Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malwarebytes not able to remove virus [Solved]


  • This topic is locked This topic is locked

#1
criptonite

criptonite

    Member

  • Member
  • PipPip
  • 53 posts
Hello, I have a friends PC which is infected by a virus. The User desktop has no icons and clicking the start button shows a panel with no icons as well. When I boot to safemode with networking the user profile also has no icons but the administrator profile has most of the icons (although no accessories folder, I tried to do a system restore). I've tried to run OTL.exe and OTL.com in the User profile but they seem to be shut down so the OTL log below is from the Adminstrator profile while in safemode.

I hope someone can help.

Many thanks in advance.
Dave

OTL Log:


OTL logfile created on: 12/04/2012 06:20:57 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.48 Mb Total Physical Memory | 628.06 Mb Available Physical Memory | 81.83% Memory free
1.83 Gb Paging File | 1.76 Gb Available in Paging File | 96.21% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 49.92 Gb Free Space | 69.96% Space Free | Partition Type: NTFS
Drive D: | 71.82 Gb Total Space | 71.45 Gb Free Space | 99.48% Space Free | Partition Type: FAT32
Drive F: | 954.10 Mb Total Space | 952.96 Mb Free Space | 99.88% Space Free | Partition Type: FAT32

Computer Name: TESTEMP | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/12 14:05:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2012/04/04 23:59:19 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/06 16:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2006/05/11 16:22:48 | 000,028,672 | -H-- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20090311.001\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 16:04:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/03/06 16:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 16:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 16:03:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/03/06 16:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/03/06 16:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 16:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 16:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 16:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 15:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/28 10:26:19 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2011/10/14 04:59:42 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/07/18 08:40:06 | 000,264,576 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2006/06/29 01:53:00 | 000,244,864 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/06/28 10:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/05 13:09:26 | 004,284,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/28 11:38:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/10/04 15:38:24 | 000,280,064 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/01/13 15:46:16 | 000,069,632 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.102: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2004/08/10 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe ( )
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/11 14:04:08 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/12 06:20:50 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/04/12 06:17:47 | 000,000,000 | ---D | C] -- C:\avast! sandbox
[2012/04/12 03:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2012/04/12 02:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/12 02:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/12 02:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/12 02:59:31 | 012,903,112 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2012/04/12 02:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/04/12 02:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/12 02:44:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/12 02:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/12 02:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/12 02:43:26 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/12 02:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/04/12 02:42:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2012/04/12 02:42:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/04/12 02:39:59 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/03/30 00:10:21 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/12 14:05:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/04/12 06:19:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/12 06:19:02 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012/04/12 06:15:42 | 000,073,451 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/04/12 06:15:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/12 02:59:59 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/12 02:59:51 | 012,903,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2012/04/12 02:44:14 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 02:43:55 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/12 01:34:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/12 00:59:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/11 03:08:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/11 03:05:59 | 000,443,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 03:05:59 | 000,072,204 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/10 00:59:59 | 000,001,817 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/04/10 00:23:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/30 00:10:21 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/14 03:07:06 | 000,229,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/12 02:59:59 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/12 02:44:14 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/04 23:59:21 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/02/15 01:05:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/11/24 04:00:34 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP21.INI
[2010/08/02 01:49:26 | 000,000,486 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2010/08/02 01:06:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2010/08/02 01:06:38 | 000,001,744 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2010/08/02 01:06:38 | 000,001,191 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[2010/08/02 01:06:37 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\Sglist32.dll
[2010/08/02 01:06:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\SGOPopDg.dll
[2010/08/02 01:06:37 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\Sgtool32.dll
[2010/08/02 01:06:37 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\Sglch32.dll
[2010/08/02 01:06:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Sgtbar32.dll
[2010/08/02 01:06:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Sgstat32.dll
[2010/08/02 01:06:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Sglogo32.dll
[2010/08/02 01:06:36 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Sgcdlg32.dll
[2010/08/02 01:06:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2010/08/02 01:06:36 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\Sghelp32.dll
[2010/08/02 01:06:36 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2010/08/02 01:06:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Sgintl32.dll
[2010/08/02 01:06:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Sgcom32.dll
[2010/08/02 01:06:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Sgdt32.dll
[2010/08/02 01:06:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\Sgappbar.dll
[2010/08/02 01:06:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\Sg3d32.dll
[2010/08/02 01:06:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2010/08/02 01:06:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Repdes32.exe
[2010/08/02 01:06:35 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\Sgrep32.dll
[2010/08/02 01:04:30 | 000,001,752 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI

========== LOP Check ==========

[2011/01/02 03:47:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/02/03 04:19:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/01/07 07:06:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/10/26 07:09:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2011/10/26 06:01:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2011/11/28 05:29:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2011/10/26 07:09:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2011/10/26 05:54:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/10/26 05:56:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/04/02 10:35:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/10/26 05:58:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/10/26 05:57:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2011/10/26 05:52:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2010/04/08 03:27:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HMRC
[2011/01/02 03:11:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\pKkCfLj06502

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
criptonite

criptonite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
I've solved the problem. I'll close this post.
  • 0

#3
criptonite

criptonite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
For anyone's interest....I used a program called unhide which restored some of the icons, including the Accessories folder which meant I could use system restore. Avast immediately ran and reported a rootkit called Alureor which it removed. Once the system was back to normal I ran Malwarebytes again and no viruses were found. I'm assuming the problem is resolved. Everything seems fine now.

I don't know how to close this post. Is it something I do or do moderators sort that?
  • 0

#4
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP