Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vware [Closed]

Started by Redskinsdb21 , Jan 03 2012 09:36 AM

  • This topic is locked This topic is locked

#1
Redskinsdb21
Posted 03 January 2012 - 09:36 AM

Redskinsdb21

    Member

  • Member
  • PipPip
  • 30 posts
Hey, some reason I couldnt get the site to let me start a new topic...unless i made a short topic title...below in my next post states my problem, please hlelp.

Edited by Redskinsdb21, 03 January 2012 - 09:39 AM.

  • 0

Advertisements

#2
Redskinsdb21
Posted 03 January 2012 - 09:40 AM

Redskinsdb21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello Ladies and Gentleman:

I have been having some major computer issues. I think it started with windows xp 2012 antivirus. My problems first started one day when I would try to run a program or explorer and I would get a pop up saying your computer is infected, please run windows xp 2012 antivirus, then if you did, then click on results they tried to sale it to you saying it found lots of infections. Then, I was able to run MBAM, it found 11 infections, so I deleted and xp 2012 antivirus popup didnt come up after this. Now I have different problems. My browser gets hijacked often and computer is very slow at time. I suspect this may be malware/spyware. Looking at processes running on my computer, I suspect ping.exe and jgs.exe as suspicious programs running on my computer processes (but Im no expert). I am using windows 7 by the way. At this point this is all I know, I have run OTL, here are the results:
  • 0

#3
Redskinsdb21
Posted 03 January 2012 - 09:43 AM

Redskinsdb21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Attached is my OTL.txt

OTL logfile created on: 1/3/2012 9:50:37 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\i65659\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 64.86% Memory free
5.08 Gb Paging File | 4.10 Gb Available in Paging File | 80.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 196.10 Gb Free Space | 84.20% Space Free | Partition Type: NTFS
Drive G: | 91.97 Gb Total Space | 0.60 Gb Free Space | 0.65% Space Free | Partition Type: NTFS
Drive H: | 91.97 Gb Total Space | 0.60 Gb Free Space | 0.65% Space Free | Partition Type: NTFS
Drive P: | 91.97 Gb Total Space | 0.60 Gb Free Space | 0.65% Space Free | Partition Type: NTFS
Drive S: | 91.97 Gb Total Space | 0.60 Gb Free Space | 0.65% Space Free | Partition Type: NTFS

Computer Name: WVAL-MMITCHELL | User Name: i65659 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/03 09:47:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\i65659\Desktop\OTL.exe
PRC - [2011/07/12 11:14:40 | 000,988,520 | ---- | M] (Fiberlink Communications Corp.) -- C:\Program Files\MaaS360\MaaS360 Mobile Service\ServiceMgr.exe
PRC - [2011/07/12 11:14:16 | 000,124,264 | ---- | M] (Fiberlink Communications Corp.) -- C:\Program Files\MaaS360\MaaS360 Mobile Service\FLUtilsSvc.exe
PRC - [2011/07/12 11:14:10 | 000,443,752 | ---- | M] (Fiberlink Communications Corp.) -- C:\Program Files\MaaS360\MaaS360 Mobile Service\e360SysTray.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/22 22:04:06 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2011/03/22 22:04:06 | 000,536,668 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2011/03/22 22:04:06 | 000,266,322 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2011/02/17 21:34:26 | 000,378,216 | ---- | M] (Fiberlink Communications Corp.) -- C:\Program Files\MaaS360\MaaS360 Visibility Service\EMSAgent.exe
PRC - [2010/11/17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/09/27 16:42:18 | 004,180,576 | ---- | M] (SafeNet Inc.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2010/08/13 16:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\WINDOWS\system32\SDIOAssist.exe
PRC - [2010/04/07 12:49:00 | 002,093,322 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\Proventia Desktop\blackd.exe
PRC - [2010/04/07 12:49:00 | 001,274,122 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\Proventia Desktop\RapApp.exe
PRC - [2010/04/07 12:49:00 | 000,405,770 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\Proventia Desktop\vpatch.exe
PRC - [2010/02/10 16:50:50 | 000,072,296 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\drivers\o2flash.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/31 14:21:06 | 001,246,536 | ---- | M] (Famatech International Corp.) -- C:\WINDOWS\system32\rserver30\rserver3.exe
PRC - [2007/10/31 14:20:52 | 000,099,720 | ---- | M] (Famatech International Corp.) -- C:\WINDOWS\system32\rserver30\FamItrfc.Exe
PRC - [2007/10/07 19:48:40 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/10/07 19:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/07/26 18:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/05/29 15:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 15:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 15:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/10 09:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2004/01/09 03:56:44 | 000,057,393 | ---- | M] (IBM Corp) -- C:\lotus\notes\ntmulti.exe
PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\srvany.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/08/18 12:17:02 | 000,009,728 | ---- | M] () -- C:\Program Files\MaaS360\MaaS360 Visibility Service\bitlib.dll
MOD - [2011/08/18 12:16:56 | 000,131,072 | ---- | M] () -- C:\Program Files\MaaS360\MaaS360 Visibility Service\luaUtils.dll
MOD - [2011/07/12 11:14:54 | 000,054,632 | ---- | M] () -- C:\Program Files\MaaS360\MaaS360 Mobile Service\zlib.dll
MOD - [2011/07/12 10:46:18 | 000,782,336 | ---- | M] () -- C:\Program Files\MaaS360\MaaS360 Mobile Service\wlan.dll
MOD - [2011/07/12 10:07:12 | 000,995,328 | ---- | M] () -- C:\Program Files\MaaS360\MaaS360 Mobile Service\VDK_VC.dll
MOD - [2011/02/17 21:34:24 | 000,054,632 | ---- | M] () -- C:\Program Files\MaaS360\MaaS360 Visibility Service\fibzlib.dll
MOD - [2010/04/07 12:48:56 | 000,745,984 | ---- | M] () -- C:\Program Files\ISS\Proventia Desktop\libxml2.dll
MOD - [2010/04/07 12:48:56 | 000,147,968 | ---- | M] () -- C:\Program Files\ISS\Proventia Desktop\libxslt.dll
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2006/11/10 09:46:36 | 000,197,680 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2006/05/13 22:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\srvany.exe
MOD - [1998/08/18 08:30:24 | 000,017,408 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\PHCFILESAVER.OCX


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (BESClient)
SRV - [2011/09/29 06:26:41 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/12 11:14:40 | 000,988,520 | ---- | M] (Fiberlink Communications Corp.) [Unknown | Running] -- C:\Program Files\MaaS360\MaaS360 Mobile Service\ServiceMgr.exe -- (ServiceMgr)
SRV - [2011/07/12 11:14:16 | 000,124,264 | ---- | M] (Fiberlink Communications Corp.) [Unknown | Running] -- C:\Program Files\MaaS360\MaaS360 Mobile Service\FLUtilsSvc.exe -- (FLUtilsSvc)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/22 22:04:06 | 000,266,322 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011/02/17 21:34:26 | 000,378,216 | ---- | M] (Fiberlink Communications Corp.) [Unknown | Running] -- C:\Program Files\MaaS360\MaaS360 Visibility Service\EMSAgent.exe -- (EMSAgent)
SRV - [2010/09/27 16:42:18 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2010/04/07 12:49:00 | 002,093,322 | ---- | M] (Internet Security Systems, Inc.) [Auto | Running] -- C:\Program Files\ISS\Proventia Desktop\blackd.exe -- (BlackICE)
SRV - [2010/04/07 12:49:00 | 001,274,122 | ---- | M] (Internet Security Systems, Inc.) [Auto | Running] -- C:\Program Files\ISS\Proventia Desktop\RapApp.exe -- (RapApp)
SRV - [2010/04/07 12:49:00 | 000,405,770 | ---- | M] (Internet Security Systems, Inc.) [Auto | Running] -- C:\Program Files\ISS\Proventia Desktop\vpatch.exe -- (VPatch)
SRV - [2010/02/10 16:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/10/31 14:21:06 | 001,246,536 | ---- | M] (Famatech International Corp.) [Auto | Running] -- C:\WINDOWS\System32\rserver30\RServer3.exe -- (RServer3)
SRV - [2007/10/07 19:48:36 | 000,116,664 | ---- | M] (symantec) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/10/07 19:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/10/07 19:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/08/28 18:04:25 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/27 16:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/07/26 18:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/05/29 15:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 15:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/11/10 09:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004/01/09 03:56:44 | 000,057,393 | ---- | M] (IBM Corp) [Auto | Running] -- C:\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (O2SDIOAssist)


========== Driver Services (SafeList) ==========

DRV - [2012/01/03 08:52:56 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5DCD600-94FE-49F2-9AA8-8F4E05E25956}\MpKslaed3b494.sys -- (MpKslaed3b494)
DRV - [2012/01/02 19:53:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5DCD600-94FE-49F2-9AA8-8F4E05E25956}\MpKsl44a417d4.sys -- (MpKsl44a417d4)
DRV - [2012/01/02 07:56:17 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5DCD600-94FE-49F2-9AA8-8F4E05E25956}\MpKsl449065d3.sys -- (MpKsl449065d3)
DRV - [2012/01/01 19:40:33 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5DCD600-94FE-49F2-9AA8-8F4E05E25956}\MpKsla668e273.sys -- (MpKsla668e273)
DRV - [2012/01/01 15:30:54 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5DCD600-94FE-49F2-9AA8-8F4E05E25956}\MpKsl8bcad106.sys -- (MpKsl8bcad106)
DRV - [2011/12/09 13:58:14 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/09 13:58:14 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/17 07:49:54 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2011/07/29 08:45:46 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111220.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/07/29 08:45:43 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111220.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/12 10:08:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\MaaS360\MaaS360 Mobile Service\FIBWLANAPI5.sys -- (FIBWLANAPI5)
DRV - [2011/07/12 10:07:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2011/03/23 12:51:56 | 000,063,976 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sdjxp.sys -- (O2SDJRDR)
DRV - [2011/03/22 22:04:16 | 003,360,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011/03/22 22:04:14 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress) Intel®
DRV - [2011/03/22 22:04:12 | 000,053,800 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\d554scard.sys -- (d554scard)
DRV - [2011/03/22 22:04:12 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2011/03/22 22:04:06 | 001,660,451 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2011/03/22 22:04:04 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2011/02/07 09:53:06 | 000,118,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/01/04 01:58:42 | 000,061,728 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdrxp.sys -- (O2MDRRDR)
DRV - [2010/11/19 09:34:14 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/11/19 09:34:12 | 000,062,208 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/09/27 16:42:24 | 000,356,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2010/09/27 16:42:16 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2010/09/27 16:42:14 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2010/09/27 16:42:14 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2010/09/27 16:42:12 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2010/04/07 12:49:00 | 000,050,163 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RapDrv.sys -- (rap)
DRV - [2010/04/07 12:48:58 | 000,205,938 | ---- | M] (Internet Security Systems, Inc.) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\Blackcat.sys -- (black)
DRV - [2010/04/07 12:48:58 | 000,080,512 | ---- | M] (Internet Security Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\isskboep.sys -- (MakoNT)
DRV - [2008/08/26 11:05:30 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/11/21 06:28:36 | 000,105,984 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2007/10/31 14:30:50 | 000,045,976 | ---- | M] (Famatech International Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\rserver30\raddrvv3.sys -- (raddrvv3)
DRV - [2007/08/27 16:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/07/26 18:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/01/10 09:33:17 | 000,003,840 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/11/10 09:44:52 | 000,305,788 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2006/11/01 04:01:56 | 000,003,328 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rminiv3.sys -- (mirrorv3)
DRV - [2006/10/02 16:45:40 | 000,126,864 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/05/17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/01/26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://phcweb/intranet/home.asp
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Heleni Uploader] C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrintNShareProxyUI.exe File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_27.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: /// ([]e360zip in My Computer)
O16 - DPF: {570DC905-36A7-11D2-86B9-00A02487E988} http://phcweb/intran...HCFileSaver.CAB (PHCFileSaver.FileSave)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1310649099468 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.120.3.44 10.120.3.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PatriotCoal.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41905ED5-BBED-4E3E-8480-8BAE39C0945D}: DhcpNameServer = 10.120.3.44 10.120.3.41
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\i65659\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\i65659\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/28 13:44:11 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/08/26 09:38:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2a01a3c3-19e5-11e1-9d6e-3859f98db9d6}\Shell - "" = AutoRun
O33 - MountPoints2\{2a01a3c3-19e5-11e1-9d6e-3859f98db9d6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a01a3c3-19e5-11e1-9d6e-3859f98db9d6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/03 09:47:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\i65659\Desktop\OTL.exe
[2011/12/26 19:57:05 | 000,000,000 | ---D | C] -- C:\fe723fdf0a51333bc6dbfff43bfebb
[2011/12/26 18:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\i65659\Application Data\Malwarebytes
[2011/12/26 18:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/26 18:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/26 18:16:16 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/26 18:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/26 18:14:32 | 001,190,816 | ---- | C] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\i65659\Desktop\DriverDetective.exe
[2011/12/25 22:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/25 16:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/25 16:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/25 00:45:06 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\i65659\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/24 22:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/21 13:31:27 | 000,110,592 | R--- | C] (Hewlett Packard) -- C:\WINDOWS\System32\hptcpmon.dll
[2011/12/21 13:31:27 | 000,098,304 | R--- | C] (Hewlett Packard Company) -- C:\WINDOWS\System32\hpzjsn01.dll
[2011/12/21 13:31:27 | 000,073,728 | R--- | C] (Hewlett Packard) -- C:\WINDOWS\System32\hptcpmib.dll
[2011/12/21 13:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\i65659\Start Menu\Programs\HP Designjet 4000 series
[2011/12/21 13:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\i65659\Start Menu\Programs\Hewlett-Packard
[2011/12/21 13:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/12/21 10:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\i65659\Application Data\HP
[2011/12/05 22:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/12/05 22:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/03 09:47:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\i65659\Desktop\OTL.exe
[2012/01/03 09:47:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/03 09:29:38 | 000,000,459 | ---- | M] () -- C:\Documents and Settings\i65659\Desktop\Shortcut to Engineering on spefp1.lnk
[2012/01/03 08:57:57 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/03 08:55:50 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2012/01/03 08:55:47 | 000,142,437 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/01/03 08:55:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/03 08:52:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/02 10:08:20 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\i65659\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/02 09:56:27 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\i65659\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/26 19:44:03 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/26 18:16:20 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/26 18:14:40 | 001,190,816 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\i65659\Desktop\DriverDetective.exe
[2011/12/26 16:11:36 | 000,014,840 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\et48moqk5ux1714vm7423dy5le1nx3u1
[2011/12/26 16:11:35 | 000,014,840 | -HS- | M] () -- C:\Documents and Settings\i65659\Local Settings\Application Data\et48moqk5ux1714vm7423dy5le1nx3u1
[2011/12/25 16:42:47 | 000,005,696 | -HS- | M] () -- C:\Documents and Settings\i65659\Local Settings\Application Data\ab68emea3ri1207sl0757hp6tg0im4c5
[2011/12/25 16:42:47 | 000,005,696 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ab68emea3ri1207sl0757hp6tg0im4c5
[2011/12/25 15:08:48 | 000,017,656 | -HS- | M] () -- C:\Documents and Settings\i65659\Local Settings\Application Data\8vxr7pna88m48aw4w8xves
[2011/12/25 15:08:48 | 000,017,656 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8vxr7pna88m48aw4w8xves
[2011/12/25 00:45:43 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\i65659\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/24 15:15:20 | 000,142,437 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/12/22 21:55:31 | 000,255,132 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/12/22 21:55:31 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/21 15:25:10 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\wininet_dll.iss
[2011/12/21 15:25:09 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\urlmon_dll.iss
[2011/12/21 15:25:09 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\url_dll.iss
[2011/12/21 15:25:09 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\ole32_dll.iss
[2011/12/21 15:22:43 | 000,346,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/21 13:31:28 | 000,000,131 | ---- | M] () -- C:\WINDOWS\System32\AddPort.ini
[2011/12/21 13:31:15 | 000,000,998 | ---- | M] () -- C:\Documents and Settings\i65659\Desktop\HP Printer Access Tool.lnk
[2011/12/21 13:22:32 | 000,000,232 | ---- | M] () -- C:\WINDOWS\hpdj4000.his
[2011/12/21 13:22:32 | 000,000,056 | ---- | M] () -- C:\WINDOWS\hpdj4000.ini
[2011/12/21 11:03:23 | 000,436,312 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/21 11:03:23 | 000,069,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/21 10:46:08 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\i65659\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/12/21 10:15:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/15 08:12:06 | 000,010,734 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/12/11 21:17:42 | 000,255,132 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/12/08 22:14:01 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\i65659\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/02 09:56:27 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\i65659\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/02 07:59:17 | 000,481,620 | ---- | C] () -- C:\backup.exe
[2011/12/26 19:48:31 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/26 19:43:17 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/26 18:16:20 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/25 19:05:16 | 000,014,840 | -HS- | C] () -- C:\Documents and Settings\i65659\Local Settings\Application Data\et48moqk5ux1714vm7423dy5le1nx3u1
[2011/12/25 19:05:16 | 000,014,840 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\et48moqk5ux1714vm7423dy5le1nx3u1
[2011/12/25 16:41:51 | 000,005,696 | -HS- | C] () -- C:\Documents and Settings\i65659\Local Settings\Application Data\ab68emea3ri1207sl0757hp6tg0im4c5
[2011/12/25 16:41:51 | 000,005,696 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ab68emea3ri1207sl0757hp6tg0im4c5
[2011/12/24 22:51:12 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/12/24 15:57:23 | 000,017,656 | -HS- | C] () -- C:\Documents and Settings\i65659\Local Settings\Application Data\8vxr7pna88m48aw4w8xves
[2011/12/24 15:57:23 | 000,017,656 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8vxr7pna88m48aw4w8xves
[2011/12/21 13:31:28 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2011/12/21 13:31:28 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/12/21 13:31:15 | 000,000,998 | ---- | C] () -- C:\Documents and Settings\i65659\Desktop\HP Printer Access Tool.lnk
[2011/12/21 10:54:26 | 000,000,232 | ---- | C] () -- C:\WINDOWS\hpdj4000.his
[2011/12/21 10:54:26 | 000,000,056 | ---- | C] () -- C:\WINDOWS\hpdj4000.ini
[2011/10/29 11:32:55 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\i65659\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/03 11:12:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/29 07:21:37 | 000,601,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/29 07:07:03 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_mod_fts3.dll
[2011/09/29 07:07:03 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_mod_rtree.dll
[2011/09/29 07:07:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_mod_extfunc.dll
[2011/09/29 07:07:03 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_mod_impexp.dll
[2011/09/29 07:04:14 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ixfLib.dll
[2011/09/29 07:04:14 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\GCL52FW.DLL
[2011/09/29 07:04:14 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\libgtxclient.dll
[2011/07/14 06:37:39 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\instsrv.exe
[2011/07/14 06:37:39 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2011/07/13 11:59:11 | 000,142,437 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/07/13 07:32:31 | 000,255,132 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/13 07:32:31 | 000,255,132 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/13 07:32:31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/13 04:36:37 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2011/03/22 22:04:22 | 002,285,234 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/09/03 11:09:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/26 11:46:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/08/26 11:25:46 | 000,000,281 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/08/26 11:24:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/08/26 11:24:42 | 000,436,312 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/08/26 11:24:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/08/26 11:24:42 | 000,069,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/08/26 11:24:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/08/26 11:24:42 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/08/26 11:24:40 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/08/26 11:24:38 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/08/26 11:24:30 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/08/26 11:24:29 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/08/26 11:24:18 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/08/26 11:24:01 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/08/26 11:23:51 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys
[2008/08/26 10:53:49 | 000,001,000 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/26 09:41:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/26 09:35:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/26 04:31:58 | 000,004,675 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/26 04:31:02 | 000,346,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/10 09:46:36 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/11/10 09:46:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/09/29 07:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/09/28 13:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigFix
[2011/09/29 07:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carlson Software
[2011/10/10 07:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/09/28 13:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MaaS360
[2011/09/28 13:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RSA
[2011/09/29 07:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2011/09/28 13:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2008/08/26 10:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/09/29 07:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\i65659\Application Data\Autodesk
[2011/09/29 07:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\i65659\Application Data\Carlson Software
[2011/11/17 15:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\i65659\Application Data\ICAClient
[2011/10/05 09:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\i65659\Application Data\Xerox
[2012/01/03 08:57:57 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   82.06KB   91 downloads

  • 0

#4
Redskinsdb21
Posted 03 January 2012 - 09:51 AM

Redskinsdb21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I started another thread for this topic, tried to delete this one and didnt know how, pleases delete if you know how. COmputer problems is reason I ended up with two threads for same topic..sorry for any inconvenience.
  • 0

#5
Crag_Hack
Posted 03 January 2012 - 03:34 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way.

Please do not attach logs in the future as they are tougher to read that way. Please instead copy the contents of the OTL log and post in this thread. Once you do that I will analyze your log and get back to you. Good luck! :)
  • 0

#6
Redskinsdb21
Posted 04 January 2012 - 09:56 AM

Redskinsdb21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Josh,

The reason I attached before is b/c everytime I tried to post it in the thread like you ask for explorer would get hijacked...sorry but its uncontrollable. I just tried again and got same results.
  • 0

#7
Crag_Hack
Posted 04 January 2012 - 06:23 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
No worries a G2G staff member helped us with that ... I just finished analyzing your OTL log and will have a fix for you soon. Your infection look pretty basic so we shouldn't have to spend too much time fixing it.
  • 0

#8
Crag_Hack
Posted 05 January 2012 - 05:03 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hello Redskinsdb21. I finished analyzing your OTL log file. We will now run an OTL fix that I created using the OTL log file contents to remove some of the malware on your computer. Please do the following:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

MOD - [1998/08/18 08:30:24 | 000,017,408 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\PHCFILESAVER.OCX
[2011/12/26 16:11:36 | 000,014,840 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\et48moqk5ux1714vm7423dy5le1nx3u1
[2011/12/26 16:11:35 | 000,014,840 | -HS- | M] () -- C:\Documents and Settings\i65659\Local Settings\Application Data\et48moqk5ux1714vm7423dy5le1nx3u1
[2011/12/25 16:42:47 | 000,005,696 | -HS- | M] () -- C:\Documents and Settings\i65659\Local Settings\Application Data\ab68emea3ri1207sl0757hp6tg0im4c5
[2011/12/25 16:42:47 | 000,005,696 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ab68emea3ri1207sl0757hp6tg0im4c5
[2011/12/25 15:08:48 | 000,017,656 | -HS- | M] () -- C:\Documents and Settings\i65659\Local Settings\Application Data\8vxr7pna88m48aw4w8xves
[2011/12/25 15:08:48 | 000,017,656 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8vxr7pna88m48aw4w8xves
[2012/01/02 07:59:17 | 000,481,620 | ---- | C] () -- C:\backup.exe
[2011/12/25 19:05:16 | 000,014,840 | -HS- | C] () -- C:\Documents and Settings\i65659\Local Settings\Application Data\et48moqk5ux1714vm7423dy5le1nx3u1
[2011/12/25 19:05:16 | 000,014,840 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\et48moqk5ux1714vm7423dy5le1nx3u1
[2011/12/25 16:41:51 | 000,005,696 | -HS- | C] () -- C:\Documents and Settings\i65659\Local Settings\Application Data\ab68emea3ri1207sl0757hp6tg0im4c5
[2011/12/25 16:41:51 | 000,005,696 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ab68emea3ri1207sl0757hp6tg0im4c5
[2011/12/24 15:57:23 | 000,017,656 | -HS- | C] () -- C:\Documents and Settings\i65659\Local Settings\Application Data\8vxr7pna88m48aw4w8xves
[2011/12/24 15:57:23 | 000,017,656 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8vxr7pna88m48aw4w8xves
[2011/09/29 07:04:14 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ixfLib.dll
[2011/09/29 07:04:14 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\GCL52FW.DLL
[2011/09/29 07:04:14 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\libgtxclient.dll

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Then post the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
  • Open OTL again and click the Quick Scan button. Post the log it produces as in your next reply as well.

Please also post the extras.txt file from your desktop in your next reply.

We will now run a utility to check for a nasty infection that is quite prevalent these days. Please follow these instructions:

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer no
    Posted Image
  • Click the Scan button to start scan
    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Now for our final utility - Combofix. This will remove a rootkit on your system.

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus (both Norton and Microsoft Security Essentials) and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

If all goes well this will finalize the initial disinfection procedure and we can proceed to final disinfection. Double smiles! :) :)

Also please note multiple antiviruses are less effective than just one - we will be removing one of yours at a later point unless you object. Don't do it yet though - we should wait until the disinfection is complete.
  • 0

#9
Redskinsdb21
Posted 09 January 2012 - 10:40 AM

Redskinsdb21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here is the post produced after copying, pasteing the OTL FIX Code...and runnung the "Run Fix" routine!!!


All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Application Data\et48moqk5ux1714vm7423dy5le1nx3u1 moved successfully.
C:\Documents and Settings\i65659\Local Settings\Application Data\et48moqk5ux1714vm7423dy5le1nx3u1 moved successfully.
C:\Documents and Settings\i65659\Local Settings\Application Data\ab68emea3ri1207sl0757hp6tg0im4c5 moved successfully.
C:\Documents and Settings\All Users\Application Data\ab68emea3ri1207sl0757hp6tg0im4c5 moved successfully.
C:\Documents and Settings\i65659\Local Settings\Application Data\8vxr7pna88m48aw4w8xves moved successfully.
C:\Documents and Settings\All Users\Application Data\8vxr7pna88m48aw4w8xves moved successfully.
C:\backup.exe moved successfully.
File C:\Documents and Settings\i65659\Local Settings\Application Data\et48moqk5ux1714vm7423dy5le1nx3u1 not found.
File C:\Documents and Settings\All Users\Application Data\et48moqk5ux1714vm7423dy5le1nx3u1 not found.
File C:\Documents and Settings\i65659\Local Settings\Application Data\ab68emea3ri1207sl0757hp6tg0im4c5 not found.
File C:\Documents and Settings\All Users\Application Data\ab68emea3ri1207sl0757hp6tg0im4c5 not found.
File C:\Documents and Settings\i65659\Local Settings\Application Data\8vxr7pna88m48aw4w8xves not found.
File C:\Documents and Settings\All Users\Application Data\8vxr7pna88m48aw4w8xves not found.
C:\WINDOWS\system32\ixfLib.dll moved successfully.
C:\WINDOWS\system32\GCL52FW.DLL moved successfully.
C:\WINDOWS\system32\libgtxclient.dll moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 130025887 bytes
->Temporary Internet Files folder emptied: 4094730 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: i65659
->Temp folder emptied: 1435597483 bytes
->Temporary Internet Files folder emptied: 40733401 bytes
->Java cache emptied: 678760 bytes
->Flash cache emptied: 646 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32983 bytes

User: NetworkService
->Temp folder emptied: 194166 bytes
->Temporary Internet Files folder emptied: 89969543 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 61008 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 101489 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 339643998 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 16504432 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 177080703 bytes

Total Files Cleaned = 2,131.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 01092012_110006

Files\Folders moved on Reboot...
C:\Documents and Settings\i65659\Local Settings\Temp\03CWQTT9.emf moved successfully.
File\Folder C:\Documents and Settings\i65659\Local Settings\Temp\~DF1A01.tmp not found!
File\Folder C:\Documents and Settings\i65659\Local Settings\Temp\~DF1AAC.tmp not found!
File\Folder C:\Documents and Settings\i65659\Local Settings\Temp\~DF24E1.tmp not found!
File\Folder C:\Documents and Settings\i65659\Local Settings\Temp\~DF2529.tmp not found!
File\Folder C:\Documents and Settings\i65659\Local Settings\Temp\~DF2672.tmp not found!
File\Folder C:\Documents and Settings\i65659\Local Settings\Temp\~DF26C3.tmp not found!
C:\Documents and Settings\i65659\Local Settings\Temporary Internet Files\Content.IE5\TYALXDIU\ads[6].htm moved successfully.
C:\Documents and Settings\i65659\Local Settings\Temporary Internet Files\Content.IE5\RK5544TO\ads[3].htm moved successfully.
C:\Documents and Settings\i65659\Local Settings\Temporary Internet Files\Content.IE5\RK5544TO\fastbutton[1].htm moved successfully.
File\Folder C:\Documents and Settings\i65659\Local Settings\Temporary Internet Files\Content.IE5\R94KJU8P\262279_236617673019632_100000142037983_1153480_7247450_n[1].jpg not found!
C:\Documents and Settings\i65659\Local Settings\Temporary Internet Files\Content.IE5\K312HZQG\ads[4].htm moved successfully.
C:\Documents and Settings\i65659\Local Settings\Temporary Internet Files\Content.IE5\E6Z9I428\312385-vware[1].htm moved successfully.
C:\Documents and Settings\i65659\Local Settings\Temporary Internet Files\Content.IE5\E6Z9I428\ads[5].htm moved successfully.
File\Folder C:\Documents and Settings\i65659\Local Settings\Temporary Internet Files\Content.IE5\E6H6MCJ4\KinectDisney_sm[1].jpg not found!
C:\Documents and Settings\i65659\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T0ZC76HT\viewChannelModule[2].act not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOCWKILC\marketmovers-307228-12-26-2011[1].mp4 not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOCWKILC\show[1].js not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AHE9UZ34\1122681643[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\26T7TZ1A\1229[1].js not found!
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_510.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_c70.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#10
Redskinsdb21
Posted 09 January 2012 - 12:16 PM

Redskinsdb21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I have now ran OTL again, attached is the log produced ( I cant copy and paste the log, not sure why but everytime I try it resets my browser) :

Attached Files

  • Attached File  OTL.Txt   76.54KB   117 downloads

  • 0

#11
Redskinsdb21
Posted 09 January 2012 - 12:23 PM

Redskinsdb21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
When I ran OTL again, it appears the extras.txt on my desktop didnt change from my previous run, the results of it are :

OTL Extras logfile created on: 1/3/2012 9:50:37 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\i65659\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 64.86% Memory free
5.08 Gb Paging File | 4.10 Gb Available in Paging File | 80.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 196.10 Gb Free Space | 84.20% Space Free | Partition Type: NTFS
Drive G: | 91.97 Gb Total Space | 0.60 Gb Free Space | 0.65% Space Free | Partition Type: NTFS
Drive H: | 91.97 Gb Total Space | 0.60 Gb Free Space | 0.65% Space Free | Partition Type: NTFS
Drive P: | 91.97 Gb Total Space | 0.60 Gb Free Space | 0.65% Space Free | Partition Type: NTFS
Drive S: | 91.97 Gb Total Space | 0.60 Gb Free Space | 0.65% Space Free | Partition Type: NTFS

Computer Name: WVAL-MMITCHELL | User Name: i65659 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\rserver30\rserver3.exe" = C:\WINDOWS\system32\rserver30\rserver3.exe:*:Enabled:Radmin Server 3 -- (Famatech International Corp.)
"C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0631270C-6E37-4418-A58D-A5CBA45BA1EC}" = VnetPC PRO
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{176130BC-99A1-41FE-A78B-56045E33AD70}" = Cisco Systems VPN Client 4.8.02.0010
"{1842BDD3-1D79-4D39-9287-2D7E0793F7D7}" = 60CulverAgentUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}" = Symantec AntiVirus
"{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}" = HP Deskjet 1050 J410 series Basic Device Software
"{24C4AC5A-67A4-4E1D-B30C-8C7A01712607}" = RSA SecurID Software Token
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{492D6A69-BE0D-4F71-939D-A11470A207D0}" = MaaS360 Visibility Service
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA7C442-2AC2-45A9-BCD1-FF534621AAB2}" = MaaS360 Software Uninstall Utility
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5783F2D7-9002-0409-0002-0060B0CE6BBA}" = AutoCAD Map 3D 2011
"{5783F2D7-9002-0409-1002-0060B0CE6BBA}" = AutoCAD Map 3D 2011 Language Pack - English
"{5B5B3D92-A765-4AD5-9752-30BA2C71C314}" = Lotus Notes 6.5.1
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{6A347502-BE3B-4061-81A5-AF7CDBEBE356}" = Patriot Coal Host On Demand
"{6BF1780B-36EA-432B-9451-DD84FF5C9D52}" = Radmin Server 3.1
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{93C6E5F6-DD2F-4984-97BC-3AD0A67977C7}" = HP Designjet 4000 series
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.19.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCA4424F-825A-4F5D-834C-FFA0EC379655}" = ISPI Tools 1.07.0004
"{BF7023BC-319B-4FE1-B569-C854A19F81F8}" = Extend360 Enforcement Agent
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E8DDBFBC-6C65-4CEE-A4D7-CD6781E94BCC}" = ScrewDrivers Client v4
"{E99DF851-4B0B-4B64-B1BF-5B071FE801CD}" = MaaS360 Mobile Service
"{ED824086-979E-45CE-9D33-BBEAB19D751C}" = Carlson 2011 with AutoCAD 2011
"{FECA38DD-AE57-4797-8DEB-9B4A036A893E}" = ISPI Tools 1.07.0002
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Analysis of Retreat Mining Pillar Stability 2010" = Analysis of Retreat Mining Pillar Stability 2010
"AutoCAD Map 3D 2011" = AutoCAD Map 3D 2011
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Corpscon" = Corpscon 6.0.1
"Ground Control Toolbar 1.0" = Ground Control Toolbar 1.0
"HydroCAD" = HydroCAD
"ie8" = Windows Internet Explorer 8
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"SQLite ODBC Driver" = SQLite ODBC Driver (remove only)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/2/2012 5:03:47 PM | Computer Name = WVAL-MMITCHELL | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 1/2/2012 9:53:29 PM | Computer Name = WVAL-MMITCHELL | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/2/2012 9:53:31 PM | Computer Name = WVAL-MMITCHELL | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/2/2012 9:53:39 PM | Computer Name = WVAL-MMITCHELL | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/2/2012 10:03:13 PM | Computer Name = WVAL-MMITCHELL | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 1/3/2012 10:55:12 AM | Computer Name = WVAL-MMITCHELL | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 1/3/2012 10:55:32 AM | Computer Name = WVAL-MMITCHELL | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 1/3/2012 11:03:02 AM | Computer Name = WVAL-MMITCHELL | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 1/3/2012 11:42:19 AM | Computer Name = WVAL-MMITCHELL | Source = Application Hang | ID = 1002
Description = Hanging application acad.exe, version 24.1.49.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/3/2012 11:49:03 AM | Computer Name = WVAL-MMITCHELL | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/3/2012 11:43:19 AM | Computer Name = WVAL-MMITCHELL | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/3/2012 11:43:53 AM | Computer Name = WVAL-MMITCHELL | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/3/2012 11:44:35 AM | Computer Name = WVAL-MMITCHELL | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/3/2012 11:48:27 AM | Computer Name = WVAL-MMITCHELL | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/3/2012 11:49:58 AM | Computer Name = WVAL-MMITCHELL | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/3/2012 11:51:28 AM | Computer Name = WVAL-MMITCHELL | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/3/2012 11:52:59 AM | Computer Name = WVAL-MMITCHELL | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/3/2012 11:54:09 AM | Computer Name = WVAL-MMITCHELL | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/3/2012 11:55:40 AM | Computer Name = WVAL-MMITCHELL | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/3/2012 11:57:52 AM | Computer Name = WVAL-MMITCHELL | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >
  • 0

#12
Redskinsdb21
Posted 09 January 2012 - 12:55 PM

Redskinsdb21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here are the log results for my aswMBR.exe scan:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-09 13:27:59
-----------------------------
13:27:59.937 OS Version: Windows 5.1.2600 Service Pack 3
13:27:59.937 Number of processors: 4 586 0x2A07
13:27:59.937 ComputerName: WVAL-MMITCHELL UserName: i65659
13:28:04.093 Initialize success
13:37:48.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:37:48.468 Disk 0 Vendor: ST925041 D005 Size: 238475MB BusType: 3
13:37:48.500 Disk 0 MBR read successfully
13:37:48.500 Disk 0 MBR scan
13:37:48.500 Disk 0 Windows VISTA default MBR code
13:37:48.515 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
13:37:48.515 Disk 0 scanning sectors +488395120
13:37:48.625 Disk 0 scanning C:\WINDOWS\system32\drivers
13:37:55.171 Service scanning
13:37:55.500 Service MpKsl75e50db1 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CF3639F-D64A-4158-B59C-1D21F9460FB6}\MpKsl75e50db1.sys **LOCKED** 32
13:37:56.093 Modules scanning
13:37:59.343 Module: C:\WINDOWS\System32\drivers\afd.sys **SUSPICIOUS**
13:38:02.546 Disk 0 trace - called modules:
13:38:02.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89c7ff10]<<
13:38:02.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b1216c0]
13:38:02.812 3 CLASSPNP.SYS[b8168fd7] -> nt!IofCallDriver -> [0x8a2f9aa8]
13:38:02.812 \Driver\00001865[0x8a57c410] -> IRP_MJ_CREATE -> 0x89c7ff10
13:38:02.812 Scan finished successfully
13:38:29.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\i65659\Desktop\MBR.dat"
13:38:29.875 The log file has been saved successfully to "C:\Documents and Settings\i65659\Desktop\aswMBR.txt"
  • 0

#13
Crag_Hack
Posted 09 January 2012 - 03:49 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Everything looks good so far. Combofix should fix the main infection. Woohoo!
  • 0

#14
Crag_Hack
Posted 09 January 2012 - 05:46 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
If you are having trouble running Combofix there is another utility we can run - the instructions are actually simpler to follow as well. Please let me know if this is the case.
  • 0

#15
Essexboy
Posted 14 January 2012 - 03:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP