Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google virus


  • This topic is locked This topic is locked

#1
littleprincess

littleprincess

    New Member

  • Member
  • Pip
  • 8 posts
I have the google virus where i type in link and it directs to some spam link, can you help fix?

i read that this is common. i dont want to try and fix it, if someone can tell me how to fix it that would be great thank you

Edited by littleprincess, 11 October 2011 - 12:13 AM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello littleprincess and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please don't forget to include these items in your reply:


  • OTL log
  • OTL Extras log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
littleprincess

littleprincess

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL log
OTL by OldTimer - Version 3.2.29.1
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 298.36 Mb Available Physical Memory | 29.41% Memory free
2.38 Gb Paging File | 1.69 Gb Available in Paging File | 70.87% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.98 Gb Free Space | 59.01% Space Free | Partition Type: NTFS
Drive D: | 12.44 Gb Total Space | 12.37 Gb Free Space | 99.47% Space Free | Partition Type: NTFS

Computer Name: OCOMPUTER | User Name: Oscar Macias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/11 16:02:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Oscar Macias\Desktop\OTL.scr
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/10 14:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2006/09/05 17:02:50 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2006/05/16 23:15:10 | 000,071,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
PRC - [2006/04/06 12:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 17:12:08 | 000,186,368 | ---- | M] () -- C:\WINDOWS\anomumus.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/12/19 06:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2005/08/05 12:01:54 | 000,282,112 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2006/04/06 12:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2007/07/03 17:59:10 | 000,086,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 17:58:20 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/10 14:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/09/05 17:02:52 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/03/24 14:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/02 10:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/10/14 06:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 06:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 06:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 07:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 18:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 18:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 18:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/02/13 07:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FD2A425D-D06F-4CDA-9CC3-B4A17A334A35}: C:\Documents and Settings\Oscar Macias\Local Settings\Application Data\{FD2A425D-D06F-4CDA-9CC3-B4A17A334A35} [2010/07/07 19:20:55 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/10 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adasud] C:\WINDOWS\anomumus.dll ()
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ofkoihoq] C:\Documents and Settings\Oscar Macias\Local Settings\Application Data\ftikgxoww\sahykjxtssd.exe File not found
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [yrohombe] C:\Documents and Settings\NetworkService\Local Settings\Application Data\iljaayeif\ifakkrvshdw.exe ()
O4 - HKCU..\Run: [Fpiveduv] C:\WINDOWS\udlbvif.dll (Wondershare)
O4 - HKCU..\Run: [ofkoihoq] C:\Documents and Settings\Oscar Macias\Local Settings\Application Data\ftikgxoww\sahykjxtssd.exe File not found
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} http://o.aolcdn.com/...ns.10.6.0.8.cab (AOL Pictures Uploader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.221,93.188.166.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CBDA2BF-01DB-434E-9FF1-1B683B89A08E}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CBDA2BF-01DB-434E-9FF1-1B683B89A08E}: NameServer = 93.188.162.221,93.188.166.201
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - No CLSID value found.
O22 - SharedTaskScheduler: {2016a466-91a2-43c6-97d8-2fd380f065ef} - eitheror - No CLSID value found.
O24 - Desktop WallPaper: C:\Documents and Settings\Oscar Macias\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Oscar Macias\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/04/22 06:38:14 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{9f0c900d-f0a8-11e0-840b-0015c5ae8d61}\Shell - "" = AutoRun
O33 - MountPoints2\{9f0c900d-f0a8-11e0-840b-0015c5ae8d61}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f0c900d-f0a8-11e0-840b-0015c5ae8d61}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/10/11 16:02:29 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Oscar Macias\Desktop\OTL.scr
[2011/10/11 02:12:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Oscar Macias\Recent
[2011/10/08 21:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oscar Macias\My Documents\Downloads
[2011/10/08 17:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oscar Macias\Local Settings\Application Data\Mozilla
[2011/10/08 17:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/10/08 14:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/07/07 18:57:38 | 000,062,976 | ---- | C] (Blog do Birungueta) -- C:\Documents and Settings\Oscar Macias\Application Data\164814d4.exe
[2006/09/30 22:09:38 | 036,656,704 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\iTunesSetup.exe
[9 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/11 16:02:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Oscar Macias\Desktop\OTL.scr
[2011/10/11 15:25:38 | 000,011,094 | ---- | M] () -- C:\WINDOWS\Abijaseveg.dat
[2011/10/10 22:37:03 | 000,011,006 | ---- | M] () -- C:\WINDOWS\iqusafuza.dll
[2011/10/10 19:25:47 | 000,010,927 | ---- | M] () -- C:\WINDOWS\ulezubohidozo.dll
[2011/10/10 01:22:43 | 000,011,072 | ---- | M] () -- C:\WINDOWS\odajizuqufuna.dll
[2011/10/09 23:21:00 | 000,011,156 | ---- | M] () -- C:\WINDOWS\awayicub.dll
[2011/10/09 22:25:52 | 000,011,072 | ---- | M] () -- C:\WINDOWS\alijafabipere.dll
[2011/10/09 22:22:47 | 000,011,075 | ---- | M] () -- C:\WINDOWS\iqohimuhabucuyaj.dll
[2011/10/09 22:21:15 | 000,011,074 | ---- | M] () -- C:\WINDOWS\ikuzifowasi.dll
[2011/10/09 21:26:54 | 000,011,157 | ---- | M] () -- C:\WINDOWS\usamocinexilah.dll
[2011/10/09 19:24:43 | 000,011,072 | ---- | M] () -- C:\WINDOWS\awaxivumeged.dll
[2011/10/09 19:23:03 | 000,011,156 | ---- | M] () -- C:\WINDOWS\anosocukexugu.dll
[2011/10/09 17:19:14 | 000,011,158 | ---- | M] () -- C:\WINDOWS\ajomufavele.dll
[2011/10/09 16:46:39 | 000,011,159 | ---- | M] () -- C:\WINDOWS\eyukiqaqoju.dll
[2011/10/09 16:39:04 | 000,011,157 | ---- | M] () -- C:\WINDOWS\ulusuhel.dll
[2011/10/09 16:34:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/09 16:33:54 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\164814d4.job
[2011/10/09 15:05:30 | 000,062,976 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\System32\ernel32.dll
[2011/10/09 15:05:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/09 15:05:16 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/09 01:11:04 | 000,011,072 | ---- | M] () -- C:\WINDOWS\omupokid.dll
[2011/10/08 23:06:37 | 000,010,925 | ---- | M] () -- C:\WINDOWS\ekejaged.dll
[2011/10/08 21:04:35 | 000,011,158 | ---- | M] () -- C:\WINDOWS\efudapeqiko.dll
[2011/10/08 19:02:32 | 000,011,073 | ---- | M] () -- C:\WINDOWS\uxupozek.dll
[2011/10/08 17:00:28 | 000,011,071 | ---- | M] () -- C:\WINDOWS\epuxekocubuworu.dll
[2011/10/08 14:59:06 | 000,011,072 | ---- | M] () -- C:\WINDOWS\amihupotovunik.dll
[2011/10/08 12:56:36 | 000,011,072 | ---- | M] () -- C:\WINDOWS\apamisab.dll
[2011/10/08 10:55:37 | 000,011,156 | ---- | M] () -- C:\WINDOWS\eroxeqetalajoqi.dll
[2011/10/08 02:15:29 | 000,010,924 | ---- | M] () -- C:\WINDOWS\imunawif.dll
[2011/10/08 00:24:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Mzaqecekiriyij.bin
[2011/10/07 04:13:52 | 000,011,008 | ---- | M] () -- C:\WINDOWS\ivuyuwamoxobuzog.dll
[9 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/10 22:36:46 | 000,011,006 | ---- | C] () -- C:\WINDOWS\iqusafuza.dll
[2011/10/10 19:25:47 | 000,010,927 | ---- | C] () -- C:\WINDOWS\ulezubohidozo.dll
[2011/10/10 01:22:41 | 000,011,072 | ---- | C] () -- C:\WINDOWS\odajizuqufuna.dll
[2011/10/09 23:21:00 | 000,011,156 | ---- | C] () -- C:\WINDOWS\awayicub.dll
[2011/10/09 22:25:52 | 000,011,072 | ---- | C] () -- C:\WINDOWS\alijafabipere.dll
[2011/10/09 22:22:47 | 000,011,075 | ---- | C] () -- C:\WINDOWS\iqohimuhabucuyaj.dll
[2011/10/09 22:21:15 | 000,011,074 | ---- | C] () -- C:\WINDOWS\ikuzifowasi.dll
[2011/10/09 21:26:54 | 000,011,157 | ---- | C] () -- C:\WINDOWS\usamocinexilah.dll
[2011/10/09 19:24:43 | 000,011,072 | ---- | C] () -- C:\WINDOWS\awaxivumeged.dll
[2011/10/09 19:23:03 | 000,011,156 | ---- | C] () -- C:\WINDOWS\anosocukexugu.dll
[2011/10/09 17:19:14 | 000,011,158 | ---- | C] () -- C:\WINDOWS\ajomufavele.dll
[2011/10/09 16:46:39 | 000,011,159 | ---- | C] () -- C:\WINDOWS\eyukiqaqoju.dll
[2011/10/09 16:39:04 | 000,011,157 | ---- | C] () -- C:\WINDOWS\ulusuhel.dll
[2011/10/09 01:11:04 | 000,011,072 | ---- | C] () -- C:\WINDOWS\omupokid.dll
[2011/10/08 23:06:33 | 000,010,925 | ---- | C] () -- C:\WINDOWS\ekejaged.dll
[2011/10/08 21:04:34 | 000,011,158 | ---- | C] () -- C:\WINDOWS\efudapeqiko.dll
[2011/10/08 19:02:32 | 000,011,073 | ---- | C] () -- C:\WINDOWS\uxupozek.dll
[2011/10/08 17:00:28 | 000,011,071 | ---- | C] () -- C:\WINDOWS\epuxekocubuworu.dll
[2011/10/08 14:59:00 | 000,011,072 | ---- | C] () -- C:\WINDOWS\amihupotovunik.dll
[2011/10/08 12:56:32 | 000,011,072 | ---- | C] () -- C:\WINDOWS\apamisab.dll
[2011/10/08 10:55:36 | 000,011,156 | ---- | C] () -- C:\WINDOWS\eroxeqetalajoqi.dll
[2011/10/08 02:15:29 | 000,010,924 | ---- | C] () -- C:\WINDOWS\imunawif.dll
[2011/10/07 04:13:52 | 000,011,008 | ---- | C] () -- C:\WINDOWS\ivuyuwamoxobuzog.dll
[2010/09/06 18:00:06 | 000,002,839 | ---- | C] () -- C:\WINDOWS\iqirosuloromazi.dll
[2010/09/06 11:36:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihigidelubemojok.dll
[2010/09/05 23:32:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ohuqadir.dll
[2010/09/05 21:31:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ehoyisuk.dll
[2010/09/03 14:18:33 | 000,006,464 | ---- | C] () -- C:\WINDOWS\eholazahixuso.dll
[2010/09/02 23:35:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acegijaniler.dll
[2010/08/31 23:04:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\elasefac.dll
[2010/08/31 22:19:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\umuhifuc.dll
[2010/07/08 23:04:23 | 000,002,716 | ---- | C] () -- C:\WINDOWS\ehajohapuhidonok.dll
[2010/07/07 19:20:56 | 000,011,094 | ---- | C] () -- C:\WINDOWS\Abijaseveg.dat
[2010/07/07 19:20:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mzaqecekiriyij.bin
[2010/07/07 19:06:51 | 000,173,056 | ---- | C] () -- C:\WINDOWS\Nzyqua.exe
[2010/05/20 02:50:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/23 23:22:59 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\Oscar Macias\Local Settings\Application Data\print.ini
[2010/03/23 21:54:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/12/26 10:59:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/12/03 01:41:02 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/09/26 17:15:19 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/07/01 06:27:59 | 000,222,552 | ---- | C] () -- C:\WINDOWS\RM.exe
[2008/06/06 23:57:56 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Destiny3.INI
[2008/01/17 08:56:55 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pt19f.dll
[2007/03/19 10:44:45 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Oscar Macias\Application Data\$_hpcst$.hpc
[2007/03/02 10:34:50 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/12/03 23:29:45 | 000,000,595 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006/11/29 01:12:42 | 000,000,670 | ---- | C] () -- C:\WINDOWS\SportballChallenge.ini
[2006/11/17 00:57:16 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/27 00:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/09/27 20:58:05 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Oscar Macias\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/22 10:50:52 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2006/09/22 10:48:16 | 000,000,107 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2006/09/22 09:59:47 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/22 09:59:47 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D15D531568.sys
[2006/09/12 19:08:34 | 000,000,454 | ---- | C] () -- C:\Documents and Settings\Oscar Macias\Application Data\wklnhst.dat
[2006/09/12 16:30:31 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Oscar Macias\Local Settings\Application Data\fusioncache.dat
[2006/09/05 17:25:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/05 17:17:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/05 17:08:00 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/05 17:06:17 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/05 17:03:24 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/05 17:01:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/05 16:58:24 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/09/05 16:29:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/05 16:29:19 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/05 16:29:07 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/09/05 16:29:07 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/09/05 16:29:03 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/09/05 16:27:45 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/31 10:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2005/08/16 02:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 02:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 02:27:59 | 000,356,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 02:18:42 | 000,186,368 | ---- | C] () -- C:\WINDOWS\anomumus.dll
[2005/08/16 02:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 02:18:33 | 000,463,768 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 02:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 02:18:33 | 000,080,730 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 02:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 02:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 02:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 02:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 02:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 02:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 02:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 02:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 12:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 08:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/11/20 19:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/08 14:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/05/30 18:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/11/29 11:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oscar Macias\Application Data\funkitron
[2006/09/12 17:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oscar Macias\Application Data\Leadertech
[2010/03/23 22:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oscar Macias\Application Data\MSNInstaller
[2008/12/03 01:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oscar Macias\Application Data\Research In Motion
[2008/09/27 19:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oscar Macias\Application Data\Smith Micro
[2008/07/01 08:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oscar Macias\Application Data\Sprint Desktop Sync
[2006/09/12 19:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oscar Macias\Application Data\Template
[2010/07/09 06:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oscar Macias\Application Data\Tific
[2007/11/20 19:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oscar Macias\Application Data\Viewpoint
[2011/10/09 16:33:54 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\Tasks\164814d4.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/12/05 21:39:47 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/10 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 03:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/10 03:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 03:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/10 03:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/04 05:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/04 05:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/04 05:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/04/16 04:43:25 | 000,634,656 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/04 05:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/04 05:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/04 05:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/04/16 04:43:25 | 000,634,656 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#4
littleprincess

littleprincess

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi thank you so much for your reply! part of the problem with my computer internet is that it is SO slow. I wonder if there is a virus because its a great computer and not that old and it is so slow.

can you see why through these log files or have any suggestions? I tried to copy and paste the log and it wont, it showed a blank page so i had to upload it.

also i could not open this link it goes to a blank page: http://public.avast....erek/aswMBR.exe

thank you for your help

Attached Files

  • Attached File  log.txt   39.49KB   44 downloads

Edited by littleprincess, 12 October 2011 - 01:59 AM.

  • 0

#5
littleprincess

littleprincess

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
00:47:24.0796 4064
00:47:24.0796 4064 OS Version: 5.1.2600 ServicePack: 3.0
00:47:24.0796 4064 Product type: Workstation
00:47:24.0796 4064 ComputerName: OCOMPUTER
00:47:24.0796 4064 UserName: Oscar Macias
00:47:24.0796 4064 Windows directory: C:\WINDOWS
00:47:24.0796 4064 System windows directory: C:\WINDOWS
00:47:24.0796 4064 Processor architecture: Intel x86
00:47:24.0796 4064 Number of processors: 1
00:47:24.0796 4064 Page size: 0x1000
00:47:24.0796 4064 Boot type: Normal boot
00:47:24.0796 4064 ============================================================
00:47:27.0421 4064 Initialize success
00:47:31.0828 0216 ============================================================
00:47:31.0828 0216 Scan started
00:47:31.0828 0216 Mode: Manual;
00:47:31.0828 0216 ============================================================
00:47:35.0734 0216 Abiosdsk - ok
00:47:36.0156 0216 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:47:36.0171 0216 abp480n5 - ok
00:47:37.0000 0216 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:47:37.0109 0216 ACPI - ok
00:47:37.0734 0216 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:47:37.0750 0216 ACPIEC - ok
00:47:38.0171 0216 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:47:38.0218 0216 adpu160m - ok
00:47:38.0921 0216 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:47:39.0000 0216 aec - ok
00:47:39.0484 0216 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
00:47:39.0562 0216 AFD - ok
00:47:40.0234 0216 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
00:47:40.0281 0216 agp440 - ok
00:47:40.0718 0216 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:47:40.0734 0216 agpCPQ - ok
00:47:42.0250 0216 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:47:42.0250 0216 Aha154x - ok
00:47:42.0687 0216 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:47:42.0718 0216 aic78u2 - ok
00:47:43.0390 0216 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:47:43.0453 0216 aic78xx - ok
00:47:43.0953 0216 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
00:47:43.0968 0216 AliIde - ok
00:47:44.0671 0216 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:47:44.0687 0216 alim1541 - ok
00:47:45.0125 0216 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:47:45.0140 0216 amdagp - ok
00:47:45.0843 0216 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
00:47:45.0859 0216 amsint - ok
00:47:46.0312 0216 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
00:47:46.0328 0216 APPDRV - ok
00:47:47.0046 0216 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:47:47.0078 0216 Arp1394 - ok
00:47:47.0546 0216 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
00:47:47.0562 0216 asc - ok
00:47:48.0203 0216 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:47:48.0218 0216 asc3350p - ok
00:47:48.0609 0216 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:47:48.0625 0216 asc3550 - ok
00:47:49.0296 0216 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
00:47:49.0312 0216 ASCTRM - ok
00:47:50.0031 0216 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:47:50.0046 0216 AsyncMac - ok
00:47:50.0515 0216 atapi (d3080d15dafc21856148e937532aa078) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:47:50.0515 0216 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: d3080d15dafc21856148e937532aa078, Fake md5: 9f3a2f5aa6875c72bf062c712cfa2674
00:47:50.0515 0216 atapi ( Rootkit.Win32.TDSS.tdl3 ) - infected
00:47:50.0515 0216 atapi - detected Rootkit.Win32.TDSS.tdl3 (0)
00:47:51.0109 0216 Atdisk - ok
00:47:51.0531 0216 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:47:51.0562 0216 Atmarpc - ok
00:47:52.0281 0216 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:47:52.0281 0216 audstub - ok
00:47:52.0953 0216 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
00:47:53.0437 0216 BCM43XX - ok
00:47:53.0859 0216 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
00:47:53.0890 0216 bcm4sbxp - ok
00:47:54.0546 0216 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:47:54.0562 0216 Beep - ok
00:47:54.0984 0216 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:47:54.0984 0216 cbidf - ok
00:47:55.0593 0216 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:47:55.0593 0216 cbidf2k - ok
00:47:56.0000 0216 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:47:56.0015 0216 CCDECODE - ok
00:47:56.0734 0216 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:47:56.0734 0216 cd20xrnt - ok
00:47:57.0203 0216 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:47:57.0218 0216 Cdaudio - ok
00:47:57.0906 0216 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:47:57.0906 0216 Cdfs - ok
00:47:58.0875 0216 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:47:59.0031 0216 Cdrom - ok
00:47:59.0828 0216 Changer - ok
00:48:00.0234 0216 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:48:00.0250 0216 CmBatt - ok
00:48:00.0656 0216 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:48:00.0656 0216 CmdIde - ok
00:48:01.0328 0216 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:48:01.0328 0216 Compbatt - ok
00:48:02.0171 0216 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:48:02.0187 0216 Cpqarray - ok
00:48:02.0671 0216 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:48:02.0687 0216 dac2w2k - ok
00:48:03.0765 0216 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:48:03.0781 0216 dac960nt - ok
00:48:04.0546 0216 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:48:04.0546 0216 Disk - ok
00:48:05.0187 0216 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:48:05.0312 0216 dmboot - ok
00:48:06.0015 0216 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:48:06.0125 0216 dmio - ok
00:48:07.0468 0216 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:48:07.0531 0216 dmload - ok
00:48:08.0343 0216 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:48:08.0390 0216 DMusic - ok
00:48:08.0843 0216 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:48:08.0859 0216 dpti2o - ok
00:48:09.0625 0216 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:48:09.0625 0216 drmkaud - ok
00:48:10.0109 0216 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
00:48:10.0140 0216 drvmcdb - ok
00:48:10.0828 0216 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
00:48:10.0828 0216 drvnddm - ok
00:48:11.0359 0216 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:48:11.0421 0216 E100B - ok
00:48:12.0437 0216 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:48:12.0531 0216 Fastfat - ok
00:48:13.0234 0216 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:48:13.0250 0216 Fdc - ok
00:48:13.0734 0216 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:48:13.0781 0216 Fips - ok
00:48:14.0531 0216 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:48:14.0531 0216 Flpydisk - ok
00:48:15.0406 0216 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:48:15.0468 0216 FltMgr - ok
00:48:16.0046 0216 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:48:16.0062 0216 Fs_Rec - ok
00:48:16.0953 0216 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:48:17.0015 0216 Ftdisk - ok
00:48:17.0796 0216 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:48:17.0828 0216 GearAspiWDM - ok
00:48:18.0328 0216 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:48:18.0359 0216 Gpc - ok
00:48:19.0671 0216 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:48:19.0859 0216 HDAudBus - ok
00:48:20.0593 0216 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:48:20.0656 0216 HidUsb - ok
00:48:21.0453 0216 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
00:48:21.0468 0216 hpn - ok
00:48:22.0062 0216 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
00:48:22.0218 0216 HSFHWAZL - ok
00:48:23.0828 0216 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
00:48:24.0921 0216 HSF_DPV - ok
00:48:26.0421 0216 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:48:26.0890 0216 HTTP - ok
00:48:27.0421 0216 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
00:48:27.0437 0216 i2omgmt - ok
00:48:28.0250 0216 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:48:28.0265 0216 i2omp - ok
00:48:29.0062 0216 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:48:29.0093 0216 i8042prt - ok
00:48:31.0250 0216 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:48:32.0312 0216 ialm - ok
00:48:33.0375 0216 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:48:33.0406 0216 Imapi - ok
00:48:33.0968 0216 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:48:33.0984 0216 ini910u - ok
00:48:34.0656 0216 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:48:34.0671 0216 IntelIde - ok
00:48:35.0187 0216 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:48:35.0203 0216 intelppm - ok
00:48:36.0031 0216 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:48:36.0046 0216 Ip6Fw - ok
00:48:36.0468 0216 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:48:36.0484 0216 IpFilterDriver - ok
00:48:37.0625 0216 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:48:37.0687 0216 IpInIp - ok
00:48:38.0609 0216 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:48:38.0703 0216 IpNat - ok
00:48:39.0562 0216 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:48:39.0625 0216 IPSec - ok
00:48:40.0125 0216 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:48:40.0125 0216 IRENUM - ok
00:48:41.0062 0216 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:48:41.0078 0216 isapnp - ok
00:48:41.0953 0216 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:48:41.0968 0216 Kbdclass - ok
00:48:42.0500 0216 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:48:42.0593 0216 kmixer - ok
00:48:43.0484 0216 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:48:43.0515 0216 KSecDD - ok
00:48:44.0203 0216 lbrtfdc - ok
00:48:44.0671 0216 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:48:44.0687 0216 mdmxsdk - ok
00:48:45.0437 0216 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
00:48:45.0453 0216 MHNDRV - ok
00:48:46.0000 0216 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:48:46.0015 0216 mnmdd - ok
00:48:46.0906 0216 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:48:46.0921 0216 Modem - ok
00:48:47.0781 0216 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:48:47.0812 0216 Mouclass - ok
00:48:48.0359 0216 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:48:48.0375 0216 mouhid - ok
00:48:49.0156 0216 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:48:49.0156 0216 MountMgr - ok
00:48:49.0968 0216 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:48:49.0984 0216 mraid35x - ok
00:48:50.0500 0216 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:48:50.0609 0216 MRxDAV - ok
00:48:51.0718 0216 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:48:52.0359 0216 MRxSmb - ok
00:48:53.0296 0216 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:48:53.0296 0216 Msfs - ok
00:48:54.0453 0216 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:48:54.0453 0216 MSKSSRV - ok
00:48:55.0500 0216 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:48:55.0515 0216 MSPCLOCK - ok
00:48:56.0171 0216 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:48:56.0171 0216 MSPQM - ok
00:48:57.0406 0216 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:48:57.0484 0216 mssmbios - ok
00:48:58.0515 0216 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:48:58.0515 0216 MSTEE - ok
00:48:59.0343 0216 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
00:48:59.0390 0216 Mup - ok
00:49:00.0218 0216 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:49:00.0265 0216 NABTSFEC - ok
00:49:00.0843 0216 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:49:01.0281 0216 NDIS - ok
00:49:01.0734 0216 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:49:01.0750 0216 NdisIP - ok
00:49:02.0500 0216 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:49:02.0531 0216 NdisTapi - ok
00:49:03.0000 0216 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:49:03.0031 0216 Ndisuio - ok
00:49:04.0296 0216 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:49:04.0359 0216 NdisWan - ok
00:49:05.0125 0216 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
00:49:05.0156 0216 NDProxy - ok
00:49:06.0156 0216 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:49:06.0250 0216 NetBIOS - ok
00:49:07.0343 0216 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:49:07.0796 0216 NetBT - ok
00:49:08.0671 0216 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:49:08.0703 0216 NIC1394 - ok
00:49:09.0203 0216 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:49:09.0218 0216 Npfs - ok
00:49:10.0281 0216 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:49:11.0062 0216 Ntfs - ok
00:49:11.0546 0216 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:49:11.0562 0216 Null - ok
00:49:14.0906 0216 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:49:16.0062 0216 nv - ok
00:49:16.0765 0216 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:49:16.0781 0216 NwlnkFlt - ok
00:49:17.0281 0216 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:49:17.0312 0216 NwlnkFwd - ok
00:49:18.0296 0216 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:49:18.0296 0216 ohci1394 - ok
00:49:19.0375 0216 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
00:49:19.0437 0216 omci - ok
00:49:20.0312 0216 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:49:20.0343 0216 Parport - ok
00:49:20.0828 0216 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:49:20.0843 0216 PartMgr - ok
00:49:21.0656 0216 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:49:21.0718 0216 ParVdm - ok
00:49:22.0531 0216 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:49:22.0562 0216 PCI - ok
00:49:23.0031 0216 PCIDump - ok
00:49:23.0890 0216 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:49:23.0890 0216 PCIIde - ok
00:49:24.0437 0216 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:49:24.0500 0216 Pcmcia - ok
00:49:25.0234 0216 PDCOMP - ok
00:49:25.0656 0216 PDFRAME - ok
00:49:26.0390 0216 PDRELI - ok
00:49:26.0859 0216 PDRFRAME - ok
00:49:27.0562 0216 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
00:49:27.0578 0216 perc2 - ok
00:49:28.0015 0216 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:49:28.0031 0216 perc2hib - ok
00:49:28.0843 0216 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:49:28.0875 0216 PptpMiniport - ok
00:49:28.0890 0216 Suspicious service (Hidden): PRAGMAhtibfnmcvs
00:49:29.0265 0216 PRAGMAhtibfnmcvs (51ac5828430c17b01c10cfc548f590d4) C:\WINDOWS\PRAGMAhtibfnmcvs\PRAGMAd.sys
00:49:29.0390 0216 Suspicious file (Hidden): C:\WINDOWS\PRAGMAhtibfnmcvs\PRAGMAd.sys. md5: 51ac5828430c17b01c10cfc548f590d4
00:49:29.0390 0216 PRAGMAhtibfnmcvs ( Rootkit.Win32.TDSS.tdl2 ) - infected
00:49:29.0390 0216 PRAGMAhtibfnmcvs - detected Rootkit.Win32.TDSS.tdl2 (0)
00:49:30.0265 0216 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:49:30.0343 0216 PSched - ok
00:49:30.0828 0216 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:49:30.0843 0216 Ptilink - ok
00:49:31.0640 0216 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:49:31.0656 0216 PxHelp20 - ok
00:49:32.0109 0216 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:49:32.0437 0216 ql1080 - ok
00:49:33.0687 0216 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:49:33.0703 0216 Ql10wnt - ok
00:49:34.0578 0216 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:49:34.0921 0216 ql12160 - ok
00:49:35.0750 0216 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:49:35.0765 0216 ql1240 - ok
00:49:36.0812 0216 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:49:36.0921 0216 ql1280 - ok
00:49:37.0890 0216 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:49:37.0953 0216 RasAcd - ok
00:49:38.0718 0216 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:49:38.0812 0216 Rasl2tp - ok
00:49:39.0796 0216 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:49:39.0906 0216 RasPppoe - ok
00:49:40.0531 0216 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:49:40.0546 0216 Raspti - ok
00:49:41.0750 0216 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:49:41.0859 0216 Rdbss - ok
00:49:43.0296 0216 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:49:43.0421 0216 RDPCDD - ok
00:49:44.0562 0216 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:49:44.0718 0216 rdpdr - ok
00:49:45.0859 0216 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
00:49:45.0937 0216 RDPWD - ok
00:49:46.0703 0216 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:49:46.0765 0216 redbook - ok
00:49:47.0343 0216 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
00:49:47.0390 0216 rimmptsk - ok
00:49:48.0203 0216 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
00:49:48.0250 0216 rimsptsk - ok
00:49:48.0718 0216 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
00:49:48.0734 0216 RimUsb - ok
00:49:49.0593 0216 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
00:49:49.0609 0216 RimVSerPort - ok
00:49:50.0625 0216 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
00:49:50.0796 0216 rismxdp - ok
00:49:51.0562 0216 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
00:49:51.0562 0216 ROOTMODEM - ok
00:49:52.0250 0216 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
00:49:52.0296 0216 sdbus - ok
00:49:53.0078 0216 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:49:53.0093 0216 Secdrv - ok
00:49:53.0968 0216 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:49:53.0984 0216 serenum - ok
00:49:54.0500 0216 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:49:54.0546 0216 Serial - ok
00:49:55.0296 0216 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
00:49:55.0296 0216 sffdisk - ok
00:49:56.0203 0216 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
00:49:56.0218 0216 sffp_sd - ok
00:49:57.0359 0216 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:49:57.0375 0216 Sfloppy - ok
00:49:57.0796 0216 Simbad - ok
00:49:58.0546 0216 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:49:58.0578 0216 sisagp - ok
00:49:59.0156 0216 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:49:59.0203 0216 SLIP - ok
00:49:59.0953 0216 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
00:49:59.0953 0216 SONYPVU1 - ok
00:50:00.0640 0216 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:50:00.0656 0216 Sparrow - ok
00:50:01.0078 0216 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:50:01.0078 0216 splitter - ok
00:50:01.0781 0216 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:50:01.0812 0216 sr - ok
00:50:02.0421 0216 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
00:50:02.0828 0216 Srv - ok
00:50:03.0250 0216 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
00:50:03.0250 0216 sscdbhk5 - ok
00:50:04.0000 0216 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
00:50:04.0046 0216 sscdbus - ok
00:50:04.0468 0216 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
00:50:04.0718 0216 sscdmdfl - ok
00:50:05.0187 0216 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
00:50:05.0234 0216 sscdmdm - ok
00:50:05.0656 0216 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
00:50:05.0906 0216 sscdserd - ok
00:50:06.0328 0216 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
00:50:06.0328 0216 ssrtln - ok
00:50:07.0578 0216 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
00:50:08.0421 0216 STHDA - ok
00:50:09.0046 0216 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:50:09.0062 0216 streamip - ok
00:50:09.0484 0216 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:50:09.0484 0216 swenum - ok
00:50:10.0171 0216 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:50:10.0203 0216 swmidi - ok
00:50:10.0609 0216 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
00:50:10.0609 0216 symc810 - ok
00:50:11.0390 0216 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:50:11.0406 0216 symc8xx - ok
00:50:11.0828 0216 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:50:11.0843 0216 sym_hi - ok
00:50:12.0468 0216 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:50:12.0484 0216 sym_u3 - ok
00:50:13.0203 0216 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:50:13.0312 0216 SynTP - ok
00:50:13.0750 0216 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:50:13.0781 0216 sysaudio - ok
00:50:14.0765 0216 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:50:14.0953 0216 Tcpip - ok
00:50:15.0578 0216 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:50:15.0593 0216 TDPIPE - ok
00:50:16.0015 0216 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:50:16.0015 0216 TDTCP - ok
00:50:16.0656 0216 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:50:16.0671 0216 TermDD - ok
00:50:17.0078 0216 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
00:50:17.0093 0216 tfsnboio - ok
00:50:17.0687 0216 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
00:50:17.0703 0216 tfsncofs - ok
00:50:18.0078 0216 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
00:50:18.0078 0216 tfsndrct - ok
00:50:18.0437 0216 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
00:50:18.0437 0216 tfsndres - ok
00:50:19.0062 0216 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
00:50:19.0109 0216 tfsnifs - ok
00:50:19.0468 0216 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
00:50:19.0484 0216 tfsnopio - ok
00:50:20.0062 0216 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
00:50:20.0062 0216 tfsnpool - ok
00:50:20.0453 0216 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
00:50:20.0515 0216 tfsnudf - ok
00:50:21.0125 0216 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
00:50:21.0171 0216 tfsnudfa - ok
00:50:21.0562 0216 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
00:50:21.0562 0216 TosIde - ok
00:50:22.0218 0216 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:50:22.0250 0216 Udfs - ok
00:50:22.0640 0216 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
00:50:22.0656 0216 ultra - ok
00:50:23.0468 0216 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:50:23.0671 0216 Update - ok
00:50:24.0328 0216 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:50:24.0343 0216 USBAAPL - ok
00:50:24.0796 0216 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:50:24.0828 0216 usbaudio - ok
00:50:25.0468 0216 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
00:50:25.0468 0216 usbbus - ok
00:50:25.0906 0216 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:50:25.0921 0216 usbccgp - ok
00:50:26.0578 0216 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
00:50:26.0609 0216 UsbDiag - ok
00:50:27.0015 0216 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:50:27.0031 0216 usbehci - ok
00:50:27.0703 0216 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:50:27.0734 0216 usbhub - ok
00:50:28.0281 0216 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
00:50:28.0296 0216 USBModem - ok
00:50:28.0937 0216 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:50:28.0953 0216 usbprint - ok
00:50:29.0343 0216 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:50:29.0359 0216 usbscan - ok
00:50:30.0015 0216 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:50:30.0046 0216 USBSTOR - ok
00:50:30.0500 0216 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:50:30.0500 0216 usbuhci - ok
00:50:31.0218 0216 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
00:50:31.0234 0216 usb_rndisx - ok
00:50:31.0656 0216 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:50:31.0671 0216 VgaSave - ok
00:50:32.0375 0216 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:50:32.0406 0216 viaagp - ok
00:50:32.0828 0216 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:50:32.0843 0216 ViaIde - ok
00:50:33.0562 0216 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:50:33.0562 0216 VolSnap - ok
00:50:34.0906 0216 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
00:50:35.0734 0216 VX1000 - ok
00:50:36.0171 0216 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:50:36.0187 0216 Wanarp - ok
00:50:36.0781 0216 wanatw - ok
00:50:37.0156 0216 WDICA - ok
00:50:37.0609 0216 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:50:37.0656 0216 wdmaud - ok
00:50:38.0796 0216 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:50:39.0406 0216 winachsf - ok
00:50:39.0890 0216 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
00:50:39.0906 0216 WpdUsb - ok
00:50:40.0531 0216 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:50:40.0546 0216 WSTCODEC - ok
00:50:41.0000 0216 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:50:41.0031 0216 WudfPf - ok
00:50:41.0687 0216 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:50:41.0718 0216 WudfRd - ok
00:50:41.0812 0216 MBR (0x1B8) (2ba3e330828ad649a40ef55575d98871) \Device\Harddisk0\DR0
00:50:41.0812 0216 \Device\Harddisk0\DR0 - ok
00:50:41.0828 0216 Boot (0x1200) (f983d27be8dc5cc92cb24c2e85bd4744) \Device\Harddisk0\DR0\Partition0
00:50:41.0828 0216 \Device\Harddisk0\DR0\Partition0 - ok
00:50:41.0859 0216 Boot (0x1200) (11af5ee3e9caedf51a0fae37135852f7) \Device\Harddisk0\DR0\Partition1
00:50:41.0859 0216 \Device\Harddisk0\DR0\Partition1 - ok
00:50:41.0859 0216 ============================================================
00:50:41.0859 0216 Scan finished
00:50:41.0859 0216 ============================================================
00:50:41.0875 3804 Detected object count: 2
00:50:41.0875 3804 Actual detected object count: 2
00:51:20.0156 3804 Backup copy not found, trying to cure infected file..
00:51:20.0156 3804 Cure success, using it..
00:51:20.0312 3804 C:\WINDOWS\system32\DRIVERS\atapi.sys - will be cured on reboot
00:51:20.0312 3804 atapi ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
00:51:20.0312 3804 C:\WINDOWS\PRAGMAhtibfnmcvs\PRAGMAd.sys - will be deleted on reboot
00:51:20.0312 3804 C:\WINDOWS\PRAGMAhtibfnmcvs\PRAGMAc.dll - will be deleted on reboot
00:51:20.0312 3804 pragmaserf - will be deleted on reboot
00:51:20.0312 3804 pragmabbr - will be deleted on reboot
00:51:20.0312 3804 HKLM\SYSTEM\ControlSet003\services\PRAGMAhtibfnmcvs - will be deleted on reboot
00:51:20.0437 3804 HKLM\SYSTEM\ControlSet004\services\PRAGMAhtibfnmcvs - will be deleted on reboot
00:51:20.0500 3804 C:\WINDOWS\PRAGMAhtibfnmcvs\PRAGMAd.sys - will be deleted on reboot
00:51:20.0500 3804 PRAGMAhtibfnmcvs ( Rootkit.Win32.TDSS.tdl2 ) - User select action: Delete
00:52:05.0109 3988 Deinitialize success
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You Internet connection is slow because of infection. Test your system after this two steps and let me know what problems you have.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2005/12/19 06:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
    MOD - [2008/04/13 17:12:08 | 000,186,368 | ---- | M] () -- C:\WINDOWS\anomumus.dll
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
    O4 - HKLM..\Run: [Adasud] C:\WINDOWS\anomumus.dll ()
    O4 - HKLM..\Run: [ofkoihoq] C:\Documents and Settings\Oscar Macias\Local Settings\Application Data\ftikgxoww\sahykjxtssd.exe File not found
    O4 - HKLM..\Run: [yrohombe] C:\Documents and Settings\NetworkService\Local Settings\Application Data\iljaayeif\ifakkrvshdw.exe ()
    O4 - HKCU..\Run: [Fpiveduv] C:\WINDOWS\udlbvif.dll (Wondershare)
    O4 - HKCU..\Run: [ofkoihoq] C:\Documents and Settings\Oscar Macias\Local Settings\Application Data\ftikgxoww\sahykjxtssd.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.221,93.188.166.201
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CBDA2BF-01DB-434E-9FF1-1B683B89A08E}: DhcpNameServer = 8.8.8.8 8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CBDA2BF-01DB-434E-9FF1-1B683B89A08E}: NameServer = 93.188.162.221,93.188.166.201
    O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - No CLSID value found.
    O22 - SharedTaskScheduler: {2016a466-91a2-43c6-97d8-2fd380f065ef} - eitheror - No CLSID value found.
    [2010/07/07 18:57:38 | 000,062,976 | ---- | C] (Blog do Birungueta) -- C:\Documents and Settings\Oscar Macias\Application Data\164814d4.exe
    [2011/10/11 15:25:38 | 000,011,094 | ---- | M] () -- C:\WINDOWS\Abijaseveg.dat
    [2011/10/10 22:37:03 | 000,011,006 | ---- | M] () -- C:\WINDOWS\iqusafuza.dll
    [2011/10/10 19:25:47 | 000,010,927 | ---- | M] () -- C:\WINDOWS\ulezubohidozo.dll
    [2011/10/10 01:22:43 | 000,011,072 | ---- | M] () -- C:\WINDOWS\odajizuqufuna.dll
    [2011/10/09 23:21:00 | 000,011,156 | ---- | M] () -- C:\WINDOWS\awayicub.dll
    [2011/10/09 22:25:52 | 000,011,072 | ---- | M] () -- C:\WINDOWS\alijafabipere.dll
    [2011/10/09 22:22:47 | 000,011,075 | ---- | M] () -- C:\WINDOWS\iqohimuhabucuyaj.dll
    [2011/10/09 22:21:15 | 000,011,074 | ---- | M] () -- C:\WINDOWS\ikuzifowasi.dll
    [2011/10/09 21:26:54 | 000,011,157 | ---- | M] () -- C:\WINDOWS\usamocinexilah.dll
    [2011/10/09 19:24:43 | 000,011,072 | ---- | M] () -- C:\WINDOWS\awaxivumeged.dll
    [2011/10/09 19:23:03 | 000,011,156 | ---- | M] () -- C:\WINDOWS\anosocukexugu.dll
    [2011/10/09 17:19:14 | 000,011,158 | ---- | M] () -- C:\WINDOWS\ajomufavele.dll
    [2011/10/09 16:46:39 | 000,011,159 | ---- | M] () -- C:\WINDOWS\eyukiqaqoju.dll
    [2011/10/09 16:39:04 | 000,011,157 | ---- | M] () -- C:\WINDOWS\ulusuhel.dll
    [2011/10/09 16:33:54 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\164814d4.job
    [2011/10/09 15:05:30 | 000,062,976 | ---- | M] (Blog do Birungueta) -- C:\WINDOWS\System32\ernel32.dll
    [2011/10/09 01:11:04 | 000,011,072 | ---- | M] () -- C:\WINDOWS\omupokid.dll
    [2011/10/08 23:06:37 | 000,010,925 | ---- | M] () -- C:\WINDOWS\ekejaged.dll
    [2011/10/08 21:04:35 | 000,011,158 | ---- | M] () -- C:\WINDOWS\efudapeqiko.dll
    [2011/10/08 19:02:32 | 000,011,073 | ---- | M] () -- C:\WINDOWS\uxupozek.dll
    [2011/10/08 17:00:28 | 000,011,071 | ---- | M] () -- C:\WINDOWS\epuxekocubuworu.dll
    [2011/10/08 14:59:06 | 000,011,072 | ---- | M] () -- C:\WINDOWS\amihupotovunik.dll
    [2011/10/08 12:56:36 | 000,011,072 | ---- | M] () -- C:\WINDOWS\apamisab.dll
    [2011/10/08 10:55:37 | 000,011,156 | ---- | M] () -- C:\WINDOWS\eroxeqetalajoqi.dll
    [2011/10/08 02:15:29 | 000,010,924 | ---- | M] () -- C:\WINDOWS\imunawif.dll
    [2011/10/08 00:24:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Mzaqecekiriyij.bin
    [2011/10/07 04:13:52 | 000,011,008 | ---- | M] () -- C:\WINDOWS\ivuyuwamoxobuzog.dll
    [2011/10/10 22:36:46 | 000,011,006 | ---- | C] () -- C:\WINDOWS\iqusafuza.dll
    [2011/10/10 19:25:47 | 000,010,927 | ---- | C] () -- C:\WINDOWS\ulezubohidozo.dll
    [2011/10/10 01:22:41 | 000,011,072 | ---- | C] () -- C:\WINDOWS\odajizuqufuna.dll
    [2011/10/09 23:21:00 | 000,011,156 | ---- | C] () -- C:\WINDOWS\awayicub.dll
    [2011/10/09 22:25:52 | 000,011,072 | ---- | C] () -- C:\WINDOWS\alijafabipere.dll
    [2011/10/09 22:22:47 | 000,011,075 | ---- | C] () -- C:\WINDOWS\iqohimuhabucuyaj.dll
    [2011/10/09 22:21:15 | 000,011,074 | ---- | C] () -- C:\WINDOWS\ikuzifowasi.dll
    [2011/10/09 21:26:54 | 000,011,157 | ---- | C] () -- C:\WINDOWS\usamocinexilah.dll
    [2011/10/09 19:24:43 | 000,011,072 | ---- | C] () -- C:\WINDOWS\awaxivumeged.dll
    [2011/10/09 19:23:03 | 000,011,156 | ---- | C] () -- C:\WINDOWS\anosocukexugu.dll
    [2011/10/09 17:19:14 | 000,011,158 | ---- | C] () -- C:\WINDOWS\ajomufavele.dll
    [2011/10/09 16:46:39 | 000,011,159 | ---- | C] () -- C:\WINDOWS\eyukiqaqoju.dll
    [2011/10/09 16:39:04 | 000,011,157 | ---- | C] () -- C:\WINDOWS\ulusuhel.dll
    [2011/10/09 01:11:04 | 000,011,072 | ---- | C] () -- C:\WINDOWS\omupokid.dll
    [2011/10/08 23:06:33 | 000,010,925 | ---- | C] () -- C:\WINDOWS\ekejaged.dll
    [2011/10/08 21:04:34 | 000,011,158 | ---- | C] () -- C:\WINDOWS\efudapeqiko.dll
    [2011/10/08 19:02:32 | 000,011,073 | ---- | C] () -- C:\WINDOWS\uxupozek.dll
    [2011/10/08 17:00:28 | 000,011,071 | ---- | C] () -- C:\WINDOWS\epuxekocubuworu.dll
    [2011/10/08 14:59:00 | 000,011,072 | ---- | C] () -- C:\WINDOWS\amihupotovunik.dll
    [2011/10/08 12:56:32 | 000,011,072 | ---- | C] () -- C:\WINDOWS\apamisab.dll
    [2011/10/08 10:55:36 | 000,011,156 | ---- | C] () -- C:\WINDOWS\eroxeqetalajoqi.dll
    [2011/10/08 02:15:29 | 000,010,924 | ---- | C] () -- C:\WINDOWS\imunawif.dll
    [2011/10/07 04:13:52 | 000,011,008 | ---- | C] () -- C:\WINDOWS\ivuyuwamoxobuzog.dll
    [2010/09/06 18:00:06 | 000,002,839 | ---- | C] () -- C:\WINDOWS\iqirosuloromazi.dll
    [2010/09/06 11:36:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihigidelubemojok.dll
    [2010/09/05 23:32:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ohuqadir.dll
    [2010/09/05 21:31:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ehoyisuk.dll
    [2010/09/03 14:18:33 | 000,006,464 | ---- | C] () -- C:\WINDOWS\eholazahixuso.dll
    [2010/09/02 23:35:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acegijaniler.dll
    [2010/08/31 23:04:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\elasefac.dll
    [2010/08/31 22:19:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\umuhifuc.dll
    [2010/07/08 23:04:23 | 000,002,716 | ---- | C] () -- C:\WINDOWS\ehajohapuhidonok.dll
    [2010/07/07 19:20:56 | 000,011,094 | ---- | C] () -- C:\WINDOWS\Abijaseveg.dat
    [2010/07/07 19:20:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mzaqecekiriyij.bin
    [2010/07/07 19:06:51 | 000,173,056 | ---- | C] () -- C:\WINDOWS\Nzyqua.exe
    [2006/09/22 10:50:52 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
    [2008/01/17 08:56:55 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pt19f.dll
    [2006/09/22 09:59:47 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D15D531568.sys
    [2011/10/09 16:33:54 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\Tasks\164814d4.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Try to download aswMBR now and run scan as described before.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#7
littleprincess

littleprincess

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
17:25:04.343 OS Version: Windows 5.1.2600 Service Pack 3
17:25:04.343 Number of processors: 1 586 0xE08
17:25:04.343 ComputerName: OCOMPUTER UserName:
17:25:12.546 Initialize success
17:25:51.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:25:51.031 Disk 0 Vendor: SAMSUNG_HM060HI YD100-15 Size: 55796MB BusType: 3
17:25:51.046 Disk 0 MBR read successfully
17:25:51.046 Disk 0 MBR scan
17:25:51.046 Disk 0 unknown MBR code
17:25:51.125 Disk 0 scanning sectors +114254280
17:25:51.312 Disk 0 scanning C:\WINDOWS\system32\drivers
17:26:55.453 Service scanning
17:27:03.703 Modules scanning
17:27:25.515 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
17:27:25.515 Disk 0 trace - called modules:
17:27:25.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
17:27:25.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871c8ab8]
17:27:25.546 3 CLASSPNP.SYS[f757dfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87193468]
17:27:25.546 Scan finished successfully
17:32:19.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Oscar Macias\Desktop\MBR.dat"
17:32:19.656 The log file has been saved successfully to "C:\Documents and Settings\Oscar Macias\Desktop\aswMBR.txt"
  • 0

#8
littleprincess

littleprincess

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adasud deleted successfully.
C:\WINDOWS\anomumus.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ofkoihoq deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yrohombe deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\iljaayeif\ifakkrvshdw.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Fpiveduv deleted successfully.
C:\WINDOWS\udlbvif.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ofkoihoq deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2CBDA2BF-01DB-434E-9FF1-1B683B89A08E}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2CBDA2BF-01DB-434E-9FF1-1B683B89A08E}\\NameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\eitheror deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2016a466-91a2-43c6-97d8-2fd380f065ef}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{2016a466-91a2-43c6-97d8-2fd380f065ef} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2016a466-91a2-43c6-97d8-2fd380f065ef}\ not found.
C:\Documents and Settings\Oscar Macias\Application Data\164814d4.exe moved successfully.
C:\WINDOWS\Abijaseveg.dat moved successfully.
C:\WINDOWS\iqusafuza.dll moved successfully.
C:\WINDOWS\ulezubohidozo.dll moved successfully.
C:\WINDOWS\odajizuqufuna.dll moved successfully.
C:\WINDOWS\awayicub.dll moved successfully.
C:\WINDOWS\alijafabipere.dll moved successfully.
C:\WINDOWS\iqohimuhabucuyaj.dll moved successfully.
C:\WINDOWS\ikuzifowasi.dll moved successfully.
C:\WINDOWS\usamocinexilah.dll moved successfully.
C:\WINDOWS\awaxivumeged.dll moved successfully.
C:\WINDOWS\anosocukexugu.dll moved successfully.
C:\WINDOWS\ajomufavele.dll moved successfully.
C:\WINDOWS\eyukiqaqoju.dll moved successfully.
C:\WINDOWS\ulusuhel.dll moved successfully.
C:\WINDOWS\tasks\164814d4.job moved successfully.
C:\WINDOWS\system32\ernel32.dll moved successfully.
C:\WINDOWS\omupokid.dll moved successfully.
C:\WINDOWS\ekejaged.dll moved successfully.
C:\WINDOWS\efudapeqiko.dll moved successfully.
C:\WINDOWS\uxupozek.dll moved successfully.
C:\WINDOWS\epuxekocubuworu.dll moved successfully.
C:\WINDOWS\amihupotovunik.dll moved successfully.
C:\WINDOWS\apamisab.dll moved successfully.
C:\WINDOWS\eroxeqetalajoqi.dll moved successfully.
C:\WINDOWS\imunawif.dll moved successfully.
C:\WINDOWS\Mzaqecekiriyij.bin moved successfully.
C:\WINDOWS\ivuyuwamoxobuzog.dll moved successfully.
File C:\WINDOWS\iqusafuza.dll not found.
File C:\WINDOWS\ulezubohidozo.dll not found.
File C:\WINDOWS\odajizuqufuna.dll not found.
File C:\WINDOWS\awayicub.dll not found.
File C:\WINDOWS\alijafabipere.dll not found.
File C:\WINDOWS\iqohimuhabucuyaj.dll not found.
File C:\WINDOWS\ikuzifowasi.dll not found.
File C:\WINDOWS\usamocinexilah.dll not found.
File C:\WINDOWS\awaxivumeged.dll not found.
File C:\WINDOWS\anosocukexugu.dll not found.
File C:\WINDOWS\ajomufavele.dll not found.
File C:\WINDOWS\eyukiqaqoju.dll not found.
File C:\WINDOWS\ulusuhel.dll not found.
File C:\WINDOWS\omupokid.dll not found.
File C:\WINDOWS\ekejaged.dll not found.
File C:\WINDOWS\efudapeqiko.dll not found.
File C:\WINDOWS\uxupozek.dll not found.
File C:\WINDOWS\epuxekocubuworu.dll not found.
File C:\WINDOWS\amihupotovunik.dll not found.
File C:\WINDOWS\apamisab.dll not found.
File C:\WINDOWS\eroxeqetalajoqi.dll not found.
File C:\WINDOWS\imunawif.dll not found.
File C:\WINDOWS\ivuyuwamoxobuzog.dll not found.
C:\WINDOWS\iqirosuloromazi.dll moved successfully.
C:\WINDOWS\ihigidelubemojok.dll moved successfully.
C:\WINDOWS\ohuqadir.dll moved successfully.
C:\WINDOWS\ehoyisuk.dll moved successfully.
C:\WINDOWS\eholazahixuso.dll moved successfully.
C:\WINDOWS\acegijaniler.dll moved successfully.
C:\WINDOWS\elasefac.dll moved successfully.
C:\WINDOWS\umuhifuc.dll moved successfully.
C:\WINDOWS\ehajohapuhidonok.dll moved successfully.
File C:\WINDOWS\Abijaseveg.dat not found.
File C:\WINDOWS\Mzaqecekiriyij.bin not found.
C:\WINDOWS\Nzyqua.exe moved successfully.
C:\WINDOWS\cgminivw.ini moved successfully.
C:\WINDOWS\system32\pt19f.dll moved successfully.
C:\WINDOWS\system32\D15D531568.sys moved successfully.
File C:\WINDOWS\Tasks\164814d4.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Oscar Macias\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Oscar Macias\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Problems?

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#10
littleprincess

littleprincess

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
hi sir thank you so much, internet is still slow, i think the virus is still there. the virus program you recommended is downloading its just taking a really long time because the connection is so slow. thank you i will update when its ready.
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi littleprincess,

Take your time. Just post log after VRT scan. I'll be here :)
  • 0

#12
littleprincess

littleprincess

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
hi thank you I am running the scan but its taking forever and i have to close my computer. i didnt realize how long it takes to scan so i will do it again when i dont have to close computer and can let it run. it deleted a trojan but there may have been more.

i noticed that the google redirect is solved yay! thank you! and i was using internet explorer 7 and that its really slow, so i got a new browswer and its faster. there is still a little lag i noticed, so maybe there is more of a virus that the program will detect. i will re-scan and post the full log.

Status: Deleted Deleted Trojan program Trojan.HTML.Fraud.di
C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi littleprincess,

OK. Post VRT log after the scan please. How is your system now. Any problems?
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP