Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Stalling Internet and Downloads


  • This topic is locked This topic is locked

#16
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
No. We don't need a key.:)
  • 0

Advertisements


#17
AndrewC46

AndrewC46

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Finally got it, never knew how easy it was to borrow something from a person with a hangover. Could you please leave the instructions and I'll try to do it as soon as possible, since I'll be at work and that leaves me with little time to browse the web.
  • 0

#18
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please carefully follow the steps below:

Step 1

  • Insert your Windows XP installation disk into your CD drive or DVD drive.
  • Click Start, click Run, type Cmd, and then click OK.
  • Type cd\ and then press ENTER.
  • Type md messi and then press ENTER.
  • At the command prompt, type: expand X:\i386\msgsvc.dl_ C:\messi\msgsvc.dll and then press ENTER.
  • At the command prompt, type: expand X:\i386\qmgr.dl_ C:\messi\qmgr.dll and then press ENTER.
  • At the command prompt, type: expand X:\i386\xmlprov.dl_ C:\messi\xmlprov.dll and then press ENTER.
  • At the command prompt, type: expand X:\i386\wscntfy.ex_ C:\messi\wscntfy.exe and then press ENTER.
Note: Replace X with your CD/DVD drive letter!

Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
c:\messi\msgsvc.dll | c:\windows\system32\msgsvc.dll
c:\messi\qmgr.dll | c:\windows\system32\qmgr.dll
c:\messi\xmlprov.dll | c:\windows\system32\xmlprov.dll
c:\messi\wscntfy.exe | c:\windows\system32\wscntfy.exe

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#19
AndrewC46

AndrewC46

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I think I did it correctly. qmgr.dll was fixed, but the other didn't seem too. :)

ComboFix 11-09-16.01 - Andrew 01/01/2002 20:34:40.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.511.255 [GMT -5:00]
Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andrew\Desktop\CFScript.txt.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\qmgr.dll
.
.
--------------- FCopy ---------------
.
c:\messi\msgsvc.dll --> c:\windows\system32\msgsvc.dll
c:\messi\qmgr.dll --> c:\windows\system32\qmgr.dll
c:\messi\xmlprov.dll --> c:\windows\system32\xmlprov.dll
c:\messi\wscntfy.exe --> c:\windows\system32\wscntfy.exe
.
((((((((((((((((((((((((( Files Created from 2001-12-02 to 2002-01-02 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-07-30 12:00 . 2003-12-03 18:31 106562 ----a-w- c:\windows\srchasst\srchctls.dll
2003-07-30 12:00 . 2003-12-03 18:31 3346432 ----a-w- c:\windows\srchasst\msgr3en.dll
2003-07-30 12:00 . 2003-12-03 18:31 138752 ----a-w- c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
2003-07-30 12:00 . 2003-12-03 18:31 99840 ----a-w- c:\windows\pchealth\helpctr\Binaries\HelpHost.exe
2003-07-30 12:00 . 2003-12-03 18:31 6656 ----a-w- c:\windows\pchealth\helpctr\Binaries\HCAppRes.dll
2003-07-30 12:00 . 2003-12-03 18:31 35328 ----a-w- c:\windows\pchealth\helpctr\Binaries\notiflag.exe
2003-07-30 12:00 . 2003-12-03 18:31 348160 ----a-w- c:\windows\pchealth\helpctr\Binaries\msinfo.dll
2003-07-30 12:00 . 2003-12-03 18:31 21504 ----a-w- c:\windows\pchealth\helpctr\Binaries\brpinfo.dll
2003-07-30 12:00 . 2003-12-03 18:30 798782 ----a-w- c:\windows\srchasst\srchui.dll
2003-07-30 12:00 . 2003-12-03 18:30 29696 ----a-w- c:\windows\pchealth\helpctr\Binaries\pchsvc.dll
2003-07-30 12:00 . 2003-12-03 18:30 8704 ----a-w- c:\windows\pchealth\helpctr\Binaries\HscUpd.exe
2003-07-30 12:00 . 2003-12-03 18:30 742400 ----a-w- c:\windows\pchealth\helpctr\Binaries\HelpCtr.exe
2003-07-30 12:00 . 2003-12-03 18:30 703488 ----a-w- c:\windows\pchealth\helpctr\Binaries\HelpSvc.exe
2003-07-30 12:00 . 2003-12-03 18:30 145408 ----a-w- c:\windows\pchealth\helpctr\Binaries\msconfig.exe
2003-07-30 12:00 . 2003-12-03 17:23 3374640 ----a-w- c:\windows\help\Tours\mmTour\tour.exe
2003-07-30 12:00 . 2003-12-03 17:23 262656 ----a-w- c:\windows\help\tshoot.dll
2003-07-30 12:00 . 2003-12-03 17:23 30720 ----a-w- c:\windows\help\sstub.dll
2003-07-30 12:00 . 2003-12-03 17:23 32256 ----a-w- c:\windows\help\sniffpol.dll
2003-07-30 12:00 . 2003-12-03 17:23 406528 ----a-w- c:\windows\apppatch\AcLayers.dll
2003-07-30 12:00 . 2003-12-03 17:23 255488 ----a-w- c:\windows\apppatch\AcVerfyr.dll
2003-07-30 12:00 . 2003-12-03 17:23 219136 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2003-07-30 12:00 . 2003-12-03 17:23 152576 ----a-w- c:\windows\help\bnts.dll
2003-07-30 12:00 . 2003-12-03 17:23 125440 ----a-w- c:\windows\apppatch\AcLua.dll
2003-07-30 12:00 . 2003-12-03 17:23 107520 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2003-07-30 12:00 . 2001-08-17 22:37 77891 ----a-w- c:\windows\system32\usrmlnka.exe
2003-07-30 12:00 . 2001-08-17 22:37 69700 ----a-w- c:\windows\system32\usrshuta.exe
2003-07-30 12:00 . 2001-08-17 22:37 61508 ----a-w- c:\windows\system32\usrprbda.exe
2003-07-30 12:00 . 2001-08-17 22:36 55296 ----a-w- c:\windows\system32\dvdplay.exe
2003-07-30 12:00 . 2001-08-17 22:36 3200 ----a-w- c:\windows\system32\wowfax.dll
2003-07-30 12:00 . 2001-08-17 22:36 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2003-07-30 12:00 . 2001-08-17 22:36 86073 ----a-w- c:\windows\system32\usrfaxa.dll
2003-07-30 12:00 . 2001-08-17 22:36 77890 ----a-w- c:\windows\system32\usrdpa.dll
2003-07-30 12:00 . 2001-08-17 22:36 77883 ----a-w- c:\windows\system32\usrrtosa.dll
2003-07-30 12:00 . 2001-08-17 22:36 69699 ----a-w- c:\windows\system32\usrcoina.dll
2003-07-30 12:00 . 2001-08-17 22:36 61500 ----a-w- c:\windows\system32\usrcntra.dll
2003-07-30 12:00 . 2001-08-17 22:36 53305 ----a-w- c:\windows\system32\usrlbva.dll
2003-07-30 12:00 . 2001-08-17 22:36 49211 ----a-w- c:\windows\system32\usrvpa.dll
2003-07-30 12:00 . 2001-08-17 22:36 49211 ----a-w- c:\windows\system32\usrsdpia.dll
2003-07-30 12:00 . 2001-08-17 22:36 49209 ----a-w- c:\windows\system32\usrv80a.dll
2003-07-30 12:00 . 2001-08-17 22:36 45116 ----a-w- c:\windows\system32\usrvoica.dll
2003-07-30 12:00 . 2001-08-17 22:36 41019 ----a-w- c:\windows\system32\usrsvpia.dll
2003-07-30 12:00 . 2001-08-17 22:36 323641 ----a-w- c:\windows\system32\usrdtea.dll
2003-07-30 12:00 . 2001-08-17 22:36 102457 ----a-w- c:\windows\system32\usrv42a.dll
2003-07-30 12:00 . 2001-08-17 22:36 8192 ----a-w- c:\windows\system32\streamci.dll
2003-07-30 12:00 . 2001-08-17 22:36 72192 ----a-w- c:\windows\system32\sprio800.dll
2003-07-30 12:00 . 2001-08-17 22:36 70656 ----a-w- c:\windows\system32\sprio600.dll
2003-07-30 12:00 . 2001-08-17 22:36 69632 ----a-w- c:\windows\system32\spnike.dll
2003-07-30 12:00 . 2001-08-17 22:36 157696 ----a-w- c:\windows\system32\paqsp.dll
2003-07-30 12:00 . 2001-08-17 22:36 12800 ----a-w- c:\windows\system32\pjlmon.dll
2003-07-30 12:00 . 2001-08-17 22:36 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2003-07-30 12:00 . 2001-08-17 22:36 22528 ----a-w- c:\windows\system32\hid.dll
2003-07-30 12:00 . 2001-08-17 22:36 50688 ----a-w- c:\windows\system32\dmutil.dll
2003-07-30 12:00 . 2001-08-17 22:36 45568 ----a-w- c:\windows\system32\cnbjmon.dll
2003-07-30 12:00 . 2001-08-17 14:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2003-07-30 12:00 . 2001-08-17 14:03 23936 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2003-07-30 12:00 . 2001-08-17 14:03 23808 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2003-07-30 12:00 . 2001-08-17 14:03 4736 ----a-w- c:\windows\system32\drivers\usbd.sys
2003-07-30 12:00 . 2001-08-17 14:02 262528 ----a-w- c:\windows\system32\drivers\cinemst2.sys
2003-07-30 12:00 . 2001-08-17 14:02 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys
2003-07-30 12:00 . 2001-08-17 14:02 23680 ----a-w- c:\windows\system32\drivers\hidparse.sys
2003-07-30 12:00 . 2001-08-17 14:01 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys
2003-07-30 12:00 . 2001-08-17 13:58 62208 ----a-w- c:\windows\system32\drivers\mf.sys
2003-07-30 12:00 . 2001-08-17 13:57 3456 ----a-w- c:\windows\system32\drivers\oprghdlr.sys
2003-07-30 12:00 . 2001-08-17 13:57 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
2003-07-30 12:00 . 2001-08-17 13:57 28800 ----a-w- c:\windows\system32\drivers\modem.sys
2003-07-30 12:00 . 2001-08-17 13:57 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2003-07-30 12:00 . 2001-08-17 13:52 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2003-07-30 12:00 . 2001-08-17 13:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2003-07-30 12:00 . 2001-08-17 13:52 13952 ----a-w- c:\windows\system32\drivers\cbidf2k.sys
2003-07-30 12:00 . 2001-08-17 13:51 26240 ----a-w- c:\windows\system32\drivers\fdc.sys
2003-07-30 12:00 . 2001-08-17 13:50 14976 ----a-w- c:\windows\system32\drivers\serenum.sys
2003-07-30 12:00 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2003-07-30 12:00 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2003-07-30 12:00 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2003-07-30 12:00 . 2001-08-17 13:24 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
2003-03-26 04:40 . 2003-03-26 05:06 902726 ----a-w- c:\windows\system32\QTJava.zip
2003-02-19 22:15 . 2003-02-19 22:15 1821696 ----a-w- c:\windows\apppatch\acgenral.dll
2002-11-27 18:50 . 2003-12-04 18:22 94208 ----a-w- c:\windows\pchealth\helpctr\Binaries\pchshell.dll
2011-09-03 06:01 . 2002-01-01 06:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
.
[-] 2002-11-27 03:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
.
[-] 2003-05-30 17:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . c:\windows\system32\d3d9.dll
.
((((((((((((((((((((((((((((( SnapShot@2002-01-01_06.47.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-12-03 17:23 . 2002-01-02 01:16 45408 c:\windows\system32\perfc009.dat
- 2003-12-03 17:23 . 2002-01-01 06:49 45408 c:\windows\system32\perfc009.dat
+ 2003-12-04 18:25 . 2003-07-30 12:00 34304 c:\windows\system32\dllcache\msgsvc.dll
+ 2003-12-03 17:23 . 2002-01-02 01:16 363734 c:\windows\system32\perfh009.dat
- 2003-12-03 17:23 . 2002-01-01 06:49 363734 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2003-11-12 48128]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-16 335872]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-19 4841472]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2003-08-25 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-12-04 77824]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2003-11-03 1052672]
"ZZZ"="c:\windows\Sonysys\Eflyer\EFlyer_Popup.exe" [2003-05-16 24576]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-24 1409024]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-10-2 57344]
.
R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [12/3/2003 12:23 PM 4736]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/4/2011 7:40 AM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/4/2011 7:40 AM 21048]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-04 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-12-03 12:00]
.
2011-09-15 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-12-03 12:00]
.
2011-09-04 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-12-03 12:00]
  • 0

#20
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
It looks OK to me. Run Combofix again and post new combofix.txt log.
  • 0

#21
AndrewC46

AndrewC46

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
The qmgr.dll file seems to be a nuisance, it appeared the first time and was disinfected and it appeared again.

ComboFix 11-09-16.01 - Andrew 01/01/2002 23:41:22.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.511.131 [GMT -5:00]
Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\qmgr.dll
.
.
((((((((((((((((((((((((( Files Created from 2001-12-02 to 2002-01-02 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2003-07-30 12:00 . 2003-12-03 18:31 106562 ----a-w- c:\windows\srchasst\srchctls.dll
2003-07-30 12:00 . 2003-12-03 18:31 3346432 ----a-w- c:\windows\srchasst\msgr3en.dll
2003-07-30 12:00 . 2003-12-03 18:31 138752 ----a-w- c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
2003-07-30 12:00 . 2003-12-03 18:31 99840 ----a-w- c:\windows\pchealth\helpctr\Binaries\HelpHost.exe
2003-07-30 12:00 . 2003-12-03 18:31 6656 ----a-w- c:\windows\pchealth\helpctr\Binaries\HCAppRes.dll
2003-07-30 12:00 . 2003-12-03 18:31 35328 ----a-w- c:\windows\pchealth\helpctr\Binaries\notiflag.exe
2003-07-30 12:00 . 2003-12-03 18:31 348160 ----a-w- c:\windows\pchealth\helpctr\Binaries\msinfo.dll
2003-07-30 12:00 . 2003-12-03 18:31 21504 ----a-w- c:\windows\pchealth\helpctr\Binaries\brpinfo.dll
2003-07-30 12:00 . 2003-12-03 18:30 798782 ----a-w- c:\windows\srchasst\srchui.dll
2003-07-30 12:00 . 2003-12-03 18:30 29696 ----a-w- c:\windows\pchealth\helpctr\Binaries\pchsvc.dll
2003-07-30 12:00 . 2003-12-03 18:30 8704 ----a-w- c:\windows\pchealth\helpctr\Binaries\HscUpd.exe
2003-07-30 12:00 . 2003-12-03 18:30 742400 ----a-w- c:\windows\pchealth\helpctr\Binaries\HelpCtr.exe
2003-07-30 12:00 . 2003-12-03 18:30 703488 ----a-w- c:\windows\pchealth\helpctr\Binaries\HelpSvc.exe
2003-07-30 12:00 . 2003-12-03 18:30 145408 ----a-w- c:\windows\pchealth\helpctr\Binaries\msconfig.exe
2003-07-30 12:00 . 2003-12-03 17:23 3374640 ----a-w- c:\windows\help\Tours\mmTour\tour.exe
2003-07-30 12:00 . 2003-12-03 17:23 262656 ----a-w- c:\windows\help\tshoot.dll
2003-07-30 12:00 . 2003-12-03 17:23 30720 ----a-w- c:\windows\help\sstub.dll
2003-07-30 12:00 . 2003-12-03 17:23 32256 ----a-w- c:\windows\help\sniffpol.dll
2003-07-30 12:00 . 2003-12-03 17:23 406528 ----a-w- c:\windows\apppatch\AcLayers.dll
2003-07-30 12:00 . 2003-12-03 17:23 255488 ----a-w- c:\windows\apppatch\AcVerfyr.dll
2003-07-30 12:00 . 2003-12-03 17:23 219136 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2003-07-30 12:00 . 2003-12-03 17:23 152576 ----a-w- c:\windows\help\bnts.dll
2003-07-30 12:00 . 2003-12-03 17:23 125440 ----a-w- c:\windows\apppatch\AcLua.dll
2003-07-30 12:00 . 2003-12-03 17:23 107520 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2003-07-30 12:00 . 2001-08-17 22:37 77891 ----a-w- c:\windows\system32\usrmlnka.exe
2003-07-30 12:00 . 2001-08-17 22:37 69700 ----a-w- c:\windows\system32\usrshuta.exe
2003-07-30 12:00 . 2001-08-17 22:37 61508 ----a-w- c:\windows\system32\usrprbda.exe
2003-07-30 12:00 . 2001-08-17 22:36 55296 ----a-w- c:\windows\system32\dvdplay.exe
2003-07-30 12:00 . 2001-08-17 22:36 3200 ----a-w- c:\windows\system32\wowfax.dll
2003-07-30 12:00 . 2001-08-17 22:36 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2003-07-30 12:00 . 2001-08-17 22:36 86073 ----a-w- c:\windows\system32\usrfaxa.dll
2003-07-30 12:00 . 2001-08-17 22:36 77890 ----a-w- c:\windows\system32\usrdpa.dll
2003-07-30 12:00 . 2001-08-17 22:36 77883 ----a-w- c:\windows\system32\usrrtosa.dll
2003-07-30 12:00 . 2001-08-17 22:36 69699 ----a-w- c:\windows\system32\usrcoina.dll
2003-07-30 12:00 . 2001-08-17 22:36 61500 ----a-w- c:\windows\system32\usrcntra.dll
2003-07-30 12:00 . 2001-08-17 22:36 53305 ----a-w- c:\windows\system32\usrlbva.dll
2003-07-30 12:00 . 2001-08-17 22:36 49211 ----a-w- c:\windows\system32\usrvpa.dll
2003-07-30 12:00 . 2001-08-17 22:36 49211 ----a-w- c:\windows\system32\usrsdpia.dll
2003-07-30 12:00 . 2001-08-17 22:36 49209 ----a-w- c:\windows\system32\usrv80a.dll
2003-07-30 12:00 . 2001-08-17 22:36 45116 ----a-w- c:\windows\system32\usrvoica.dll
2003-07-30 12:00 . 2001-08-17 22:36 41019 ----a-w- c:\windows\system32\usrsvpia.dll
2003-07-30 12:00 . 2001-08-17 22:36 323641 ----a-w- c:\windows\system32\usrdtea.dll
2003-07-30 12:00 . 2001-08-17 22:36 102457 ----a-w- c:\windows\system32\usrv42a.dll
2003-07-30 12:00 . 2001-08-17 22:36 8192 ----a-w- c:\windows\system32\streamci.dll
2003-07-30 12:00 . 2001-08-17 22:36 72192 ----a-w- c:\windows\system32\sprio800.dll
2003-07-30 12:00 . 2001-08-17 22:36 70656 ----a-w- c:\windows\system32\sprio600.dll
2003-07-30 12:00 . 2001-08-17 22:36 69632 ----a-w- c:\windows\system32\spnike.dll
2003-07-30 12:00 . 2001-08-17 22:36 157696 ----a-w- c:\windows\system32\paqsp.dll
2003-07-30 12:00 . 2001-08-17 22:36 12800 ----a-w- c:\windows\system32\pjlmon.dll
2003-07-30 12:00 . 2001-08-17 22:36 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2003-07-30 12:00 . 2001-08-17 22:36 22528 ----a-w- c:\windows\system32\hid.dll
2003-07-30 12:00 . 2001-08-17 22:36 50688 ----a-w- c:\windows\system32\dmutil.dll
2003-07-30 12:00 . 2001-08-17 22:36 45568 ----a-w- c:\windows\system32\cnbjmon.dll
2003-07-30 12:00 . 2001-08-17 14:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2003-07-30 12:00 . 2001-08-17 14:03 23936 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2003-07-30 12:00 . 2001-08-17 14:03 23808 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2003-07-30 12:00 . 2001-08-17 14:03 4736 ----a-w- c:\windows\system32\drivers\usbd.sys
2003-07-30 12:00 . 2001-08-17 14:02 262528 ----a-w- c:\windows\system32\drivers\cinemst2.sys
2003-07-30 12:00 . 2001-08-17 14:02 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys
2003-07-30 12:00 . 2001-08-17 14:02 23680 ----a-w- c:\windows\system32\drivers\hidparse.sys
2003-07-30 12:00 . 2001-08-17 14:01 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys
2003-07-30 12:00 . 2001-08-17 13:58 62208 ----a-w- c:\windows\system32\drivers\mf.sys
2003-07-30 12:00 . 2001-08-17 13:57 3456 ----a-w- c:\windows\system32\drivers\oprghdlr.sys
2003-07-30 12:00 . 2001-08-17 13:57 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
2003-07-30 12:00 . 2001-08-17 13:57 28800 ----a-w- c:\windows\system32\drivers\modem.sys
2003-07-30 12:00 . 2001-08-17 13:57 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2003-07-30 12:00 . 2001-08-17 13:52 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2003-07-30 12:00 . 2001-08-17 13:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2003-07-30 12:00 . 2001-08-17 13:52 13952 ----a-w- c:\windows\system32\drivers\cbidf2k.sys
2003-07-30 12:00 . 2001-08-17 13:51 26240 ----a-w- c:\windows\system32\drivers\fdc.sys
2003-07-30 12:00 . 2001-08-17 13:50 14976 ----a-w- c:\windows\system32\drivers\serenum.sys
2003-07-30 12:00 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2003-07-30 12:00 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2003-07-30 12:00 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2003-07-30 12:00 . 2001-08-17 13:24 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
2003-03-26 04:40 . 2003-03-26 05:06 902726 ----a-w- c:\windows\system32\QTJava.zip
2003-02-19 22:15 . 2003-02-19 22:15 1821696 ----a-w- c:\windows\apppatch\acgenral.dll
2002-11-27 18:50 . 2003-12-04 18:22 94208 ----a-w- c:\windows\pchealth\helpctr\Binaries\pchshell.dll
2011-09-03 06:01 . 2002-01-01 06:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
.
[-] 2002-11-27 03:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
.
[-] 2003-05-30 17:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . c:\windows\system32\d3d9.dll
.
((((((((((((((((((((((((((((( SnapShot@2002-01-01_06.47.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-12-03 17:23 . 2002-01-02 01:16 45408 c:\windows\system32\perfc009.dat
- 2003-12-03 17:23 . 2002-01-01 06:49 45408 c:\windows\system32\perfc009.dat
+ 2003-12-04 18:25 . 2003-07-30 12:00 34304 c:\windows\system32\msgsvc.dll
+ 2003-12-04 18:25 . 2003-07-30 12:00 34304 c:\windows\system32\dllcache\msgsvc.dll
+ 2003-12-03 17:23 . 2002-01-02 01:16 363734 c:\windows\system32\perfh009.dat
- 2003-12-03 17:23 . 2002-01-01 06:49 363734 c:\windows\system32\perfh009.dat
+ 2003-12-04 19:07 . 2002-01-02 04:37 2248192 c:\windows\Installer\9773a.msi
- 2003-12-04 19:07 . 2011-09-05 01:13 2248192 c:\windows\Installer\9773a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2003-11-12 48128]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-16 335872]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-19 4841472]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2003-08-25 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-12-04 77824]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2003-11-03 1052672]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-24 1409024]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-10-2 57344]
.
R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [12/3/2003 12:23 PM 4736]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/4/2011 7:40 AM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/4/2011 7:40 AM 21048]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-04 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-12-03 12:00]
.
2011-09-15 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-12-03 12:00]
.
2011-09-04 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-12-03 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\l1i03qzv.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2002-01-01 23:47
Windows 5.1.2600 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\System32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(752)
c:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(2160)
c:\windows\System32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehSched.exe
c:\windows\AGRSMMSG.exe
c:\windows\System32\nvsvc32.exe
c:\windows\ehome\ehRec.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
.
**************************************************************************
.
Completion time: 2002-01-01 23:50:01 - machine was rebooted
ComboFix-quarantined-files.txt 2002-01-02 04:49
ComboFix2.txt 2002-01-02 01:42
ComboFix3.txt 2002-01-01 06:50
.
Pre-Run: 11,014,885,376 bytes free
Post-Run: 11,011,407,872 bytes free
.
- - End Of File - - AF278FED953B40C379D978E910EE40CF
  • 0

#22
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    qmgr.dll 
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#23
AndrewC46

AndrewC46

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL logfile created on: 9/18/2011 11:49:29 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Media Center Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 248.82 Mb Available Physical Memory | 48.66% Memory free
1.22 Gb Paging File | 1.01 Gb Available in Paging File | 82.34% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.01 Gb Total Space | 10.28 Gb Free Space | 68.47% Space Free | Partition Type: NTFS
Drive D: | 165.30 Gb Total Space | 165.25 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

Computer Name: VALUED-A4DE119D | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/18 11:48:11 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
PRC - [2011/07/06 19:52:38 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2003/09/12 22:27:46 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2003/08/25 13:49:20 | 000,053,248 | ---- | M] (Sony Electronics, Inc) -- C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe
PRC - [2003/08/22 13:22:28 | 000,045,056 | ---- | M] (Chicony) -- C:\Program Files\Sony\sHotKey\SHOTKEY.exe
PRC - [2003/08/14 20:12:05 | 001,005,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/13 16:23:00 | 000,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
PRC - [2003/08/13 16:07:22 | 000,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
PRC - [2003/06/23 20:32:54 | 001,409,024 | ---- | M] (Support.com, Inc.) -- C:\Program Files\support.com\client\bin\tgcmd.exe
PRC - [2002/08/20 14:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe


========== Modules (No Company Name) ==========

MOD - [2003/05/30 17:47:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SVps.dll
MOD - [2002/04/12 18:02:18 | 000,516,096 | ---- | M] () -- C:\Program Files\support.com\client\bin\sdcmon.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wscsvc)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2003/10/21 01:00:56 | 001,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/10/21 01:00:40 | 000,712,704 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2003/10/21 01:00:40 | 000,712,704 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/10/21 01:00:40 | 000,712,704 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2003/10/21 01:00:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2003/10/21 01:00:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/10/21 01:00:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2003/10/21 01:00:14 | 000,925,696 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/10/21 01:00:08 | 000,503,897 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
SRV - [2003/09/12 22:27:46 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2003/08/13 16:23:00 | 000,106,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager)
SRV - [2003/08/13 16:10:04 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/13 16:07:22 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager)
SRV - [2003/07/28 21:31:14 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,021,048 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2003/12/02 14:55:40 | 000,772,224 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2003/11/19 20:48:36 | 000,681,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2003/11/16 01:40:34 | 000,621,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/07/30 07:53:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2003/07/24 14:48:28 | 000,004,736 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SonyLSM.sys -- (SonyLSM)
DRV - [2003/05/23 13:44:00 | 001,171,648 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/08/29 05:32:44 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001/08/17 08:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2000/12/05 20:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2308835815-3565866120-1113001020-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-21-2308835815-3565866120-1113001020-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2002/01/01 02:01:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2003/12/04 15:01:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/09/04 03:38:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2003/12/04 15:01:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/09/04 03:38:14 | 000,000,000 | ---D | M]

[2002/01/01 02:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions
[2002/01/01 02:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/03 02:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/02 19:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2002/01/02 00:47:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O4 - HKLM..\Run: [CreateCD_Reminder] C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe (Sony Electronics, Inc)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [sHotKey] C:\Program Files\SONY\sHotKey\sHotKey.exe (Chicony)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIOSurvey] c:\Program Files\Sony\VAIO Survey\SurveySA.exe (Sony Electronics)
O4 - HKLM..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe (Support.com, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2308835815-3565866120-1113001020-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2308835815-3565866120-1113001020-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2308835815-3565866120-1113001020-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2308835815-3565866120-1113001020-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27CB6A0-42D7-4A78-8B61-22D527B477BB}: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF87B2C8-200D-4C61-8398-1737D6B0853F}: DhcpNameServer = 43.134.195.10
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO BrightColor Wallpaper TrueColor 1024x768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO BrightColor Wallpaper TrueColor 1024x768.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/03 14:32:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/09/04 08:28:23 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/09/04 08:28:23 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/18 11:48:02 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2011/09/05 18:37:16 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Andrew\Desktop\aswMBR.exe
[2011/09/05 12:28:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\LogFiles
[2011/09/04 11:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Macromedia
[2011/09/04 11:59:19 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/04 08:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Malwarebytes
[2011/09/04 08:40:31 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/04 08:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/04 08:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/04 08:40:28 | 000,021,048 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/04 08:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/04 08:38:04 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Andrew\Desktop\tdsskiller.exe
[2011/09/04 08:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\ActiveXplorer
[2011/09/04 08:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\ActiveXplorer
[2011/09/04 08:30:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/09/04 08:28:23 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/09/04 08:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\axp40_204r
[2011/09/04 08:26:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/09/04 03:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Opera
[2011/09/04 03:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Opera
[2011/09/04 03:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/09/04 03:39:50 | 010,307,952 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\Andrew\Desktop\Opera_1151_int_Setup.exe
[2011/09/04 03:38:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Andrew\Application Data\Microsoft
[2011/09/04 03:38:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Andrew\Cookies
[2011/09/04 03:38:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew\SendTo
[2011/09/04 03:38:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew\Recent
[2011/09/04 03:38:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew\Application Data
[2011/09/04 03:38:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Startup
[2011/09/04 03:38:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew\Start Menu
[2011/09/04 03:38:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew\My Documents\My Pictures
[2011/09/04 03:38:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew\My Documents\My Music
[2011/09/04 03:38:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew\My Documents
[2011/09/04 03:38:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew\Favorites
[2011/09/04 03:38:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Accessories
[2011/09/04 03:38:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Andrew\Templates
[2011/09/04 03:38:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Andrew\PrintHood
[2011/09/04 03:38:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Andrew\NetHood
[2011/09/04 03:38:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Andrew\Local Settings
[2011/09/04 03:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Sun
[2011/09/04 03:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Real
[2011/09/04 03:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\My Documents\My eBooks
[2011/09/04 03:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Mozilla
[2011/09/04 03:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\MoodLogic
[2011/09/04 03:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft
[2011/09/04 03:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Identities
[2011/09/04 03:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop
[2011/09/04 03:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\AdobeUM
[2011/09/04 03:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Adobe
[2011/09/04 03:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Adobe
[2011/09/04 03:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142010}
[2003/12/03 13:23:31 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/18 11:48:11 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2011/09/18 11:46:43 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/09/18 11:46:43 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/09/18 11:45:24 | 000,363,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/18 11:45:24 | 000,045,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/18 11:43:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/18 11:43:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/18 11:43:54 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/14 20:20:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Registration reminder 2.job
[2011/09/06 15:02:06 | 105,680,384 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\setup_11.0.0.1245.x01_2011_09_06_21_00.exe
[2011/09/06 07:30:07 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\MBR.dat
[2011/09/05 18:22:28 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Andrew\Desktop\aswMBR.exe
[2011/09/04 11:59:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/04 08:40:31 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/04 08:38:47 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Andrew\Desktop\tdsskiller.exe
[2011/09/04 08:31:18 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\ActiveXplorer 4.x.lnk
[2011/09/04 03:43:24 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/09/04 03:43:24 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/09/04 03:38:20 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/04 03:38:19 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/09/04 03:38:15 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Windows Media Player.lnk
[2011/09/04 03:37:11 | 000,001,257 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/09/04 03:37:09 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\Sony_PCV-RZ54G(UC)_.mrk
[2011/09/04 03:37:08 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Registration reminder 3.job
[2011/09/04 03:37:08 | 000,000,192 | RHS- | M] () -- C:\boot.ini
[2011/09/04 03:37:07 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Registration reminder 1.job
[2011/09/03 09:29:14 | 010,307,952 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\Andrew\Desktop\Opera_1151_int_Setup.exe
[2011/09/02 19:00:20 | 000,284,896 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\SoftonicDownloader_for_ninja-pendisk.exe
[2011/09/02 18:58:12 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Flash_Disinfector.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/06 16:24:29 | 105,680,384 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\setup_11.0.0.1245.x01_2011_09_06_21_00.exe
[2011/09/05 18:37:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\MBR.dat
[2011/09/04 21:20:54 | 536,268,800 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/04 08:40:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/04 08:36:53 | 000,362,795 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\rkill.com
[2011/09/04 08:31:18 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\ActiveXplorer 4.x.lnk
[2011/09/04 08:28:04 | 000,284,896 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\SoftonicDownloader_for_ninja-pendisk.exe
[2011/09/04 03:43:24 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/09/04 03:43:24 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/09/04 03:43:24 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/09/04 03:39:48 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Flash_Disinfector.exe
[2011/09/04 03:38:15 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Windows Media Player.lnk
[2011/09/04 03:38:03 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/04 03:38:03 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Mail & Newsgroups.lnk
[2011/09/04 03:38:03 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape 7.0.lnk
[2011/09/04 03:38:03 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/09/04 03:38:03 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/04 03:38:03 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/09/04 03:38:03 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\fusioncache.dat
[2011/09/04 03:38:03 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/09/04 03:38:02 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Remote Assistance.lnk
[2011/09/04 03:38:02 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Windows Media Player.lnk
[2011/09/04 03:38:02 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Internet Explorer.lnk
[2011/09/04 03:38:02 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Outlook Express.lnk
[2011/09/04 03:37:09 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\Sony_PCV-RZ54G(UC)_.mrk
[2011/09/04 03:37:07 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Registration reminder 3.job
[2011/09/04 03:37:07 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Registration reminder 2.job
[2011/09/04 03:37:07 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Registration reminder 1.job
[2003/12/04 15:07:32 | 000,000,911 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/12/04 15:04:35 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/12/04 15:03:13 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/12/04 15:02:21 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/12/04 15:02:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2003/12/04 15:01:02 | 000,090,832 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2003/12/04 15:00:59 | 000,009,192 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/12/04 14:16:12 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
[2003/12/04 14:12:38 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
[2003/12/04 14:11:18 | 000,028,771 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2003/12/04 14:11:18 | 000,024,673 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2003/12/03 16:09:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/03 14:51:43 | 000,042,897 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2003/12/03 14:51:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/12/03 14:33:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/12/03 14:30:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/12/03 13:23:51 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/12/03 13:23:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/12/03 13:23:32 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/12/03 13:23:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/12/03 13:23:27 | 000,000,738 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/12/03 13:23:17 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/12/03 13:23:17 | 000,004,573 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/12/03 13:23:16 | 000,363,734 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/12/03 13:23:16 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/12/03 13:23:16 | 000,045,408 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/12/03 13:23:16 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/12/03 13:23:16 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/12/03 13:23:15 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/12/03 13:23:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/03 13:23:13 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/12/03 13:23:13 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/12/03 13:23:11 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/12/03 13:23:09 | 000,001,740 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/12/03 06:27:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/03 06:26:41 | 000,103,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/11/12 07:54:00 | 000,352,768 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/23 12:53:30 | 000,373,967 | ---- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
[2002/08/06 15:55:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
[2002/06/12 16:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 21:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/04/02 21:08:32 | 000,036,868 | ---- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe
[2002/01/01 02:40:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2002/01/01 02:40:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2002/01/01 02:40:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2002/01/01 02:40:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2002/01/01 02:40:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

========== LOP Check ==========

[2011/09/04 03:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Opera
[2011/09/04 03:37:07 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2011/09/14 20:20:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2011/09/04 03:37:08 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: QMGR.DLL >
[2008/04/14 06:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\messi\qmgr.dll
[2003/07/30 08:00:00 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F552223769C8A7 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2003/07/30 08:00:00 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F552223769C8A7 -- C:\WINDOWS\system32\qmgr.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2003/07/30 08:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2003/07/30 08:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2003/07/30 08:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2003/07/30 08:00:00 | 000,091,136 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/07/30 08:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape\uninstall\NSUninst.exe" /ms /ua "7.02 (en)" /hs browser [2003/12/04 15:01:02 | 000,090,832 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape\Netscp.exe" -silent -nosplash -setDefaultBrowser [2003/02/08 13:50:00 | 000,481,264 | ---- | M] (Mozilla, Netscape)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape\uninstall\NSUninst.exe" /ms /ua "7.02 (en)" /ss browser [2003/12/04 15:01:02 | 000,090,832 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\shell\open\command\\: C:\Program Files\Netscape\Netscape\Netscp.exe [2003/02/08 13:50:00 | 000,481,264 | ---- | M] (Mozilla, Netscape)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/09/04 03:43:22 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/09/04 03:43:22 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/09/04 03:43:22 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/09/04 03:43:22 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/09/04 03:43:22 | 000,947,056 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2003/07/30 08:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2003/07/30 08:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2003/07/30 08:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2003/07/30 08:00:00 | 000,091,136 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/07/30 08:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape\uninstall\NSUninst.exe" /ms /ua "7.02 (en)" /hs browser [2003/12/04 15:01:02 | 000,090,832 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape\Netscp.exe" -silent -nosplash -setDefaultBrowser [2003/02/08 13:50:00 | 000,481,264 | ---- | M] (Mozilla, Netscape)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape\uninstall\NSUninst.exe" /ms /ua "7.02 (en)" /ss browser [2003/12/04 15:01:02 | 000,090,832 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\shell\open\command\\: C:\Program Files\Netscape\Netscape\Netscp.exe [2003/02/08 13:50:00 | 000,481,264 | ---- | M] (Mozilla, Netscape)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/09/04 03:43:22 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/09/04 03:43:22 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/09/04 03:43:22 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/09/04 03:43:22 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/09/04 03:43:22 | 000,947,056 | ---- | M] (Opera Software)

< End of report >
  • 0

#24
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#25
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP