Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Password Virus [Closed]

Started by gasmanuk , Feb 28 2012 12:54 PM

  • This topic is locked This topic is locked

#1
gasmanuk
Posted 28 February 2012 - 12:54 PM

gasmanuk

    Member

  • Member
  • PipPip
  • 42 posts
Hi guys I have some virus/trojan on my netbook, I have no idea how it got there but it is infrcting e-mails etc. I have ran malware bytes with no results and AVG reports "trojan horse PSW.agent.asjx" 26 times but will not heal or delete files.

Thanks

OTL logfile created on: 28/02/2012 18:38:55 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Chery\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.23 Mb Total Physical Memory | 238.90 Mb Available Physical Memory | 23.58% Memory free
2.38 Gb Paging File | 1.64 Gb Available in Paging File | 68.71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.86 Gb Total Space | 95.77 Gb Free Space | 87.98% Space Free | Partition Type: NTFS

Computer Name: YOUR-F23DF9768C | User Name: Chery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/28 18:37:10 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chery\Desktop\OTL.exe
PRC - [2012/02/19 19:13:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2008/08/07 22:57:46 | 000,684,032 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008/08/01 00:39:22 | 000,340,176 | ---- | M] (The TechGuys) -- C:\Program Files\The TechGuys\Launch\Launch.exe
PRC - [2008/06/10 00:26:52 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 22:29:24 | 002,572,288 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2008/02/22 17:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/01/23 03:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/01/09 17:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/10/29 21:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/10/05 01:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/09/28 23:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/08/23 18:55:06 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 11:31:02 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/20 11:11:13 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/20 11:06:53 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
MOD - [2012/02/20 11:06:42 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
MOD - [2012/02/20 11:05:02 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
MOD - [2012/02/20 11:03:45 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
MOD - [2012/02/20 11:03:10 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/19 19:13:31 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/11 11:53:08 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Chery\Application Data\Mozilla\Firefox\Profiles\93qzi415.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko10.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/16 12:00:56 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010/09/18 12:02:57 | 005,969,360 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2008/08/01 00:43:18 | 000,021,200 | ---- | M] () -- C:\Program Files\The TechGuys\Launch\MVVMFramework.DLL
MOD - [2008/07/18 20:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll
MOD - [2008/06/10 00:26:52 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
MOD - [2008/02/22 06:43:10 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2005/07/23 04:30:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2008/06/10 00:26:52 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2007/09/28 23:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2008/07/10 09:33:40 | 000,306,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se)
DRV - [2008/05/08 02:21:40 | 004,739,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/27 22:56:46 | 000,153,600 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/02/15 22:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/01/31 22:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/01/23 03:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008/01/04 05:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/29 16:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/10/18 21:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/10/02 18:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2006/10/11 02:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/01/07 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=DSGI&bmod=DSGI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=DSGI&bmod=DSGI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.13.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2786678&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/21 08:14:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 19:13:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/08 18:06:50 | 000,000,000 | ---D | M]

[2010/02/27 13:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chery\Application Data\Mozilla\Extensions
[2012/02/19 19:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chery\Application Data\Mozilla\Firefox\Profiles\93qzi415.default\extensions
[2010/11/01 12:37:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chery\Application Data\Mozilla\Firefox\Profiles\93qzi415.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/19 19:14:06 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Chery\Application Data\Mozilla\Firefox\Profiles\93qzi415.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/02/27 13:31:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CHERY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\93QZI415.DEFAULT\EXTENSIONS\{DA8BD68D-8E90-41CD-8345-A71B294E72E6}.XPI
[2012/02/21 08:14:47 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2010/02/20 13:05:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/19 19:13:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/19 19:13:23 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/19 19:13:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/19 19:13:23 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/19 19:13:23 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/19 19:13:23 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch.lnk = C:\WINDOWS\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{151F95ED-E1BE-486E-8020-6A0826E00A09}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chery\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chery\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/15 19:22:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c211d6e6-ffab-11df-920b-00218584d05e}\Shell - "" = AutoRun
O33 - MountPoints2\{c211d6e6-ffab-11df-920b-00218584d05e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c211d6e6-ffab-11df-920b-00218584d05e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/...654338934127688
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/28 18:37:54 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chery\Desktop\OTL.exe
[2012/02/19 19:37:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chery\Start Menu\Programs\Administrative Tools
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/28 18:37:10 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chery\Desktop\OTL.exe
[2012/02/28 18:18:51 | 090,307,428 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/28 18:11:40 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch.lnk
[2012/02/28 18:09:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/28 18:09:53 | 1062,526,976 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/28 18:05:27 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/26 09:02:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/23 20:21:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/23 08:01:27 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 22:36:39 | 000,048,091 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/21 08:14:47 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/02/20 18:51:19 | 000,064,045 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.pcb
[2012/02/20 11:20:25 | 000,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/20 11:01:34 | 000,433,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/20 11:01:34 | 000,068,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/20 10:54:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/28 18:09:53 | 1062,526,976 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/23 08:01:26 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 17:14:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/19 17:14:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011/12/15 12:31:22 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/21 21:18:15 | 000,098,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== LOP Check ==========

[2011/12/04 12:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/11/30 14:07:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/02/28 18:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/20 15:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/30 14:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\AVG2012
[2011/12/03 21:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\Emwae
[2011/12/03 21:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\Kues
[2011/11/24 16:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\MSNInstaller
[2011/12/04 13:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\Rouwyl
[2005/01/30 11:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\Template
[2008/09/10 17:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\The TechGuys
[2011/12/22 12:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\uTorrent
[2011/12/04 13:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\Yzxeo

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
gasmanuk
Posted 28 February 2012 - 12:57 PM

gasmanuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Got 2 pages so added this too don tknow if its needed


OTL Extras logfile created on: 28/02/2012 18:38:55 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Chery\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.23 Mb Total Physical Memory | 238.90 Mb Available Physical Memory | 23.58% Memory free
2.38 Gb Paging File | 1.64 Gb Available in Paging File | 68.71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.86 Gb Total Space | 95.77 Gb Free Space | 87.98% Space Free | Partition Type: NTFS

Computer Name: YOUR-F23DF9768C | User Name: Chery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A65DAD2-E914-4923-9C2A-81B968A68CE2}" = Launch
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = Realtek Card Reader
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK RTL8187SE Wireless LAN Driver
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2012
"CleanUp!" = CleanUp!
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"MSNINST" = MSN
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/02/2012 16:58:53 | Computer Name = YOUR-F23DF9768C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 25/02/2012 16:58:53 | Computer Name = YOUR-F23DF9768C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3811406

Error - 25/02/2012 16:58:53 | Computer Name = YOUR-F23DF9768C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3811406

Error - 25/02/2012 16:59:09 | Computer Name = YOUR-F23DF9768C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 25/02/2012 16:59:09 | Computer Name = YOUR-F23DF9768C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3827031

Error - 25/02/2012 16:59:09 | Computer Name = YOUR-F23DF9768C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3827031

Error - 26/02/2012 05:02:15 | Computer Name = YOUR-F23DF9768C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/02/2012 05:02:15 | Computer Name = YOUR-F23DF9768C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3563

Error - 26/02/2012 05:02:15 | Computer Name = YOUR-F23DF9768C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3563

Error - 26/02/2012 05:53:57 | Computer Name = YOUR-F23DF9768C | Source = Bonjour Service | ID = 100
Description = Timed out waiting for acknowledgement of machine sleep

[ System Events ]
Error - 28/02/2012 14:06:09 | Computer Name = YOUR-F23DF9768C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 28/02/2012 14:06:53 | Computer Name = YOUR-F23DF9768C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 28/02/2012 14:06:53 | Computer Name = YOUR-F23DF9768C | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 28/02/2012 14:06:53 | Computer Name = YOUR-F23DF9768C | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 28/02/2012 14:06:53 | Computer Name = YOUR-F23DF9768C | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 28/02/2012 14:06:53 | Computer Name = YOUR-F23DF9768C | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 28/02/2012 14:06:53 | Computer Name = YOUR-F23DF9768C | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 28/02/2012 14:06:53 | Computer Name = YOUR-F23DF9768C | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 28/02/2012 14:06:53 | Computer Name = YOUR-F23DF9768C | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tosrfcom

Error - 28/02/2012 14:12:05 | Computer Name = YOUR-F23DF9768C | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
  • 0

#3
Render
Posted 05 March 2012 - 05:09 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#4
gasmanuk
Posted 06 March 2012 - 12:15 PM

gasmanuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hi
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-06 17:46:07
-----------------------------
17:46:07.750 OS Version: Windows 5.1.2600 Service Pack 3
17:46:07.750 Number of processors: 2 586 0x1C02
17:46:07.750 ComputerName: YOUR-F23DF9768C UserName: Chery
17:46:08.578 Initialize success
17:50:08.296 AVAST engine defs: 12030600
17:50:46.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:50:46.093 Disk 0 Vendor: WDC_WD1200BEVS-22UST0 01.01A01 Size: 114473MB BusType: 3
17:50:46.093 Device owAZEVAoRGRCZ -> DriverStartIo RGRCZ@J@ f7483864
17:50:46.109 Disk 0 MBR read successfully
17:50:46.109 Disk 0 MBR scan
17:50:46.171 Disk 0 Windows VISTA default MBR code
17:50:46.187 Disk 0 Partition 1 00 12 Compaq diag MSDOS5.0 3000 MB offset 2048
17:50:46.250 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 111471 MB offset 6146048
17:50:46.312 Disk 0 scanning sectors +234438656
17:50:46.437 Disk 0 scanning C:\WINDOWS\system32\drivers
17:51:05.812 Service scanning
17:51:20.859 Service MpKsl82463474 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2F813D0-60C6-4303-BAB1-95B05BCBE1D1}\MpKsl82463474.sys **LOCKED** 32
17:51:37.375 Modules scanning
17:51:42.781 Disk 0 trace - called modules:
17:51:42.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8658d000]<<
17:51:42.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865c9ab8]
17:51:42.796 3 CLASSPNP.SYS[f7633fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86554d98]
17:51:43.234 AVAST engine scan C:\WINDOWS
17:52:12.375 AVAST engine scan C:\WINDOWS\system32
17:57:51.046 AVAST engine scan C:\WINDOWS\system32\drivers
17:58:16.140 AVAST engine scan C:\Documents and Settings\Chery
18:00:54.640 AVAST engine scan C:\Documents and Settings\All Users
18:01:18.750 Scan finished successfully
18:02:47.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Chery\Desktop\MBR.dat"
18:02:47.875 The log file has been saved successfully to "C:\Documents and Settings\Chery\Desktop\aswMBR.txt"



Thanks so much for your help

Attached Files


  • 0

#5
Render
Posted 06 March 2012 - 12:24 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK button.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.
  • 0

#6
gasmanuk
Posted 06 March 2012 - 12:42 PM

gasmanuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
thanks again18:32:41.0562 4704 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
18:32:42.0062 4704 ============================================================
18:32:42.0062 4704 Current date / time: 2012/03/06 18:32:42.0062
18:32:42.0062 4704 SystemInfo:
18:32:42.0062 4704
18:32:42.0062 4704 OS Version: 5.1.2600 ServicePack: 3.0
18:32:42.0062 4704 Product type: Workstation
18:32:42.0062 4704 ComputerName: YOUR-F23DF9768C
18:32:42.0062 4704 UserName: Chery
18:32:42.0062 4704 Windows directory: C:\WINDOWS
18:32:42.0062 4704 System windows directory: C:\WINDOWS
18:32:42.0062 4704 Processor architecture: Intel x86
18:32:42.0062 4704 Number of processors: 2
18:32:42.0062 4704 Page size: 0x1000
18:32:42.0062 4704 Boot type: Normal boot
18:32:42.0062 4704 ============================================================
18:32:44.0750 4704 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:32:44.0750 4704 \Device\Harddisk0\DR0:
18:32:44.0750 4704 MBR used
18:32:44.0750 4704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x5DC800, BlocksNum 0xD9B7800
18:32:44.0781 4704 Initialize success
18:32:44.0781 4704 ============================================================
18:33:47.0656 4648 ============================================================
18:33:47.0656 4648 Scan started
18:33:47.0656 4648 Mode: Manual; SigCheck; TDLFS;
18:33:47.0656 4648 ============================================================
18:33:47.0968 4648 5rx6iewes.sys - ok
18:33:48.0000 4648 Abiosdsk - ok
18:33:48.0031 4648 abp480n5 - ok
18:33:48.0078 4648 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:33:49.0109 4648 ACPI - ok
18:33:49.0187 4648 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:33:49.0484 4648 ACPIEC - ok
18:33:49.0500 4648 adpu160m - ok
18:33:49.0531 4648 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:33:49.0875 4648 aec - ok
18:33:49.0921 4648 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:33:50.0062 4648 AFD - ok
18:33:50.0078 4648 Aha154x - ok
18:33:50.0093 4648 aic78u2 - ok
18:33:50.0109 4648 aic78xx - ok
18:33:50.0140 4648 AliIde - ok
18:33:50.0156 4648 amsint - ok
18:33:50.0171 4648 asc - ok
18:33:50.0187 4648 asc3350p - ok
18:33:50.0203 4648 asc3550 - ok
18:33:50.0250 4648 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:33:50.0531 4648 AsyncMac - ok
18:33:50.0562 4648 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:33:50.0968 4648 atapi - ok
18:33:50.0984 4648 Atdisk - ok
18:33:51.0031 4648 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:33:51.0375 4648 Atmarpc - ok
18:33:51.0421 4648 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:33:51.0656 4648 audstub - ok
18:33:51.0671 4648 AVGIDSDriver - ok
18:33:51.0687 4648 AVGIDSEH - ok
18:33:51.0703 4648 AVGIDSFilter - ok
18:33:51.0718 4648 AVGIDSShim - ok
18:33:51.0734 4648 Avgrkx86 - ok
18:33:51.0750 4648 Avgtdix - ok
18:33:51.0781 4648 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:33:52.0015 4648 Beep - ok
18:33:52.0031 4648 catchme - ok
18:33:52.0062 4648 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:33:52.0312 4648 cbidf2k - ok
18:33:52.0343 4648 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:33:52.0718 4648 CCDECODE - ok
18:33:52.0734 4648 cd20xrnt - ok
18:33:52.0796 4648 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:33:53.0093 4648 Cdaudio - ok
18:33:53.0125 4648 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:33:53.0453 4648 Cdfs - ok
18:33:53.0484 4648 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:33:53.0796 4648 Cdrom - ok
18:33:53.0859 4648 Changer - ok
18:33:53.0953 4648 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:33:54.0343 4648 CmBatt - ok
18:33:54.0375 4648 CmdIde - ok
18:33:54.0390 4648 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:33:54.0671 4648 Compbatt - ok
18:33:54.0687 4648 Cpqarray - ok
18:33:54.0703 4648 dac2w2k - ok
18:33:54.0718 4648 dac960nt - ok
18:33:54.0750 4648 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:33:55.0031 4648 Disk - ok
18:33:55.0093 4648 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:33:55.0453 4648 dmboot - ok
18:33:55.0500 4648 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:33:55.0875 4648 dmio - ok
18:33:55.0937 4648 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:33:56.0171 4648 dmload - ok
18:33:56.0250 4648 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:33:56.0515 4648 DMusic - ok
18:33:56.0546 4648 dpti2o - ok
18:33:56.0609 4648 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:33:56.0828 4648 drmkaud - ok
18:33:56.0906 4648 DwProt (6c5abe3c6d8adc67a988a0c3f68fac24) C:\WINDOWS\system32\drivers\dwprot.sys
18:33:56.0906 4648 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dwprot.sys. Real md5: 6c5abe3c6d8adc67a988a0c3f68fac24, Fake md5: 0ffbfb144c6e09bb6d354acfee97785d
18:33:56.0906 4648 DwProt ( ForgedFile.Multi.Generic ) - warning
18:33:56.0906 4648 DwProt - detected ForgedFile.Multi.Generic (1)
18:33:56.0953 4648 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:33:57.0218 4648 Fastfat - ok
18:33:57.0296 4648 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:33:57.0656 4648 Fdc - ok
18:33:57.0687 4648 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:33:58.0109 4648 Fips - ok
18:33:58.0125 4648 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:33:58.0406 4648 Flpydisk - ok
18:33:58.0468 4648 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:33:58.0781 4648 FltMgr - ok
18:33:58.0796 4648 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:33:59.0093 4648 Fs_Rec - ok
18:33:59.0125 4648 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:33:59.0390 4648 Ftdisk - ok
18:33:59.0453 4648 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:33:59.0546 4648 GEARAspiWDM - ok
18:33:59.0578 4648 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:33:59.0859 4648 Gpc - ok
18:33:59.0921 4648 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:34:00.0296 4648 HDAudBus - ok
18:34:00.0328 4648 hpn - ok
18:34:00.0359 4648 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:34:00.0468 4648 HTTP - ok
18:34:00.0484 4648 i2omgmt - ok
18:34:00.0515 4648 i2omp - ok
18:34:00.0531 4648 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:34:01.0000 4648 i8042prt - ok
18:34:01.0218 4648 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:34:01.0828 4648 ialm - ok
18:34:01.0859 4648 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:34:02.0250 4648 Imapi - ok
18:34:02.0281 4648 ini910u - ok
18:34:02.0468 4648 IntcAzAudAddService (12cd9f66b64b25cbe18f1bb2c6f54832) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:34:02.0906 4648 IntcAzAudAddService - ok
18:34:02.0921 4648 IntelIde - ok
18:34:02.0953 4648 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:34:03.0218 4648 intelppm - ok
18:34:03.0281 4648 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:34:03.0640 4648 Ip6Fw - ok
18:34:03.0703 4648 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:34:04.0046 4648 IpFilterDriver - ok
18:34:04.0093 4648 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:34:04.0406 4648 IpInIp - ok
18:34:04.0437 4648 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:34:04.0718 4648 IpNat - ok
18:34:04.0750 4648 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:34:05.0125 4648 IPSec - ok
18:34:05.0140 4648 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:34:05.0296 4648 IRENUM - ok
18:34:05.0312 4648 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:34:05.0593 4648 isapnp - ok
18:34:05.0640 4648 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:34:05.0968 4648 Kbdclass - ok
18:34:06.0062 4648 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:34:06.0312 4648 kmixer - ok
18:34:06.0343 4648 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:34:06.0531 4648 KSecDD - ok
18:34:06.0546 4648 lbrtfdc - ok
18:34:06.0593 4648 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:34:06.0843 4648 mnmdd - ok
18:34:06.0984 4648 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:34:07.0250 4648 Modem - ok
18:34:07.0281 4648 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:34:07.0578 4648 Mouclass - ok
18:34:07.0593 4648 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:34:07.0968 4648 MountMgr - ok
18:34:08.0015 4648 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:34:08.0171 4648 MpFilter - ok
18:34:08.0250 4648 MpKsl82463474 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2F813D0-60C6-4303-BAB1-95B05BCBE1D1}\MpKsl82463474.sys
18:34:08.0359 4648 MpKsl82463474 - ok
18:34:08.0375 4648 mraid35x - ok
18:34:08.0437 4648 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:34:08.0875 4648 MRxDAV - ok
18:34:08.0906 4648 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:34:09.0062 4648 MRxSmb - ok
18:34:09.0093 4648 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:34:09.0343 4648 Msfs - ok
18:34:09.0421 4648 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:34:09.0640 4648 MSKSSRV - ok
18:34:09.0671 4648 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:34:09.0968 4648 MSPCLOCK - ok
18:34:10.0000 4648 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:34:10.0312 4648 MSPQM - ok
18:34:10.0343 4648 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:34:10.0578 4648 mssmbios - ok
18:34:10.0609 4648 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:34:10.0828 4648 MSTEE - ok
18:34:10.0859 4648 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:34:10.0984 4648 Mup - ok
18:34:11.0015 4648 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:34:11.0312 4648 NABTSFEC - ok
18:34:11.0343 4648 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:34:11.0781 4648 NDIS - ok
18:34:11.0796 4648 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:34:12.0078 4648 NdisIP - ok
18:34:12.0109 4648 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:34:12.0203 4648 NdisTapi - ok
18:34:12.0250 4648 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:34:12.0500 4648 Ndisuio - ok
18:34:12.0515 4648 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:34:12.0875 4648 NdisWan - ok
18:34:12.0906 4648 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:34:13.0000 4648 NDProxy - ok
18:34:13.0046 4648 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:34:13.0312 4648 NetBIOS - ok
18:34:13.0343 4648 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:34:13.0796 4648 NetBT - ok
18:34:13.0843 4648 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:34:14.0109 4648 Npfs - ok
18:34:14.0156 4648 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:34:14.0468 4648 Ntfs - ok
18:34:14.0500 4648 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:34:14.0703 4648 Null - ok
18:34:14.0734 4648 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:34:14.0984 4648 NwlnkFlt - ok
18:34:15.0015 4648 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:34:15.0281 4648 NwlnkFwd - ok
18:34:15.0312 4648 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:34:15.0640 4648 Parport - ok
18:34:15.0734 4648 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:34:15.0984 4648 PartMgr - ok
18:34:16.0000 4648 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:34:16.0250 4648 ParVdm - ok
18:34:16.0281 4648 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:34:16.0687 4648 PCI - ok
18:34:16.0703 4648 PCIDump - ok
18:34:16.0734 4648 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:34:16.0968 4648 PCIIde - ok
18:34:17.0000 4648 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:34:17.0296 4648 Pcmcia - ok
18:34:17.0312 4648 PDCOMP - ok
18:34:17.0328 4648 PDFRAME - ok
18:34:17.0343 4648 PDRELI - ok
18:34:17.0359 4648 PDRFRAME - ok
18:34:17.0375 4648 perc2 - ok
18:34:17.0406 4648 perc2hib - ok
18:34:17.0453 4648 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:34:17.0750 4648 PptpMiniport - ok
18:34:17.0828 4648 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:34:18.0234 4648 PSched - ok
18:34:18.0250 4648 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:34:18.0500 4648 Ptilink - ok
18:34:18.0500 4648 ql1080 - ok
18:34:18.0531 4648 Ql10wnt - ok
18:34:18.0546 4648 ql12160 - ok
18:34:18.0562 4648 ql1240 - ok
18:34:18.0578 4648 ql1280 - ok
18:34:18.0609 4648 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:34:18.0859 4648 RasAcd - ok
18:34:18.0890 4648 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:34:19.0171 4648 Rasl2tp - ok
18:34:19.0218 4648 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:34:19.0656 4648 RasPppoe - ok
18:34:19.0671 4648 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:34:19.0937 4648 Raspti - ok
18:34:19.0968 4648 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:34:20.0281 4648 Rdbss - ok
18:34:20.0312 4648 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:34:20.0531 4648 RDPCDD - ok
18:34:20.0578 4648 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:34:20.0718 4648 RDPWD - ok
18:34:20.0765 4648 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:34:21.0156 4648 redbook - ok
18:34:21.0203 4648 RSUSBSTOR (b1977a059fbcc68eb8a1752a3cf4cb31) C:\WINDOWS\system32\Drivers\RTS5121.sys
18:34:21.0312 4648 RSUSBSTOR - ok
18:34:21.0375 4648 rtl8187Se (0df1d68f289e07efd054b498d8efbbfd) C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys
18:34:21.0703 4648 rtl8187Se - ok
18:34:21.0734 4648 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
18:34:21.0921 4648 RTLE8023xp - ok
18:34:21.0984 4648 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:34:22.0109 4648 Secdrv - ok
18:34:22.0156 4648 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:34:22.0546 4648 Serial - ok
18:34:22.0562 4648 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:34:22.0859 4648 Sfloppy - ok
18:34:22.0890 4648 Simbad - ok
18:34:22.0921 4648 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:34:23.0171 4648 SLIP - ok
18:34:23.0187 4648 Sparrow - ok
18:34:23.0218 4648 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:34:23.0437 4648 splitter - ok
18:34:23.0468 4648 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:34:23.0656 4648 sr - ok
18:34:23.0703 4648 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:34:23.0828 4648 Srv - ok
18:34:23.0843 4648 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:34:24.0140 4648 streamip - ok
18:34:24.0187 4648 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:34:24.0500 4648 swenum - ok
18:34:24.0531 4648 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:34:24.0796 4648 swmidi - ok
18:34:24.0812 4648 symc810 - ok
18:34:24.0828 4648 symc8xx - ok
18:34:24.0843 4648 sym_hi - ok
18:34:24.0859 4648 sym_u3 - ok
18:34:24.0921 4648 SynTP (a9ad7fad373975d4dbeabb0ead240bb1) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:34:25.0046 4648 SynTP - ok
18:34:25.0078 4648 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:34:25.0375 4648 sysaudio - ok
18:34:25.0421 4648 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:34:25.0640 4648 Tcpip - ok
18:34:25.0687 4648 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:34:26.0031 4648 TDPIPE - ok
18:34:26.0093 4648 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:34:26.0375 4648 TDTCP - ok
18:34:26.0437 4648 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:34:26.0718 4648 TermDD - ok
18:34:26.0750 4648 TosIde - ok
18:34:26.0781 4648 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
18:34:26.0906 4648 tosporte - ok
18:34:26.0953 4648 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
18:34:27.0140 4648 tosrfbd - ok
18:34:27.0187 4648 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
18:34:27.0359 4648 tosrfbnp - ok
18:34:27.0390 4648 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
18:34:27.0531 4648 Tosrfcom - ok
18:34:27.0562 4648 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
18:34:27.0687 4648 Tosrfhid - ok
18:34:27.0718 4648 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
18:34:27.0796 4648 tosrfnds - ok
18:34:27.0828 4648 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\WINDOWS\system32\drivers\tosrfsnd.sys
18:34:27.0937 4648 TosRfSnd - ok
18:34:27.0953 4648 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
18:34:28.0046 4648 Tosrfusb - ok
18:34:28.0093 4648 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
18:34:28.0375 4648 uagp35 - ok
18:34:28.0500 4648 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:34:28.0796 4648 Udfs - ok
18:34:28.0812 4648 ultra - ok
18:34:28.0890 4648 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:34:29.0234 4648 Update - ok
18:34:29.0296 4648 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:34:29.0421 4648 USBAAPL - ok
18:34:29.0437 4648 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:34:29.0734 4648 usbccgp - ok
18:34:29.0765 4648 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:34:30.0031 4648 usbehci - ok
18:34:30.0062 4648 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:34:30.0359 4648 usbhub - ok
18:34:30.0390 4648 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:34:30.0640 4648 usbohci - ok
18:34:30.0671 4648 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:34:30.0921 4648 usbscan - ok
18:34:30.0953 4648 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:34:31.0203 4648 usbstor - ok
18:34:31.0234 4648 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:34:31.0484 4648 usbuhci - ok
18:34:31.0515 4648 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:34:31.0781 4648 usbvideo - ok
18:34:31.0796 4648 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:34:32.0171 4648 VgaSave - ok
18:34:32.0187 4648 ViaIde - ok
18:34:32.0265 4648 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:34:32.0546 4648 VolSnap - ok
18:34:32.0593 4648 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:34:32.0890 4648 Wanarp - ok
18:34:32.0906 4648 WDICA - ok
18:34:32.0937 4648 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:34:33.0250 4648 wdmaud - ok
18:34:33.0312 4648 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:34:33.0578 4648 WmiAcpi - ok
18:34:33.0625 4648 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:34:33.0937 4648 WS2IFSL - ok
18:34:34.0046 4648 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:34:34.0296 4648 WSTCODEC - ok
18:34:34.0312 4648 xcpip - ok
18:34:34.0343 4648 xpsec - ok
18:34:34.0375 4648 MBR (0x1B8) (199d66d15be31321331253788f490d3d) \Device\Harddisk0\DR0
18:34:34.0375 4648 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
18:34:34.0375 4648 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
18:34:34.0546 4648 Boot (0x1200) (80722818118d3c798098b007388e26a2) \Device\Harddisk0\DR0\Partition0
18:34:34.0546 4648 \Device\Harddisk0\DR0\Partition0 - ok
18:34:34.0546 4648 ============================================================
18:34:34.0546 4648 Scan finished
18:34:34.0546 4648 ============================================================
18:34:34.0656 1708 Detected object count: 2
18:34:34.0656 1708 Actual detected object count: 2
18:37:14.0125 1708 DwProt ( ForgedFile.Multi.Generic ) - skipped by user
18:37:14.0125 1708 DwProt ( ForgedFile.Multi.Generic ) - User select action: Skip
18:37:14.0265 1708 \Device\Harddisk0\DR0\# - copied to quarantine
18:37:14.0453 1708 \Device\Harddisk0\DR0 - copied to quarantine
18:37:14.0546 1708 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
18:37:14.0546 1708 \Device\Harddisk0\DR0 - ok
18:37:14.0546 1708 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
18:37:25.0609 1888 Deinitialize success

Attached Files


  • 0

#7
Render
Posted 06 March 2012 - 02:25 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please run aswMBR and then TDSSKiller as instructed before once again and post new logs.
  • 0

#8
gasmanuk
Posted 07 March 2012 - 02:13 AM

gasmanuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I can't seem to get aswMBR to run it just says "initalize sucess"

here is TDSS log
  • 0

#9
gasmanuk
Posted 07 March 2012 - 02:14 AM

gasmanuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Sorry here it is

08:04:28.0921 2908 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
08:04:30.0921 2908 ============================================================
08:04:30.0921 2908 Current date / time: 2012/03/07 08:04:30.0921
08:04:30.0921 2908 SystemInfo:
08:04:30.0921 2908
08:04:30.0921 2908 OS Version: 5.1.2600 ServicePack: 3.0
08:04:30.0921 2908 Product type: Workstation
08:04:30.0921 2908 ComputerName: YOUR-F23DF9768C
08:04:30.0921 2908 UserName: Chery
08:04:30.0921 2908 Windows directory: C:\WINDOWS
08:04:30.0921 2908 System windows directory: C:\WINDOWS
08:04:30.0921 2908 Processor architecture: Intel x86
08:04:30.0921 2908 Number of processors: 2
08:04:30.0921 2908 Page size: 0x1000
08:04:30.0921 2908 Boot type: Normal boot
08:04:30.0921 2908 ============================================================
08:04:34.0156 2908 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:04:34.0187 2908 \Device\Harddisk0\DR0:
08:04:34.0187 2908 MBR used
08:04:34.0187 2908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x5DC800, BlocksNum 0xD9B7800
08:04:34.0203 2908 Initialize success
08:04:34.0203 2908 ============================================================
08:04:52.0015 0652 ============================================================
08:04:52.0015 0652 Scan started
08:04:52.0015 0652 Mode: Manual; SigCheck; TDLFS;
08:04:52.0015 0652 ============================================================
08:04:52.0343 0652 5rx6iewes.sys - ok
08:04:52.0375 0652 Abiosdsk - ok
08:04:52.0406 0652 abp480n5 - ok
08:04:52.0468 0652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:04:53.0859 0652 ACPI - ok
08:04:53.0953 0652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:04:54.0406 0652 ACPIEC - ok
08:04:54.0421 0652 adpu160m - ok
08:04:54.0484 0652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:04:55.0046 0652 aec - ok
08:04:55.0125 0652 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:04:55.0296 0652 AFD - ok
08:04:55.0328 0652 Aha154x - ok
08:04:55.0359 0652 aic78u2 - ok
08:04:55.0375 0652 aic78xx - ok
08:04:55.0437 0652 AliIde - ok
08:04:55.0468 0652 amsint - ok
08:04:55.0531 0652 asc - ok
08:04:55.0562 0652 asc3350p - ok
08:04:55.0578 0652 asc3550 - ok
08:04:55.0671 0652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:04:56.0156 0652 AsyncMac - ok
08:04:56.0203 0652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:04:56.0796 0652 atapi - ok
08:04:56.0812 0652 Atdisk - ok
08:04:56.0906 0652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:04:57.0437 0652 Atmarpc - ok
08:04:57.0531 0652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:04:57.0968 0652 audstub - ok
08:04:58.0015 0652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:04:58.0515 0652 Beep - ok
08:04:58.0578 0652 catchme - ok
08:04:58.0625 0652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:04:59.0078 0652 cbidf2k - ok
08:04:59.0140 0652 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:04:59.0578 0652 CCDECODE - ok
08:04:59.0609 0652 cd20xrnt - ok
08:04:59.0671 0652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:05:00.0171 0652 Cdaudio - ok
08:05:00.0203 0652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:05:00.0734 0652 Cdfs - ok
08:05:00.0812 0652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:05:01.0343 0652 Cdrom - ok
08:05:01.0359 0652 Changer - ok
08:05:01.0484 0652 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:05:01.0953 0652 CmBatt - ok
08:05:01.0968 0652 CmdIde - ok
08:05:02.0046 0652 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:05:02.0500 0652 Compbatt - ok
08:05:02.0562 0652 Cpqarray - ok
08:05:02.0609 0652 dac2w2k - ok
08:05:02.0640 0652 dac960nt - ok
08:05:02.0703 0652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:05:03.0218 0652 Disk - ok
08:05:03.0328 0652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:05:03.0968 0652 dmboot - ok
08:05:04.0000 0652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:05:04.0515 0652 dmio - ok
08:05:04.0578 0652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:05:05.0031 0652 dmload - ok
08:05:05.0109 0652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:05:05.0625 0652 DMusic - ok
08:05:05.0671 0652 dpti2o - ok
08:05:05.0750 0652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:05:06.0250 0652 drmkaud - ok
08:05:06.0515 0652 DwProt (6c5abe3c6d8adc67a988a0c3f68fac24) C:\WINDOWS\system32\drivers\dwprot.sys
08:05:06.0640 0652 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dwprot.sys. Real md5: 6c5abe3c6d8adc67a988a0c3f68fac24, Fake md5: 0ffbfb144c6e09bb6d354acfee97785d
08:05:06.0640 0652 DwProt ( ForgedFile.Multi.Generic ) - warning
08:05:06.0640 0652 DwProt - detected ForgedFile.Multi.Generic (1)
08:05:06.0796 0652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:05:07.0343 0652 Fastfat - ok
08:05:07.0656 0652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:05:08.0218 0652 Fdc - ok
08:05:08.0500 0652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:05:09.0062 0652 Fips - ok
08:05:09.0312 0652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:05:09.0875 0652 Flpydisk - ok
08:05:10.0140 0652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:05:10.0718 0652 FltMgr - ok
08:05:11.0046 0652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:05:11.0593 0652 Fs_Rec - ok
08:05:11.0875 0652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:05:12.0453 0652 Ftdisk - ok
08:05:12.0687 0652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:05:12.0921 0652 GEARAspiWDM - ok
08:05:12.0984 0652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:05:13.0750 0652 Gpc - ok
08:05:13.0859 0652 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:05:14.0687 0652 HDAudBus - ok
08:05:14.0781 0652 hpn - ok
08:05:14.0875 0652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:05:15.0109 0652 HTTP - ok
08:05:15.0171 0652 i2omgmt - ok
08:05:15.0203 0652 i2omp - ok
08:05:15.0265 0652 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:05:16.0031 0652 i8042prt - ok
08:05:16.0406 0652 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:05:17.0359 0652 ialm - ok
08:05:17.0421 0652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:05:18.0156 0652 Imapi - ok
08:05:18.0234 0652 ini910u - ok
08:05:18.0578 0652 IntcAzAudAddService (12cd9f66b64b25cbe18f1bb2c6f54832) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:05:19.0312 0652 IntcAzAudAddService - ok
08:05:19.0343 0652 IntelIde - ok
08:05:19.0390 0652 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:05:19.0890 0652 intelppm - ok
08:05:20.0046 0652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:05:20.0562 0652 Ip6Fw - ok
08:05:20.0625 0652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:05:21.0125 0652 IpFilterDriver - ok
08:05:21.0218 0652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:05:21.0765 0652 IpInIp - ok
08:05:21.0796 0652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:05:22.0296 0652 IpNat - ok
08:05:22.0375 0652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:05:22.0968 0652 IPSec - ok
08:05:23.0031 0652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:05:23.0265 0652 IRENUM - ok
08:05:23.0312 0652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:05:23.0812 0652 isapnp - ok
08:05:23.0859 0652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:05:24.0359 0652 Kbdclass - ok
08:05:24.0421 0652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:05:24.0859 0652 kmixer - ok
08:05:24.0921 0652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:05:25.0171 0652 KSecDD - ok
08:05:25.0218 0652 lbrtfdc - ok
08:05:25.0343 0652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:05:25.0796 0652 mnmdd - ok
08:05:25.0859 0652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:05:26.0359 0652 Modem - ok
08:05:26.0421 0652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:05:26.0906 0652 Mouclass - ok
08:05:26.0984 0652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:05:27.0515 0652 MountMgr - ok
08:05:27.0593 0652 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:05:27.0812 0652 MpFilter - ok
08:05:27.0906 0652 MpKsl05928be6 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AB90C3D5-1C0A-43B4-B866-70B63CAD28CB}\MpKsl05928be6.sys
08:05:28.0046 0652 MpKsl05928be6 - ok
08:05:28.0062 0652 mraid35x - ok
08:05:28.0109 0652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:05:28.0609 0652 MRxDAV - ok
08:05:28.0687 0652 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:05:28.0906 0652 MRxSmb - ok
08:05:28.0953 0652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:05:29.0453 0652 Msfs - ok
08:05:29.0546 0652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:05:30.0031 0652 MSKSSRV - ok
08:05:30.0093 0652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:05:30.0546 0652 MSPCLOCK - ok
08:05:30.0625 0652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:05:31.0078 0652 MSPQM - ok
08:05:31.0156 0652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:05:31.0625 0652 mssmbios - ok
08:05:31.0687 0652 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:05:32.0156 0652 MSTEE - ok
08:05:32.0234 0652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:05:32.0437 0652 Mup - ok
08:05:32.0468 0652 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:05:33.0000 0652 NABTSFEC - ok
08:05:33.0078 0652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:05:33.0656 0652 NDIS - ok
08:05:33.0687 0652 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:05:34.0156 0652 NdisIP - ok
08:05:34.0218 0652 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:05:34.0359 0652 NdisTapi - ok
08:05:34.0421 0652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:05:34.0875 0652 Ndisuio - ok
08:05:34.0906 0652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:05:35.0515 0652 NdisWan - ok
08:05:35.0625 0652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:05:35.0796 0652 NDProxy - ok
08:05:35.0843 0652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:05:36.0343 0652 NetBIOS - ok
08:05:36.0421 0652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:05:37.0015 0652 NetBT - ok
08:05:37.0125 0652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:05:37.0656 0652 Npfs - ok
08:05:37.0750 0652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:05:38.0312 0652 Ntfs - ok
08:05:38.0406 0652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:05:38.0843 0652 Null - ok
08:05:38.0921 0652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:05:39.0375 0652 NwlnkFlt - ok
08:05:39.0437 0652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:05:39.0921 0652 NwlnkFwd - ok
08:05:40.0015 0652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:05:40.0625 0652 Parport - ok
08:05:40.0656 0652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:05:41.0125 0652 PartMgr - ok
08:05:41.0187 0652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:05:41.0687 0652 ParVdm - ok
08:05:41.0703 0652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:05:42.0281 0652 PCI - ok
08:05:42.0312 0652 PCIDump - ok
08:05:42.0343 0652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:05:42.0796 0652 PCIIde - ok
08:05:42.0859 0652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:05:43.0375 0652 Pcmcia - ok
08:05:43.0390 0652 PDCOMP - ok
08:05:43.0421 0652 PDFRAME - ok
08:05:43.0468 0652 PDRELI - ok
08:05:43.0500 0652 PDRFRAME - ok
08:05:43.0531 0652 perc2 - ok
08:05:43.0562 0652 perc2hib - ok
08:05:43.0734 0652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:05:44.0281 0652 PptpMiniport - ok
08:05:44.0312 0652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:05:44.0859 0652 PSched - ok
08:05:44.0890 0652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:05:45.0406 0652 Ptilink - ok
08:05:45.0421 0652 ql1080 - ok
08:05:45.0453 0652 Ql10wnt - ok
08:05:45.0500 0652 ql12160 - ok
08:05:45.0531 0652 ql1240 - ok
08:05:45.0609 0652 ql1280 - ok
08:05:45.0656 0652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:05:46.0140 0652 RasAcd - ok
08:05:46.0187 0652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:05:46.0703 0652 Rasl2tp - ok
08:05:46.0750 0652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:05:47.0296 0652 RasPppoe - ok
08:05:47.0312 0652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:05:47.0781 0652 Raspti - ok
08:05:47.0859 0652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:05:48.0437 0652 Rdbss - ok
08:05:48.0515 0652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:05:49.0000 0652 RDPCDD - ok
08:05:49.0109 0652 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:05:49.0375 0652 RDPWD - ok
08:05:49.0484 0652 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:05:50.0046 0652 redbook - ok
08:05:50.0171 0652 RSUSBSTOR (b1977a059fbcc68eb8a1752a3cf4cb31) C:\WINDOWS\system32\Drivers\RTS5121.sys
08:05:50.0328 0652 RSUSBSTOR - ok
08:05:50.0468 0652 rtl8187Se (0df1d68f289e07efd054b498d8efbbfd) C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys
08:05:50.0875 0652 rtl8187Se - ok
08:05:50.0968 0652 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
08:05:51.0234 0652 RTLE8023xp - ok
08:05:51.0359 0652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:05:51.0609 0652 Secdrv - ok
08:05:51.0765 0652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
08:05:52.0421 0652 Serial - ok
08:05:52.0500 0652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
08:05:52.0984 0652 Sfloppy - ok
08:05:53.0046 0652 Simbad - ok
08:05:53.0125 0652 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:05:53.0593 0652 SLIP - ok
08:05:53.0625 0652 Sparrow - ok
08:05:53.0718 0652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:05:54.0156 0652 splitter - ok
08:05:54.0250 0652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:05:54.0593 0652 sr - ok
08:05:54.0718 0652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:05:54.0906 0652 Srv - ok
08:05:54.0984 0652 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:05:55.0484 0652 streamip - ok
08:05:55.0562 0652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:05:56.0031 0652 swenum - ok
08:05:56.0109 0652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:05:56.0609 0652 swmidi - ok
08:05:56.0640 0652 symc810 - ok
08:05:56.0687 0652 symc8xx - ok
08:05:56.0718 0652 sym_hi - ok
08:05:56.0765 0652 sym_u3 - ok
08:05:56.0859 0652 SynTP (a9ad7fad373975d4dbeabb0ead240bb1) C:\WINDOWS\system32\DRIVERS\SynTP.sys
08:05:57.0093 0652 SynTP - ok
08:05:57.0140 0652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:05:57.0656 0652 sysaudio - ok
08:05:57.0796 0652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:05:58.0031 0652 Tcpip - ok
08:05:58.0062 0652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:05:58.0531 0652 TDPIPE - ok
08:05:58.0609 0652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:05:59.0093 0652 TDTCP - ok
08:05:59.0171 0652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:05:59.0687 0652 TermDD - ok
08:05:59.0781 0652 TosIde - ok
08:05:59.0875 0652 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
08:06:00.0093 0652 tosporte - ok
08:06:00.0125 0652 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
08:06:00.0281 0652 tosrfbd - ok
08:06:00.0312 0652 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
08:06:00.0468 0652 tosrfbnp - ok
08:06:00.0515 0652 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
08:06:00.0734 0652 Tosrfcom - ok
08:06:00.0765 0652 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
08:06:00.0984 0652 Tosrfhid - ok
08:06:01.0015 0652 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
08:06:01.0140 0652 tosrfnds - ok
08:06:01.0187 0652 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\WINDOWS\system32\drivers\tosrfsnd.sys
08:06:01.0359 0652 TosRfSnd - ok
08:06:01.0390 0652 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
08:06:01.0546 0652 Tosrfusb - ok
08:06:01.0625 0652 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
08:06:02.0156 0652 uagp35 - ok
08:06:02.0234 0652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:06:02.0765 0652 Udfs - ok
08:06:02.0781 0652 ultra - ok
08:06:02.0890 0652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:06:03.0453 0652 Update - ok
08:06:03.0578 0652 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:06:03.0812 0652 USBAAPL - ok
08:06:03.0843 0652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:06:04.0406 0652 usbccgp - ok
08:06:04.0484 0652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:06:04.0968 0652 usbehci - ok
08:06:05.0046 0652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:06:05.0578 0652 usbhub - ok
08:06:05.0671 0652 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:06:06.0109 0652 usbohci - ok
08:06:06.0187 0652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:06:06.0656 0652 usbscan - ok
08:06:06.0734 0652 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:06:07.0218 0652 usbstor - ok
08:06:07.0281 0652 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:06:07.0765 0652 usbuhci - ok
08:06:07.0843 0652 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
08:06:08.0343 0652 usbvideo - ok
08:06:08.0406 0652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:06:08.0875 0652 VgaSave - ok
08:06:08.0890 0652 ViaIde - ok
08:06:08.0984 0652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:06:09.0468 0652 VolSnap - ok
08:06:09.0578 0652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:06:10.0140 0652 Wanarp - ok
08:06:10.0171 0652 WDICA - ok
08:06:10.0218 0652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:06:10.0765 0652 wdmaud - ok
08:06:10.0953 0652 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:06:11.0390 0652 WmiAcpi - ok
08:06:11.0500 0652 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:06:12.0000 0652 WS2IFSL - ok
08:06:12.0062 0652 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:06:12.0531 0652 WSTCODEC - ok
08:06:12.0593 0652 xcpip - ok
08:06:12.0640 0652 xpsec - ok
08:06:12.0796 0652 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
08:06:12.0984 0652 \Device\Harddisk0\DR0 - ok
08:06:13.0000 0652 Boot (0x1200) (80722818118d3c798098b007388e26a2) \Device\Harddisk0\DR0\Partition0
08:06:13.0000 0652 \Device\Harddisk0\DR0\Partition0 - ok
08:06:13.0015 0652 ============================================================
08:06:13.0015 0652 Scan finished
08:06:13.0015 0652 ============================================================
08:06:13.0156 0580 Detected object count: 1
08:06:13.0156 0580 Actual detected object count: 1
08:06:31.0781 0580 DwProt ( ForgedFile.Multi.Generic ) - skipped by user
08:06:31.0781 0580 DwProt ( ForgedFile.Multi.Generic ) - User select action: Skip
08:06:56.0890 0604 Deinitialize success

Attached Files


  • 0

#10
Render
Posted 07 March 2012 - 07:49 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please don't attach log files. Instead copy and paste the content of them. Thank you.

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

Advertisements

#11
gasmanuk
Posted 07 March 2012 - 02:44 PM

gasmanuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
OTL logfile created on: 07/03/2012 18:34:45 - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Chery\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.23 Mb Total Physical Memory | 456.38 Mb Available Physical Memory | 45.04% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.42% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.86 Gb Total Space | 95.49 Gb Free Space | 87.72% Space Free | Partition Type: NTFS

Computer Name: YOUR-F23DF9768C | User Name: Chery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/28 18:37:10 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chery\Desktop\OTL.exe
PRC - [2011/10/22 16:00:00 | 000,611,144 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/08/07 22:57:46 | 000,684,032 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008/08/01 00:39:22 | 000,340,176 | ---- | M] (The TechGuys) -- C:\Program Files\The TechGuys\Launch\Launch.exe
PRC - [2008/06/10 00:26:52 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 22:29:24 | 002,572,288 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2008/02/22 17:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/01/23 03:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/01/09 17:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/10/29 21:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/10/05 01:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/09/28 23:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/08/23 18:55:06 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 11:31:02 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/20 11:11:13 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/20 11:06:53 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
MOD - [2012/02/20 11:06:42 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
MOD - [2012/02/20 11:05:02 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
MOD - [2012/02/20 11:03:45 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
MOD - [2012/02/20 11:03:10 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/16 12:00:56 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2008/08/01 00:43:18 | 000,021,200 | ---- | M] () -- C:\Program Files\The TechGuys\Launch\MVVMFramework.DLL
MOD - [2008/07/18 20:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll
MOD - [2008/06/10 00:26:52 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
MOD - [2008/02/22 06:43:10 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2005/07/23 04:30:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/06/10 00:26:52 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2007/09/28 23:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Driver Services (SafeList) ==========

DRV - [2012/03/07 07:52:19 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AB90C3D5-1C0A-43B4-B866-70B63CAD28CB}\MpKsl05928be6.sys -- (MpKsl05928be6)
DRV - [2012/03/04 21:06:47 | 000,149,272 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2008/07/10 09:33:40 | 000,306,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se)
DRV - [2008/05/08 02:21:40 | 004,739,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/27 22:56:46 | 000,153,600 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/02/15 22:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/01/31 22:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/01/23 03:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008/01/04 05:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/29 16:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/10/18 21:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/10/02 18:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2006/10/11 02:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/01/07 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=DSGI&bmod=DSGI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.13.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2786678&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 19:13:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/08 18:06:50 | 000,000,000 | ---D | M]

[2010/02/27 13:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chery\Application Data\Mozilla\Extensions
[2012/02/19 19:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chery\Application Data\Mozilla\Firefox\Profiles\93qzi415.default\extensions
[2010/11/01 12:37:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chery\Application Data\Mozilla\Firefox\Profiles\93qzi415.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/19 19:14:06 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Chery\Application Data\Mozilla\Firefox\Profiles\93qzi415.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/02/27 13:31:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CHERY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\93QZI415.DEFAULT\EXTENSIONS\{DA8BD68D-8E90-41CD-8345-A71B294E72E6}.XPI
[2010/02/20 13:05:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/19 19:13:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/19 19:13:23 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/19 19:13:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/19 19:13:23 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/19 19:13:23 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/19 19:13:23 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/03/01 07:50:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch.lnk = C:\WINDOWS\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{151F95ED-E1BE-486E-8020-6A0826E00A09}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chery\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chery\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/15 19:22:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/07 08:02:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/06 18:37:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/06 18:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chery\Local Settings\Application Data\WinZip
[2012/03/06 18:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/03/06 18:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/03/06 18:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/03/05 19:45:21 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/03/05 19:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/05 19:40:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/29 19:30:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/29 19:28:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/29 19:28:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/29 19:28:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/29 19:28:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/29 19:27:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/29 19:27:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/29 19:27:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chery\My Documents\My Videos
[2012/02/29 19:27:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/02/28 18:37:54 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chery\Desktop\OTL.exe
[2012/02/19 19:37:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chery\Start Menu\Programs\Administrative Tools
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/07 09:13:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/06 18:43:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/06 18:38:55 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch.lnk
[2012/03/06 18:37:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/06 18:37:42 | 1062,526,976 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/06 18:13:08 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/03/06 18:13:08 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/03/06 18:02:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Chery\Desktop\MBR.dat
[2012/03/05 19:42:33 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/05 19:41:29 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/04 21:06:47 | 000,149,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\dwprot.sys
[2012/03/01 07:50:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/28 18:37:10 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chery\Desktop\OTL.exe
[2012/02/23 20:21:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/23 08:01:27 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/20 11:20:25 | 000,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/20 11:01:34 | 000,433,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/20 11:01:34 | 000,068,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/20 10:54:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 18:13:08 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/03/06 18:13:04 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/03/06 18:02:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Chery\Desktop\MBR.dat
[2012/03/05 19:47:15 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/05 19:42:33 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/03/05 19:42:00 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/05 19:25:20 | 1062,526,976 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/04 21:06:47 | 000,149,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\dwprot.sys
[2012/02/29 19:30:08 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/02/29 19:30:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/29 19:28:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/29 19:28:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/29 19:28:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/29 19:28:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/29 19:28:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/23 08:01:26 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 17:14:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/19 17:14:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011/12/15 12:31:22 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/21 21:18:15 | 000,098,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== LOP Check ==========

[2011/11/30 14:07:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/05 19:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/03/06 18:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/12/20 15:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/03 21:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\Emwae
[2011/12/03 21:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\Kues
[2011/11/24 16:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\MSNInstaller
[2011/12/04 13:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\Rouwyl
[2005/01/30 11:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\Template
[2008/09/10 17:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\The TechGuys
[2011/12/22 12:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\uTorrent
[2011/12/04 13:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\Yzxeo
[2012/03/06 18:43:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 12:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 12:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 12:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 12:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 12:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 12:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/19 19:13:23 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/19 19:13:23 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/19 19:13:23 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/19 19:13:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/19 19:13:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/19 19:13:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 12:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 12:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 12:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/14 12:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/19 19:13:23 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/19 19:13:23 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/19 19:13:23 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/19 19:13:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/19 19:13:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/19 19:13:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 12:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 12:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 12:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/14 12:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#12
Render
Posted 07 March 2012 - 03:52 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
How is your computer running now? Any problems?

I see you already have run Combofix so please post its log C:\ComboFix.txt.
  • 0

#13
gasmanuk
Posted 07 March 2012 - 04:55 PM

gasmanuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
its running great thanks to you, i ran combo fix a few days ago as I was desperate.

Thanks for help

ComboFix 12-02-29.01 - Chery 01/03/2012 16:45:45.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.509 [GMT 0:00]
Running from: c:\documents and settings\Chery\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-01 to 2012-03-01 )))))))))))))))))))))))))))))))
.
.
2012-02-28 18:08 . 2012-02-28 18:08 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-28 18:05 . 2012-02-28 18:07 -------- d-s---w- c:\documents and settings\Administrator
2012-02-19 17:14 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-19 17:14 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2008-05-15 19:08 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:53 . 2008-05-15 19:08 667136 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2008-05-15 19:08 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:53 . 2008-05-15 19:07 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-16 13:16 . 2008-05-15 19:07 369664 ----a-w- c:\windows\system32\html.iec
2011-12-10 15:24 . 2011-12-21 12:32 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 19:13 . 2012-02-19 19:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-19 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-11 1028096]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-08-07 684032]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-08-06 20480]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
Launch.lnk - c:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe [2008-9-10 17542]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 06:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 01:14 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [30/05/2008 15:43 153600]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [18/09/2008 23:58 159744]
S3 5rx6iewes.sys;5rx6iewes.sys;\??\c:\windows\system32\drivers\5rx6iewes.sys --> c:\windows\system32\drivers\5rx6iewes.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - xcpip
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.talktalk.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Chery\Application Data\Mozilla\Firefox\Profiles\93qzi415.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-01 16:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-03-01 16:58:43
ComboFix-quarantined-files.txt 2012-03-01 16:58
ComboFix2.txt 2012-03-01 07:59
.
Pre-Run: 102,728,957,952 bytes free
Post-Run: 102,720,241,664 bytes free
.
- - End Of File - - 12665054DD9A0B8B54BB3996A48EE077
  • 0

#14
Render
Posted 07 March 2012 - 05:37 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Trojan Sinowal was removed. I recommend you to change all passwords on accounts like gmail, hotmail etc.

I also see that you changed your AV from AVG to MSE. That's good. Do the following now:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
[2011/12/04 13:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\Yzxeo
[2011/12/04 13:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\Rouwyl
[2011/12/03 21:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\Emwae
[2011/12/03 21:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chery\Application Data\Kues

  	
:Files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#15
gasmanuk
Posted 08 March 2012 - 02:13 PM

gasmanuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
All processes killed
========== OTL ==========
C:\Documents and Settings\Chery\Application Data\Yzxeo folder moved successfully.
C:\Documents and Settings\Chery\Application Data\Rouwyl folder moved successfully.
C:\Documents and Settings\Chery\Application Data\Emwae folder moved successfully.
C:\Documents and Settings\Chery\Application Data\Kues folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Chery\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chery\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Chery\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chery\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Chery\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chery\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Chery\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chery\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Chery\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chery\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.YOUR-F23DF9768C
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 5272884 bytes

User: All Users

User: Chery
->Temp folder emptied: 141026000 bytes
->Temporary Internet Files folder emptied: 117926990 bytes
->Java cache emptied: 2448024 bytes
->FireFox cache emptied: 209806900 bytes
->Flash cache emptied: 62772 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 15548 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 16259 bytes
->Flash cache emptied: 13443 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 90112 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524818 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4762556 bytes

Total Files Cleaned = 460.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.YOUR-F23DF9768C

User: All Users

User: Chery
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.YOUR-F23DF9768C

User: All Users

User: Chery
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.33.2 log created on 03082012_192826

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP