Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mulitple virus attack? [Solved]

Started by Attilla the Bun , May 18 2012 05:29 PM

  • This topic is locked This topic is locked

#1
Attilla the Bun
Posted 18 May 2012 - 05:29 PM

Attilla the Bun

    Member

  • Member
  • PipPip
  • 35 posts
Hi.
For the last month or so, AVG has been detecting repeated attacks by Trojans, mainly TR/Crypt.X (or Z)PACK.Gen 2 (or 8), TR/ATRAPS.Gen 2 or more recently EXP/CVE-2010-0840 (exploit)
Mostly, AVG seemed to have dealt with them, but tonight I ran a scan and it reported 18 viruses but the report said it had ignored them. The only symptom the computer has is a repeated warning from Winpatrol that something is trying to make a change to the HOSTS file (which is a real nuisance).

I have run Superantispyware and Malwarebytes, but they have found nothing. I'm pretty careful, have quite a bit of protection on my computer and update it regularly, and I hadn't had any problems like this for a long time; I've had a close friend in hospital for three weeks and possibly took my eye off the ball with the updating and scanning in that time, so perhaps they've sneaked in. AVG doesn't seem to be worried, but I'm not so sure, and I'd be very grateful for your help.

OTL log:
OTL logfile created on: 18/05/2012 23:59:32 - Run 4
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 52.64% Memory free
3.04 Gb Paging File | 2.00 Gb Available in Paging File | 66.01% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 335.34 Gb Total Space | 243.61 Gb Free Space | 72.65% Space Free | Partition Type: NTFS

Computer Name: USER-2D7097102E | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/18 23:58:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2012/05/10 07:04:21 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/10 07:04:13 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/10 07:04:12 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/10 07:04:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/05 22:39:28 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/05 22:02:44 | 000,161,736 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/05/05 21:39:49 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/04/17 01:23:42 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/04/17 01:23:42 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/04/15 22:04:44 | 000,374,368 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/09/07 20:28:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2003/05/23 05:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/18 21:00:35 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/18 21:00:35 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/05/10 07:04:21 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/05/05 22:39:27 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/04 11:22:54 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/10 17:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/09/07 20:40:16 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/09/07 20:40:16 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/08/08 01:08:28 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/04/15 02:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:24:01 | 000,192,512 | R--- | M] () -- C:\Program Files\SpywareGuard\dlprotect.dll
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll
MOD - [2002/04/22 14:43:00 | 000,544,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscn.dll
MOD - [2002/04/22 14:41:22 | 000,135,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqe3500.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/10 07:04:21 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/10 07:04:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/05 22:39:29 | 000,129,976 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/05 22:02:44 | 000,161,736 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/17 01:23:42 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/01/27 00:00:34 | 000,827,456 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\WINDOWS\temp\0120321274909344mcinst.exe -- (0120321274909344mcinstcleanup) McAfee Application Installer Cleanup (0120321274909344)
SRV - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/09/07 20:28:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/22 19:07:34 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/05/04 13:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/04/17 13:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\Program Files\Kodak\AiO\Center\KodakSvc.exe -- (KodakSvc)
SRV - [2006/09/28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)
SRV - [2003/05/23 05:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LVCM.sys -- (QCMerced)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\George\catchme.sys -- (catchme)
DRV - [2012/05/10 07:04:21 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/10 07:04:21 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/17 01:23:58 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/04/17 01:23:58 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/04/17 01:23:58 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/12/15 22:10:13 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/07 20:28:56 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/07 20:28:55 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/08/08 01:08:28 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/04/24 23:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/12/24 15:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/02/08 00:41:42 | 000,032,624 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFEHashRIPEMD.sys -- (FreeOTFEHashRIPEMD)
DRV - [2010/02/08 00:41:42 | 000,030,704 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFEHashWhirlpool.sys -- (FreeOTFEHashWhirlpool)
DRV - [2010/02/08 00:41:42 | 000,026,224 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFEHashSHA.sys -- (FreeOTFEHashSHA)
DRV - [2010/02/08 00:41:42 | 000,022,128 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFEHashTiger.sys -- (FreeOTFEHashTiger)
DRV - [2010/02/08 00:41:42 | 000,016,880 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFEHashMD.sys -- (FreeOTFEHashMD)
DRV - [2010/02/08 00:41:40 | 000,031,856 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFECypherTwofish_ltc.sys -- (FreeOTFECypherTwofish_ltc)
DRV - [2010/02/08 00:41:40 | 000,029,168 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFECypherSerpent_Gladman.sys -- (FreeOTFECypherSerpent_Gladman)
DRV - [2010/02/08 00:41:40 | 000,026,096 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFECypherRC6_ltc.sys -- (FreeOTFECypherRC6_ltc)
DRV - [2010/02/08 00:41:38 | 000,056,816 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFECypherDES.sys -- (FreeOTFECypherDES)
DRV - [2010/02/08 00:41:38 | 000,047,216 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFECypherAES_ltc.sys -- (FreeOTFECypherAES_ltc)
DRV - [2010/02/08 00:41:38 | 000,031,856 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFE.sys -- (FreeOTFE)
DRV - [2010/02/08 00:41:38 | 000,031,088 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFECypherCAST5.sys -- (FreeOTFECypherCAST5)
DRV - [2010/02/08 00:41:38 | 000,029,808 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFECypherCAST6_Gladman.sys -- (FreeOTFECypherCAST6_Gladman)
DRV - [2010/02/08 00:41:38 | 000,026,480 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFECypherMARS_Gladman.sys -- (FreeOTFECypherMARS_Gladman)
DRV - [2010/02/08 00:41:38 | 000,025,200 | ---- | M] (Sarah Dean) [Kernel | System | Running] -- C:\WINDOWS\system32\FreeOTFECypherBlowfish.sys -- (FreeOTFECypherBlowfish)
DRV - [2009/03/25 11:50:02 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/03/25 11:49:57 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/12/30 12:47:18 | 000,016,512 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/11/10 04:20:02 | 000,029,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2007/09/20 19:07:40 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 19:07:38 | 000,053,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/09/19 10:16:32 | 004,617,728 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/15 17:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/06/27 18:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2004/10/08 02:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/01/31 03:40:08 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/12/03 17:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/10/24 05:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway...r={searchTerms}
IE - HKCU\..\SearchScopes\{C1E7C583-E538-4AD7-AB2A-57F1450C20B9}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{DD5C81A0-C32F-4370-8042-120DD8C175A4}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Sendspace Bar Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://uk.search.yah...h?fr=mcafee&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}: C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/28 21:31:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/05 22:39:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/05 22:06:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/03/23 18:29:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/05/05 22:06:21 | 000,000,000 | ---D | M]

[2009/01/05 00:11:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/11/13 17:17:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/10 23:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5aga9evw.default\extensions
[2012/01/09 21:54:46 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5aga9evw.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}(2)
[2010/03/30 00:36:02 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5aga9evw.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2011/05/21 19:59:12 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5aga9evw.default\extensions\[email protected]
[2012/02/12 11:18:22 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5aga9evw.default\extensions\[email protected]
[2011/03/08 16:33:58 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\5aga9evw.default\searchplugins\conduit.xml
[2012/04/27 08:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/27 09:18:27 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{8000fa65-faec-7803-98aa-3b2e0a9589f7}
[2012/05/10 23:51:12 | 000,523,864 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5AGA9EVW.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/05/05 22:39:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/02/02 16:35:06 | 000,238,976 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll
[2007/02/04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012/03/23 18:24:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/23 20:49:32 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/03/23 18:24:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/26 10:08:54 | 000,000,882 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &Search - http://edits.myway.c...1C&n=2010080316 File not found
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E45266-6528-4496-8BCD-A6D5357BB7A7}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - () - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/30 12:40:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/18 23:54:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/05/18 20:50:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/05/06 23:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun
[2012/05/05 22:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/05 22:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/05 22:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/05/05 22:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/27 15:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira
[2012/04/27 15:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/04/27 15:58:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/04/27 15:58:28 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/04/27 15:58:28 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/04/27 15:58:28 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/04/27 15:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/04/27 15:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/04/27 09:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/04/27 09:18:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\Recent(2)
[2012/04/25 23:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/03 21:15:01 | 000,638,976 | ---- | C] (IObit) -- C:\Program Files\Uninstall IObit Toolbar.dll
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/18 23:40:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/18 20:47:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/18 09:43:40 | 006,753,440 | R--- | M] () -- C:\Documents and Settings\User\Desktop\wellfed_ebooksample.pdf
[2012/05/18 09:31:38 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Word.lnk
[2012/05/16 22:00:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/10 07:18:29 | 000,463,426 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/10 07:18:29 | 000,080,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/10 07:04:21 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/05/10 07:04:21 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/05/05 22:07:35 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/05/05 22:00:12 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Update Checker.lnk
[2012/04/27 17:55:44 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Kodak AiO Scheduled Maintenance.job
[2012/04/27 09:08:05 | 000,000,090 | ---- | M] () -- C:\Documents and Settings\User\default.pls
[2012/04/21 00:49:40 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/18 10:06:00 | 032,271,901 | ---- | C] () -- C:\Documents and Settings\User\Desktop\WellFed_eBook_2_up.pdf
[2012/05/18 10:02:37 | 030,004,881 | ---- | C] () -- C:\Documents and Settings\User\Desktop\WellFed_eBook_1_up.pdf
[2012/05/18 09:52:54 | 006,753,440 | R--- | C] () -- C:\Documents and Settings\User\Desktop\wellfed_ebooksample.pdf
[2012/05/05 22:07:35 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/05/05 22:00:12 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Update Checker.lnk
[2012/05/05 22:00:12 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Update Checker.lnk
[2012/04/21 00:49:40 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/10 16:56:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2011/08/09 22:19:25 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\WS_ATLMovie.dll
[2011/07/22 19:06:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2010/11/17 20:48:09 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini

========== LOP Check ==========

[2010/05/08 22:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/05/04 23:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/01/24 18:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/05/09 01:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/05/05 22:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/01/24 18:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2009/01/05 20:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/05/21 20:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2012/02/19 12:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/06/07 20:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings
[2010/01/30 01:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/04/26 00:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/14 16:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009/01/05 01:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/05/16 22:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/01/31 23:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/13 12:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/09 18:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/06 19:56:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/05/09 02:17:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2010/05/14 21:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CheckPoint
[2010/11/27 17:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2012/05/17 20:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Foxit Software
[2010/06/02 21:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IObit
[2010/03/31 10:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Jumping Bytes
[2010/11/17 20:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2012/02/05 16:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MP3AudioRecorder
[2011/05/21 20:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QFX Software
[2012/02/19 12:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Samsung
[2010/02/06 01:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Serif
[2010/05/03 16:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify
[2010/06/07 21:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sync App Settings
[2012/01/23 23:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Temp
[2010/11/13 17:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thunderbird
[2010/02/14 16:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Trusteer
[2009/05/16 22:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ulead Systems
[2010/05/15 11:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
Render
Posted 22 May 2012 - 08:41 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#3
Attilla the Bun
Posted 23 May 2012 - 02:04 PM

Attilla the Bun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Render,
Thanks you very much for looking at my problem.
The viruses are still lurking, every time I switch the computer on, Avira flags up deals with two of three of them and deals with them, it's as if something is attracting them to my computer. I normally never have an alert from one year to the next!

I've downloaded the programme, but when I click 'run', it won't open.
  • 0

#4
Render
Posted 23 May 2012 - 02:15 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

If I understand you correctly you cannot run the program. In this case please try to rename aswMBR.exe to explorer.exe and then try to run it.
  • 0

#5
Attilla the Bun
Posted 23 May 2012 - 03:14 PM

Attilla the Bun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I tried that, but it still won't run.
  • 0

#6
Render
Posted 24 May 2012 - 04:30 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Try with this:

  • Please download on the desktop RogueKiller (by tigzy).
  • Quit all programs.
  • Run RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan.
    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop. We can also open it with the Report button.
  • Please copy content of report and post it in your next reply.

  • 0

#7
Attilla the Bun
Posted 25 May 2012 - 04:07 PM

Attilla the Bun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
That one worked:
RogueKiller V7.5.0 [05/24/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Scan -- Date: 05/25/2012 22:59:36

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (Unknown @ 0xBA784E7C)
SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0xBA784E36)
SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (Unknown @ 0xBA784E86)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0xBA784E2C)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0xBA784E3B)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0xBA784E45)
SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (Unknown @ 0xBA784E77)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (Unknown @ 0xBA784E4A)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0xBA784E18)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0xBA784E1D)
SSDT[177] : NtQueryValueKey @ 0x80622314 -> HOOKED (Unknown @ 0xBA784E9F)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (Unknown @ 0xBA784E54)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D76 -> HOOKED (Unknown @ 0xBA784E90)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0xBA784E4F)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (Unknown @ 0xBA784E8B)
SSDT[237] : NtSetSecurityObject @ 0x805C062E -> HOOKED (Unknown @ 0xBA784E95)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0xBA784E40)
SSDT[255] : NtSystemDebugControl @ 0x806180BA -> HOOKED (Unknown @ 0xBA784E9A)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0xBA784E27)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xBA784EAE)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xBA784EB3)

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
94.63.147.16 www.google.com
94.63.147.17 www.bing.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3360320AS +++++
--- User ---
[MBR] 68d0cea747c6de63d7769554e472516c
[BSP] f2abfd13ec246106e869afe75d964677 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 343389 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 4a268b4e1ae65f4e206ecc2893cce675
[BSP] f2abfd13ec246106e869afe75d964677 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 343389 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 703261440 | Size: 9 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

No viruses trying to get in today at all, they must have Fridays off!
  • 0

#8
Render
Posted 26 May 2012 - 04:35 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please run RogueKiller once again and click on Host Fix button. Close RoguKiller and post new RogueKiller report.

NEXT....

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK button.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.
  • 0

#9
Attilla the Bun
Posted 27 May 2012 - 12:52 PM

Attilla the Bun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi again
I did the Host fix, but TDSSKiller won't run either. When I click on 'run' nothing happens
  • 0

#10
Render
Posted 27 May 2012 - 01:15 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Posted Image Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  • CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  • If you are using personal certificates I recommend you to export them before running ComboFix and save them to external media.
Please carefully follow all steps below:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes. ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofix. Use copy/paste.

Also please describe how your computer behaves at the moment.
  • 0

Advertisements

#11
Attilla the Bun
Posted 28 May 2012 - 04:32 PM

Attilla the Bun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi again,
I've tried three times with Combofix, but after about 5 minutes or so, (I can tell when because it stops the clock) it stops scanning and freezes the computer so that I can only turn it off at the plug - I've tried leaving it for an hour or more, but nothing happens.
I turned off Avira, Superantispyware, Winpatrol and Spywareguard, and uninstalled Malwarebytes because I couldn't find a way to turn it off. Could there be anything else that's stopping it working?

On a postive note, whatever was constantly trying to change the host file has been fixed, which is a great relief, so thanks for that!
  • 0

#12
Render
Posted 28 May 2012 - 05:01 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi

Could there be anything else that's stopping it working?

It can be software or hardware issue. But can't tell from so far provided logs.

Anyway, how is your computer running now?
  • 0

#13
Attilla the Bun
Posted 28 May 2012 - 05:40 PM

Attilla the Bun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Everything seems fine, as the repeated Trojan alerts seem to have stopped, round about the same time the problem with the Hosts file was fixed. The computer always worked ok, it was just the fact that I was suddenly getting multiple warnings and on the one occasion Avira said it had ignored about 18 of them rather than fixing them that made me worry that I had a problem.

Thanks very much for your help
  • 0

#14
Render
Posted 28 May 2012 - 06:56 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. We are in the middle of the malware removal process so stay on board please.

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#15
Attilla the Bun
Posted 30 May 2012 - 10:52 AM

Attilla the Bun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi again
Have done all that, a bit depressed at how much there was hiding on my computer! I thought I was so careful....Attached File  avptool_sysinfo.zip   17.53KB   120 downloads

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP