12/10 10:52:58 | 000,114,688 | ---- | M] () -- C:\Program Files\Globe Broadband\DeviceMgrPlugin.dll
MOD - [2009/09/19 11:08:04 | 000,118,784 | ---- | M] () -- C:\Program Files\Globe Broadband\NetInfoPlugin.dll
MOD - [2001/08/18 05:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (PrtSmanm)
SRV - File not found [Auto | Stopped] -- -- (Netmanm)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/04 02:05:23 | 000,115,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
SRV - [2011/07/18 21:20:28 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2001/08/18 05:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (aic32p)
DRV - [2011/07/18 21:20:28 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011/07/06 19:52:42 | 000,021,048 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2002/08/01 13:43:01 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/06/21 11:47:56 | 001,133,440 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/05/17 04:56:02 | 000,063,501 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/04/04 18:12:48 | 000,023,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsdhd.sys -- (tsdhd)
DRV - [2002/02/26 17:00:00 | 000,585,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20020227.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2002/02/26 17:00:00 | 000,065,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20020227.005\NAVENG.SYS -- (NAVENG)
DRV - [2002/02/26 10:40:24 | 000,058,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002/01/29 14:43:52 | 000,488,960 | ---- | M] (YAMAHA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97)
DRV - [2002/01/24 14:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys -- (TBiosDrv)
DRV - [2002/01/07 18:16:40 | 000,015,111 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tossdpci.sys -- (pciSd)
DRV - [2001/12/19 16:46:44 | 000,155,136 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2001/12/12 14:55:02 | 000,157,984 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2001/12/12 14:54:36 | 000,014,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2001/12/08 15:00:00 | 000,183,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAVAP.SYS -- (NAVAP)
DRV - [2001/09/13 19:53:02 | 000,005,936 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS -- (TVALG)
DRV - [2001/09/11 11:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 14:23:58 | 000,005,264 | ---- | M] (Toshiba Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS -- (TVALD)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
IE - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 18:33:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\pab\Application Data\IDM\idmmzcc3
[2011/07/02 14:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pab\Application Data\Mozilla\Extensions
[2011/08/05 19:23:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pab\Application Data\Mozilla\Firefox\Profiles\lvfzyrae.default\extensions
[2011/09/03 18:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PAB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LVFZYRAE.DEFAULT\EXTENSIONS\[email protected]
[2011/08/30 15:59:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/30 12:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2001/08/18 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (Toshiba Corp.)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/01 09:15:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/22 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/16 19:13:46 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/04 00:51:39 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/04 00:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/04 00:51:32 | 000,021,048 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/04 00:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/04 00:48:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/04 00:41:29 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\pab\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/03 17:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Google
[2011/09/03 17:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Opera
[2011/09/03 17:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Application Data\Opera
[2011/09/03 17:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/09/03 17:16:01 | 010,377,904 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\pab\Desktop\Opera_1151_int_Setup.exe
[2011/09/02 00:04:37 | 000,642,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
[2011/08/30 01:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/08/30 01:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/28 15:40:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/08/28 04:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Xara
[2011/08/25 03:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Desktop\mobile movies
[2011/08/21 14:36:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\pab\Recent
[2011/08/17 02:31:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/08/14 03:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Application Data\AdobeUM
[2011/08/14 03:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Adobe
[2011/08/13 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2011/08/13 16:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2011/08/13 16:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing
[2011/08/13 16:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/08/13 16:51:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2011/08/11 21:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Application Data\InterVideo
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/04 14:06:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/04 14:06:14 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/04 00:51:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/04 00:45:54 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\pab\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/03 18:34:02 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/03 17:16:47 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\pab\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/09/03 17:16:47 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/09/03 17:16:01 | 010,377,904 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\pab\Desktop\Opera_1151_int_Setup.exe
[2011/09/02 20:00:01 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2011/09/02 01:51:49 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\contract.rtf
[2011/09/02 00:04:42 | 000,642,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
[2011/09/02 00:04:00 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\123.rtf
[2011/08/31 02:57:15 | 000,003,692 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\Document2.rtf
[2011/08/30 12:51:30 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/30 01:47:31 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/29 15:36:40 | 000,679,607 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited2takip.JPG
[2011/08/29 14:08:30 | 001,158,462 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited2.jpg
[2011/08/29 13:57:17 | 001,153,599 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited.jpg
[2011/08/29 10:34:58 | 000,368,383 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\momsy.jpg
[2011/08/29 05:30:38 | 000,100,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/28 13:24:09 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\pab\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/28 04:36:59 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\Shortcut to Portable Xara3D6.exe.lnk
[2011/08/27 22:38:30 | 000,025,658 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\cc_20110827_223823.reg
[2011/08/27 17:42:22 | 001,076,314 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregation.jpg
[2011/08/20 00:55:46 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\pab\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/19 23:56:22 | 000,001,136 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/16 23:45:33 | 000,506,842 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\Untitled-1.psd
[2011/08/13 16:59:48 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/08/13 16:52:54 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2011/08/10 23:19:53 | 000,009,778 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\cc_20110810_231948.reg
[2011/08/10 19:23:58 | 000,077,412 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\makulay ang kendi.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/04 00:51:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/03 18:34:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/03 17:16:47 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\pab\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/09/03 17:16:47 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/09/03 17:16:46 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/09/02 01:51:49 | 000,000,455 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\contract.rtf
[2011/09/02 00:03:59 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\123.rtf
[2011/08/30 01:47:31 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/30 01:03:51 | 000,003,692 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\Document2.rtf
[2011/08/29 15:36:40 | 000,679,607 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited2takip.JPG
[2011/08/29 14:08:27 | 001,158,462 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited2.jpg
[2011/08/29 13:57:08 | 001,153,599 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited.jpg
[2011/08/29 10:35:25 | 001,076,314 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregation.jpg
[2011/08/29 10:34:57 | 000,368,383 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\momsy.jpg
[2011/08/28 13:24:09 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\pab\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/28 04:36:59 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\Shortcut to Portable Xara3D6.exe.lnk
[2011/08/27 22:38:26 | 000,025,658 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\cc_20110827_223823.reg
[2011/08/16 23:45:31 | 000,506,842 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\Untitled-1.psd
[2011/08/13 16:59:49 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS.lnk
[2011/08/13 16:59:49 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS.lnk
[2011/08/13 16:59:48 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/08/13 16:52:54 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2011/08/13 16:52:50 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 6.0.lnk
[2011/08/10 23:19:52 | 000,009,778 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\cc_20110810_231948.reg
[2011/08/10 19:23:58 | 000,077,412 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\makulay ang kendi.jpg
[2011/08/10 11:57:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/03 19:29:46 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\ga.exe
[2011/07/18 21:20:28 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/07/09 20:20:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/07/02 14:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2002/08/09 11:01:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/08/01 14:53:45 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2002/08/01 13:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/08/01 13:48:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2002/08/01 13:46:53 | 000,000,546 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/08/01 13:46:53 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/08/01 13:46:25 | 000,007,102 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2002/08/01 13:30:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2002/08/01 13:26:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2002/08/01 13:21:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2002/08/01 13:18:28 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2002/08/01 13:15:06 | 000,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2002/08/01 13:15:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2002/08/01 13:15:06 | 000,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2002/08/01 13:15:06 | 000,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2002/08/01 09:21:55 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2002/08/01 09:19:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/08/01 09:15:51 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/08/01 09:11:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/01 09:09:39 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/08/01 08:45:05 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/08/01 08:44:01 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/08/01 08:43:54 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2002/08/01 08:43:52 | 000,313,514 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/01 08:43:52 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/01 08:43:52 | 000,041,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/01 08:43:52 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/01 08:43:49 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/01 08:43:47 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/01 08:43:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/08/01 08:43:28 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/01 08:43:28 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/01 08:43:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/01 08:42:46 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002/08/01 02:03:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/08/01 02:02:24 | 000,100,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== LOP Check ==========
[2002/08/01 15:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD
[2002/08/01 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2011/07/06 12:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\10-7r-18-1s-o3-6r
[2011/07/06 20:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-55-55-55-55-55
[2011/07/21 18:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2011/07/14 11:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2011/07/14 11:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\incredible express
[2011/07/12 01:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lifetime
[2011/07/25 23:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/07/06 09:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2011/08/28 23:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2011/07/16 23:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/15 18:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab
[2011/07/19 02:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2002/08/01 15:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Drag'n Drop CD
[2002/08/01 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2011/08/29 23:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\DMCache
[2002/08/01 15:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Drag'n Drop CD
[2011/07/06 09:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\GameHouse
[2011/07/09 20:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\GamesCafe
[2002/08/01 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\InterTrust
[2011/08/11 21:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\InterVideo
[2011/07/18 20:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Jane s Hotel
[2011/07/13 02:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Mysteryville2
[2011/09/03 17:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Opera
[2011/07/25 23:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\PlayFirst
[2011/07/03 16:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\RobotSoft
[2011/08/28 15:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Spyware Terminator
[2011/07/15 16:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Supermarket Mania 2
[2011/07/16 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\World-LooM
[2011/07/02 23:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Y!Supra
[2011/07/19 02:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Zbshareware Lab
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2193C133
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21B987C4
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9
< End of report >
#15
Posted 04 September 2011 - 11:31 PM
- Can you open TXT files now?
- Can you just start Notepad?
- Can you run EXE files now?
If you get any error messages by trying to open them write it down for me please.
Step 1
Download SREng
- Extract it to Desktop and double click SREngLdr.EXE to run it
- Select System Repair from the left pane.
- Click on File Association
- Select all entries that has an Error status click [Repair]
- Refer to this image for an example:
- Close SREng now.
Step 2
Please close all running programs and Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
[2011/08/03 19:29:46 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\ga.exe
[2011/07/06 12:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\10-7r-18-1s-o3-6r
[2011/07/06 20:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-55-55-55-55-55
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DOCUME~1\pab\LOCALS~1\Temp\winsjgkq.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winbvirnk.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winvpnda.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\w7e06a.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winbtekp.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winefvlea.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winnthiox.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winkiop.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wincavhuh.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winuxio.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winxfjjhc.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winrhvum.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winmgcl.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winokfck.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winpitmge.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winjdfohl.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\~e5d141.tmp"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\windtejo.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winkbqgsv.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winvves.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wintxkia.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winqkmi.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winsnhw.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winuyjb.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winucgc.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winirlwk.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wincioqc.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winyuajo.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winagslax.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winkxti.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\windtcm.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\windgjdp.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winayibpm.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winkybk.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wingxxa.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wintwipfd.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winucwbh.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winjsdo.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winhqttd.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winhmpqk.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winwdko.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winbyuej.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wintmnym.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winvnkumg.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winoihj.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winnocjj.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winquyk.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winynvos.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winimpwml.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winhdjkkh.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winxpjt.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winpjged.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winljplv.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winhcwm.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wingfmkfn.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winccwg.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winnwitl.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winibcthk.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winsjlmo.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winqrcfuj.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winpxlxya.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winpdralc.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winoyfy.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winfidie.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winpgnb.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winwvityg.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winfvctrv.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winakoiax.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winwcgq.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winhatd.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winnrubm.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winqexko.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winrexwid.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winscldof.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winoobm.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winckpmh.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winthpuoq.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wingvuk.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winmvuq.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wincbbwp.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winnpej.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winjosoef.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winpprpu.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winadryh.exe"=-
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 3
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
Step 4
Please don't forget to include these items in your reply:
- OTL fix log
- AVPTool log
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users