Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

All exe files wont work, safe mode not working and antivirus/antimalwa


  • This topic is locked This topic is locked

#1
ejhay06

ejhay06

    Member

  • Member
  • PipPip
  • 19 posts
Hello, I hope I am writing this topic in the right section, sorry If I'm in the wrong thread, anyways I have some problem and I'm not so sure what to do, all my .exe files don't work, when I'm trying to open it, it says missing shortcut, MBAM/Hijackthis is not working as well, I tried to open it in safe mode but was not successful either, just got some blue screen, and I tried to use my recovery cd but am not successful as well, I think the problem is the cd. I hope someone can tell me what to do :) thanks very much, help will be very much appreciated.I'm sure it is cause by some virus, the last time I made some scan while MBAM's working I thought its already gone, but now I know its not.Thank you again :unsure:
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello ejhay06 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

We need to disable malware processes on your system first
  • Download TheKiller to your Desktop
  • Note that TheKiller is renamed as explorer.exe
  • Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
It would be helpful if you could post each log in separate post
  • 0

#3
ejhay06

ejhay06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Sir, before I begin doing this, I would like to ask if the results for OTL opens in notepad?If it does, my notepad don't work as well, it says missing shortcut.thank you very much.,sorry for all the trouble.
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
If it fails to open notepad then attach OTL.txt and Extras.txt in your next reply. These are saved in the same location as OTL.

But I hope it will open...
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi ejhay06,

Are you still with me?
  • 0

#6
ejhay06

ejhay06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
sorry Sir ive been out yesterday fixing some papers, my brother told me he can't use the firefox as well, now I am only using IE for posting this, here is the logs. thanks very much sir.
------------------

Attached Files


  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi ejhay06,

We have work to do...

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes
    killallprocesses

    :OTL
    MOD - [2011/09/03 16:11:01 | 000,012,970 | ---- | M] () -- C:\Documents and Settings\pab\Local Settings\Temp\winjosoef.exe
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
    FF - prefs.js..network.proxy.backup.ftp_port: 9666
    FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
    FF - prefs.js..network.proxy.backup.socks_port: 9666
    FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
    FF - prefs.js..network.proxy.backup.ssl_port: 9666
    FF - prefs.js..network.proxy.ftp: "127.0.0.1"
    FF - prefs.js..network.proxy.ftp_port: 9666
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 9666
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "127.0.0.1"
    FF - prefs.js..network.proxy.socks_port: 9666
    FF - prefs.js..network.proxy.ssl: "127.0.0.1"
    FF - prefs.js..network.proxy.ssl_port: 9666
    FF - prefs.js..network.proxy.type: 0
    [2011/09/02 23:38:35 | 000,050,703 | ---- | M] () -- C:\WINDOWS\System32\lpdd.exe
    [2011/08/29 12:38:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ug.exe
    [2011/08/28 20:48:44 | 000,069,336 | ---- | M] () -- C:\WINDOWS\System32\mq.exe
    [2011/08/28 02:59:49 | 000,069,336 | ---- | M] () -- C:\WINDOWS\System32\cq.exe
    [2011/08/25 21:03:50 | 000,069,336 | ---- | M] () -- C:\WINDOWS\System32\ge.exe
    [2011/08/22 21:51:39 | 000,005,894 | ---- | M] () -- C:\a.bat
    [2011/08/22 21:51:12 | 000,505,856 | RHS- | M] () -- C:\WINDOWS\System32\upds.exe
    [2011/08/20 16:03:50 | 000,036,864 | R--- | M] () -- C:\WINDOWS\System32\TFTP3476
    [2002/08/05 13:54:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\tutildel.exe
    [2002/08/01 14:53:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe

    :Files
    C:\Documents and Settings\pab\Local Settings\Temp\winjosoef.exe
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

#8
ejhay06

ejhay06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Sir Ive attached the result from the OTL, but I can't attach the MBAM result, notepad still not working, when I scanned using MBAM and I restarted it, when it comes back on, theres only black screen so I needed to turn it off again, thank you.

Attached Files


  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I understand. It's OK. Please do TDSSKiller log and try to post/attach result.
  • 0

#10
ejhay06

ejhay06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
sir I'm sorry, but can you please post again the download link of tdsskiller, I cant seem to see the post unless I click the add reply, thats when i could only see your post, it just keeps on loading. really sorry :)
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
No problems.

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

  • 0

#12
ejhay06

ejhay06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Sir, there's another problem, I can't open zip files or rar files as well :) sorry for the toruble. I just want to reformat it but my recovery cd is not working as well, really sorry :unsure:
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We have other tools to work with. Give us chance before you re-format your system.

Please do OTL Quick Scan but tis time make sure All Users option is selected. Post/attach OTL.txt log after the scan.
  • 0

#14
ejhay06

ejhay06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL logfile created on: 9/4/2011 8:01:54 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\pab\Desktop
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 818.07 Mb Available Physical Memory | 79.94% Memory free
2.40 Gb Paging File | 2.09 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 17.56 Gb Free Space | 62.82% Space Free | Partition Type: NTFS
Drive E: | 24.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TOSHIBA-USER | User Name: pab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/02 00:04:42 | 000,642,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
PRC - [2011/07/18 21:20:28 | 002,286,592 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2011/07/18 21:20:28 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/02 14:12:25 | 000,176,128 | ---- | M] () -- C:\Program Files\Globe Broadband\Globe Broadband.exe
PRC - [2002/07/31 11:41:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe
PRC - [2002/07/03 17:17:00 | 000,102,400 | R--- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
PRC - [2002/04/15 18:35:38 | 000,311,296 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2002/04/03 17:19:22 | 000,237,568 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2002/03/19 20:38:26 | 000,286,720 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPWRTRAY.EXE
PRC - [2001/08/18 05:00:00 | 001,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/03 17:08:28 | 000,135,168 | ---- | M] (Toshiba Corp.) -- C:\WINDOWS\system32\TFNF5.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/02 14:12:25 | 000,176,128 | ---- | M] () -- C:\Program Files\Globe Broadband\Globe Broadband.exe
MOD - [2010/01/12 18:27:48 | 000,061,440 | ---- | M] () -- C:\Program Files\Globe Broadband\XCodec.dll
MOD - [2010/01/12 18:27:46 | 000,159,744 | ---- | M] () -- C:\Program Files\Globe Broadband\SMSPlugin.dll
MOD - [2010/01/12 18:27:46 | 000,151,552 | ---- | M] () -- C:\Program Files\Globe Broadband\DetectDev.dll
MOD - [2010/01/12 18:27:46 | 000,135,168 | ---- | M] () -- C:\Program Files\Globe Broadband\LocaleMgrPlugin.dll
MOD - [2010/01/12 18:27:46 | 000,090,112 | ---- | M] () -- C:\Program Files\Globe Broadband\FileManager.dll
MOD - [2010/01/12 18:27:46 | 000,086,016 | ---- | M] () -- C:\Program Files\Globe Broadband\DialUpPlugin.dll
MOD - [2010/01/12 18:27:46 | 000,061,440 | ---- | M] () -- C:\Program Files\Globe Broadband\DeviceOperate.dll
MOD - [2010/01/12 18:27:46 | 000,057,344 | ---- | M] () -- C:\Program Files\Globe Broadband\ConfigFilePlugin.dll
MOD - [2010/01/12 18:27:46 | 000,032,768 | ---- | M] () -- C:\Program Files\Globe Broadband\NotifyServicePlugin.dll
MOD - [2010/01/12 18:27:46 | 000,014,848 | ---- | M] () -- C:\Program Files\Globe Broadband\isaputrace.dll
MOD - [2010/01/12 18:27:44 | 000,552,960 | ---- | M] () -- C:\Program Files\Globe Broadband\atcomm.dll
MOD - [2010/01/12 18:27:44 | 000,073,728 | ---- | M] () -- C:\Program Files\Globe Broadband\CallPlugin.dll
MOD - [2009/12/10 11:40:20 | 000,991,232 | ---- | M] () -- C:\Program Files\Globe Broadband\NDISAPI.dll
MOD - [2009/12/10 10:53:38 | 000,172,032 | ---- | M] () -- C:\Program Files\Globe Broadband\DeviceMgrUIPlugin.dll
MOD - [2009/12/10 10:52:58 | 000,114,688 | ---- | M] () -- C:\Program Files\Globe Broadband\DeviceMgrPlugin.dll
MOD - [2009/09/19 11:08:04 | 000,118,784 | ---- | M] () -- C:\Program Files\Globe Broadband\NetInfoPlugin.dll
MOD - [2001/08/18 05:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PrtSmanm)
SRV - File not found [Auto | Stopped] -- -- (Netmanm)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/04 02:05:23 | 000,115,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
SRV - [2011/07/18 21:20:28 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2001/08/18 05:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (aic32p)
DRV - [2011/07/18 21:20:28 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011/07/06 19:52:42 | 000,021,048 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2002/08/01 13:43:01 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/06/21 11:47:56 | 001,133,440 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/05/17 04:56:02 | 000,063,501 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/04/04 18:12:48 | 000,023,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsdhd.sys -- (tsdhd)
DRV - [2002/02/26 17:00:00 | 000,585,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20020227.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2002/02/26 17:00:00 | 000,065,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20020227.005\NAVENG.SYS -- (NAVENG)
DRV - [2002/02/26 10:40:24 | 000,058,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002/01/29 14:43:52 | 000,488,960 | ---- | M] (YAMAHA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97)
DRV - [2002/01/24 14:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys -- (TBiosDrv)
DRV - [2002/01/07 18:16:40 | 000,015,111 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tossdpci.sys -- (pciSd)
DRV - [2001/12/19 16:46:44 | 000,155,136 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2001/12/12 14:55:02 | 000,157,984 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2001/12/12 14:54:36 | 000,014,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2001/12/08 15:00:00 | 000,183,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAVAP.SYS -- (NAVAP)
DRV - [2001/09/13 19:53:02 | 000,005,936 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS -- (TVALG)
DRV - [2001/09/11 11:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 14:23:58 | 000,005,264 | ---- | M] (Toshiba Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS -- (TVALD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
IE - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 18:33:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\pab\Application Data\IDM\idmmzcc3

[2011/07/02 14:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pab\Application Data\Mozilla\Extensions
[2011/08/05 19:23:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pab\Application Data\Mozilla\Firefox\Profiles\lvfzyrae.default\extensions
[2011/09/03 18:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PAB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LVFZYRAE.DEFAULT\EXTENSIONS\[email protected]
[2011/08/30 15:59:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/30 12:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/18 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (Toshiba Corp.)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/01 09:15:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/22 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/16 19:13:46 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/04 00:51:39 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/04 00:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/04 00:51:32 | 000,021,048 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/04 00:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/04 00:48:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/04 00:41:29 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\pab\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/03 17:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Google
[2011/09/03 17:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Opera
[2011/09/03 17:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Application Data\Opera
[2011/09/03 17:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/09/03 17:16:01 | 010,377,904 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\pab\Desktop\Opera_1151_int_Setup.exe
[2011/09/02 00:04:37 | 000,642,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
[2011/08/30 01:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/08/30 01:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/28 15:40:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/08/28 04:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Xara
[2011/08/25 03:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Desktop\mobile movies
[2011/08/21 14:36:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\pab\Recent
[2011/08/17 02:31:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/08/14 03:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Application Data\AdobeUM
[2011/08/14 03:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Adobe
[2011/08/13 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2011/08/13 16:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2011/08/13 16:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing
[2011/08/13 16:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/08/13 16:51:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2011/08/11 21:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Application Data\InterVideo
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/04 14:06:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/04 14:06:14 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/04 00:51:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/04 00:45:54 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\pab\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/03 18:34:02 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/03 17:16:47 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\pab\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/09/03 17:16:47 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/09/03 17:16:01 | 010,377,904 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\pab\Desktop\Opera_1151_int_Setup.exe
[2011/09/02 20:00:01 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2011/09/02 01:51:49 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\contract.rtf
[2011/09/02 00:04:42 | 000,642,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
[2011/09/02 00:04:00 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\123.rtf
[2011/08/31 02:57:15 | 000,003,692 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\Document2.rtf
[2011/08/30 12:51:30 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/30 01:47:31 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/29 15:36:40 | 000,679,607 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited2takip.JPG
[2011/08/29 14:08:30 | 001,158,462 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited2.jpg
[2011/08/29 13:57:17 | 001,153,599 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited.jpg
[2011/08/29 10:34:58 | 000,368,383 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\momsy.jpg
[2011/08/29 05:30:38 | 000,100,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/28 13:24:09 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\pab\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/28 04:36:59 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\Shortcut to Portable Xara3D6.exe.lnk
[2011/08/27 22:38:30 | 000,025,658 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\cc_20110827_223823.reg
[2011/08/27 17:42:22 | 001,076,314 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregation.jpg
[2011/08/20 00:55:46 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\pab\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/19 23:56:22 | 000,001,136 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/16 23:45:33 | 000,506,842 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\Untitled-1.psd
[2011/08/13 16:59:48 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/08/13 16:52:54 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2011/08/10 23:19:53 | 000,009,778 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\cc_20110810_231948.reg
[2011/08/10 19:23:58 | 000,077,412 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\makulay ang kendi.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/04 00:51:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/03 18:34:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/03 17:16:47 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\pab\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/09/03 17:16:47 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/09/03 17:16:46 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/09/02 01:51:49 | 000,000,455 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\contract.rtf
[2011/09/02 00:03:59 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\123.rtf
[2011/08/30 01:47:31 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/30 01:03:51 | 000,003,692 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\Document2.rtf
[2011/08/29 15:36:40 | 000,679,607 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited2takip.JPG
[2011/08/29 14:08:27 | 001,158,462 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited2.jpg
[2011/08/29 13:57:08 | 001,153,599 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited.jpg
[2011/08/29 10:35:25 | 001,076,314 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregation.jpg
[2011/08/29 10:34:57 | 000,368,383 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\momsy.jpg
[2011/08/28 13:24:09 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\pab\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/28 04:36:59 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\Shortcut to Portable Xara3D6.exe.lnk
[2011/08/27 22:38:26 | 000,025,658 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\cc_20110827_223823.reg
[2011/08/16 23:45:31 | 000,506,842 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\Untitled-1.psd
[2011/08/13 16:59:49 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS.lnk
[2011/08/13 16:59:49 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS.lnk
[2011/08/13 16:59:48 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/08/13 16:52:54 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2011/08/13 16:52:50 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 6.0.lnk
[2011/08/10 23:19:52 | 000,009,778 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\cc_20110810_231948.reg
[2011/08/10 19:23:58 | 000,077,412 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\makulay ang kendi.jpg
[2011/08/10 11:57:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/03 19:29:46 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\ga.exe
[2011/07/18 21:20:28 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/07/09 20:20:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/07/02 14:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2002/08/09 11:01:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/08/01 14:53:45 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2002/08/01 13:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/08/01 13:48:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2002/08/01 13:46:53 | 000,000,546 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/08/01 13:46:53 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/08/01 13:46:25 | 000,007,102 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2002/08/01 13:30:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2002/08/01 13:26:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2002/08/01 13:21:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2002/08/01 13:18:28 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2002/08/01 13:15:06 | 000,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2002/08/01 13:15:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2002/08/01 13:15:06 | 000,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2002/08/01 13:15:06 | 000,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2002/08/01 09:21:55 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2002/08/01 09:19:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/08/01 09:15:51 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/08/01 09:11:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/01 09:09:39 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/08/01 08:45:05 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/08/01 08:44:01 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/08/01 08:43:54 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2002/08/01 08:43:52 | 000,313,514 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/01 08:43:52 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/01 08:43:52 | 000,041,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/01 08:43:52 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/01 08:43:49 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/01 08:43:47 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/01 08:43:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/08/01 08:43:28 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/01 08:43:28 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/01 08:43:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/01 08:42:46 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002/08/01 02:03:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/08/01 02:02:24 | 000,100,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2002/08/01 15:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD
[2002/08/01 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2011/07/06 12:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\10-7r-18-1s-o3-6r
[2011/07/06 20:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-55-55-55-55-55
[2011/07/21 18:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2011/07/14 11:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2011/07/14 11:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\incredible express
[2011/07/12 01:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lifetime
[2011/07/25 23:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/07/06 09:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2011/08/28 23:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2011/07/16 23:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/15 18:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab
[2011/07/19 02:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2002/08/01 15:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Drag'n Drop CD
[2002/08/01 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2011/08/29 23:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\DMCache
[2002/08/01 15:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Drag'n Drop CD
[2011/07/06 09:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\GameHouse
[2011/07/09 20:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\GamesCafe
[2002/08/01 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\InterTrust
[2011/08/11 21:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\InterVideo
[2011/07/18 20:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Jane s Hotel
[2011/07/13 02:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Mysteryville2
[2011/09/03 17:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Opera
[2011/07/25 23:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\PlayFirst
[2011/07/03 16:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\RobotSoft
[2011/08/28 15:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Spyware Terminator
[2011/07/15 16:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Supermarket Mania 2
[2011/07/16 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\World-LooM
[2011/07/02 23:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Y!Supra
[2011/07/19 02:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Zbshareware Lab

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2193C133
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21B987C4
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9

< End of report >
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I still see signs of infection on your system. First some questions for you to narrow the problem:

  • Can you open TXT files now?
  • Can you just start Notepad?
  • Can you run EXE files now?

If you get any error messages by trying to open them write it down for me please.

Step 1

Download SREng
  • Extract it to Desktop and double click SREngLdr.EXE to run it
  • Select System Repair from the left pane.
  • Click on File Association
  • Select all entries that has an Error status click [Repair]
  • Refer to this image for an example:

    Posted Image
  • Close SREng now.

Step 2

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/08/03 19:29:46 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\ga.exe
    [2011/07/06 12:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\10-7r-18-1s-o3-6r
    [2011/07/06 20:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-55-55-55-55-55

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winsjgkq.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winbvirnk.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winvpnda.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\w7e06a.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winbtekp.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winefvlea.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winnthiox.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winkiop.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\wincavhuh.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winuxio.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winxfjjhc.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winrhvum.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winmgcl.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winokfck.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winpitmge.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winjdfohl.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\~e5d141.tmp"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\windtejo.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winkbqgsv.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winvves.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\wintxkia.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winqkmi.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winsnhw.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winuyjb.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winucgc.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winirlwk.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\wincioqc.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winyuajo.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winagslax.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winkxti.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\windtcm.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\windgjdp.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winayibpm.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winkybk.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\wingxxa.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\wintwipfd.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winucwbh.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winjsdo.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winhqttd.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winhmpqk.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winwdko.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winbyuej.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\wintmnym.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winvnkumg.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winoihj.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winnocjj.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winquyk.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winynvos.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winimpwml.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winhdjkkh.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winxpjt.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winpjged.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winljplv.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winhcwm.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\wingfmkfn.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winccwg.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winnwitl.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winibcthk.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winsjlmo.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winqrcfuj.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winpxlxya.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winpdralc.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winoyfy.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winfidie.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winpgnb.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winwvityg.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winfvctrv.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winakoiax.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winwcgq.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winhatd.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winnrubm.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winqexko.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winrexwid.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winscldof.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winoobm.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winckpmh.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winthpuoq.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\wingvuk.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winmvuq.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\wincbbwp.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winnpej.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winjosoef.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winpprpu.exe"=-
    "C:\DOCUME~1\pab\LOCALS~1\Temp\winadryh.exe"=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • AVPTool log
It would be helpful if you could post each log in separate post
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP