Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected with Trojan [Closed]

Started by Gemini Paints , Jun 14 2012 11:00 PM

This topic is locked

#1
Gemini Paints

Posted 14 June 2012 - 11:00 PM

New Member

Member
6 posts

Hi

I know it is a general issue and has been discussed on these forums many times but my computer has been infected with a host of malware,trojan etc due to an unauthorised flashdrive. I am unable to get rid of these in my system and the network PC's. The infections are Trojan.panddos, downloader,backdoor.trojan, etc and despite many attempts we are unable to get rid of it. Can you help us ??

Rgds

Gemini Paints

#2
Essexboy

Posted 15 June 2012 - 10:26 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi first I will need to look at the system

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
Gemini Paints

Posted 18 June 2012 - 03:26 AM

New Member

Topic Starter
Member
6 posts

Hi

Thank you for your help. The logs are as below :

Regards

Kumar
Gemini Paints

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-16 14:40:35
-----------------------------
14:40:35.812 OS Version: Windows 5.1.2600 Service Pack 2
14:40:35.812 Number of processors: 2 586 0xF0D
14:40:35.812 ComputerName: COMPAQ1 UserName: win
14:40:36.406 Initialize success
14:40:56.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
14:40:56.156 Disk 0 Vendor: WDC_WD1600AAJS-22PSA0 05.06H05 Size: 152627MB BusType: 3
14:40:56.156 Disk 0 MBR read successfully
14:40:56.156 Disk 0 MBR scan
14:40:56.156 Disk 0 Windows XP default MBR code
14:40:56.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
14:40:56.156 Disk 0 Partition - 00 0F Extended LBA 114463 MB offset 78156225
14:40:56.171 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 38154 MB offset 78156288
14:40:56.171 Disk 0 Partition - 00 05 Extended 38154 MB offset 156296385
14:40:56.171 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 38154 MB offset 156296448
14:40:56.171 Disk 0 Partition - 00 05 Extended 38154 MB offset 312576705
14:40:56.203 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 38154 MB offset 234436608
14:40:56.203 Disk 0 scanning sectors +312576705
14:40:56.265 Disk 0 scanning C:\WINDOWS\system32\drivers
14:41:01.156 Service scanning
14:41:05.296 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
14:41:05.359 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
14:41:05.828 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
14:41:05.843 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
14:41:06.437 Modules scanning
14:41:21.671 Disk 0 trace - called modules:
14:41:21.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:41:21.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8652dab8]
14:41:21.687 3 CLASSPNP.SYS[f75c905b] -> nt!IofCallDriver -> \Device\00000068[0x86575ca0]
14:41:21.687 5 ACPI.sys[f745f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8658ad98]
14:41:21.687 Scan finished successfully
14:41:32.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\win\Desktop\MBR.dat"
14:41:32.687 The log file has been saved successfully to "C:\Documents and Settings\win\Desktop\aswMBR.txt"

OTL logfile created on: 16/06/2012 2:44:41 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\win\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1015.29 Mb Total Physical Memory | 741.08 Mb Available Physical Memory | 72.99% Memory free
2.39 Gb Paging File | 1.99 Gb Available in Paging File | 83.46% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 25.44 Gb Free Space | 68.27% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 10.01 Gb Free Space | 26.88% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 34.03 Gb Free Space | 91.33% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 28.81 Gb Free Space | 77.32% Space Free | Partition Type: NTFS

Computer Name: COMPAQ1 | User Name: win | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 14:42:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\win\Desktop\OTL.exe
PRC - [2009/05/12 23:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/05/12 21:55:30 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/05/12 21:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/03/17 01:25:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/03/17 01:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/07/06 13:14:02 | 005,730,304 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2007/04/07 20:01:32 | 004,075,520 | ---- | M] (Gemini Paints) -- C:\Documents and Settings\win\Desktop\Inventory_new.exe
PRC - [2004/08/04 00:56:56 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\scrcons.exe
PRC - [2004/08/04 00:56:54 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2010/03/31 12:17:54 | 000,794,624 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPM1210GC.DLL
MOD - [2010/03/31 11:50:34 | 002,363,392 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpm1210su.dll
MOD - [2007/07/06 13:14:02 | 005,730,304 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\grrxv.cc3 -- (RemoteAccess)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\pylzsc.exe -- (Nationalwxf)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\abkby.exe -- (National2.0)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Update.dll -- (I33198453K)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\wdwed.cc3 -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\ProgramFiles\Debugswwsswwa.dll -- (DeBuGXssxXjrq)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\6to4ex.dll -- (6to4)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\Local User\360safe.dll -- (360svc)
SRV - [2012/06/10 11:09:06 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2009/05/12 23:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/05/12 21:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/03/17 01:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/03/17 01:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/02/01 22:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2007/07/06 13:14:02 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\win\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/05/30 13:30:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/30 13:30:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/15 13:30:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120617.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/15 13:30:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120617.009\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/21 17:46:10 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/04/23 13:21:52 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/05/12 21:58:06 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/05/12 21:56:32 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/03/04 14:07:52 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/03/04 14:07:52 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/03/04 14:07:52 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/11/18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 12:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/09/09 14:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008/08/21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/05/31 16:49:24 | 000,096,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/03/26 20:51:06 | 004,395,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/11 08:42:00 | 000,076,416 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2004/08/04 01:05:44 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.co.in/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0
FF - prefs.js..keyword.URL: "http://search.babylo...01e90a59c06&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\5.bin\NPFunWeb.dll (Fun Web Products, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/10 11:09:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/21 15:06:49 | 000,000,000 | ---D | M]

[2010/09/28 12:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\win\Application Data\Mozilla\Extensions
[2012/04/30 16:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\win\Application Data\Mozilla\Firefox\Profiles\r8y1fqfb.default\extensions
[2011/12/17 16:00:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\win\Application Data\Mozilla\Firefox\Profiles\r8y1fqfb.default\extensions\[email protected]
[2010/09/28 12:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/10 11:09:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/17 15:59:44 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/21 15:06:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/21 15:06:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2001/08/23 17:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [smss] C:\Program Files\smss.exe File not found
O4 - HKLM..\Run: [Yahoo Messenger] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1324612835078 (WUWebControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8707D81-75E1-4A8F-8B83-DE6EBF49720A}: NameServer = 203.145.184.13,203.145.184.32
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://l.yimg.com/zz...h-min-265196.js
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O27 - HKLM IFEO\AYAgent.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\AYAgentSrv.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\AYRTSrv.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\AYScanner.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\AYUpdSrv.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\ekrn.exe: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\V3PScan.exe: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\V3SP.exe: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\V3Svc.exe: Debugger - c:\windows\system32\altv.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/23 10:50:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4045eeba-54e8-11df-9ce7-001e90a59c06}\Shell - "" = AutoRun
O33 - MountPoints2\{4045eeba-54e8-11df-9ce7-001e90a59c06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4045eeba-54e8-11df-9ce7-001e90a59c06}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{4045eebd-54e8-11df-9ce7-001e90a59c06}\Shell\AutoRun\command - "" = H:\ROOT\SYSTEM\MaY.exe
O33 - MountPoints2\{4045eebd-54e8-11df-9ce7-001e90a59c06}\Shell\open\command - "" = H:\ROOT\SYSTEM\MaY.exe
O33 - MountPoints2\{4cad76b8-b0cd-11df-9e92-001e90a59c06}\Shell\AutoRun\command - "" = H:\wMhNPu.eXE
O33 - MountPoints2\{4cad76b8-b0cd-11df-9e92-001e90a59c06}\Shell\OPeN\comMANd - "" = H:\WmhNPu.Exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - C:\WINDOWS\system32\6to4ex.dll File not found
NetSvcs: HidServ - C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\wdwed.cc3 File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Remoteaccess - C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\grrxv.cc3 File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: 360svc - C:\Documents and Settings\Local User\360safe.dll File not found
NetSvcs: netsvcs_0x0 - File not found
NetSvcs: netsvcs_0x1 - File not found
NetSvcs: netsvcs_0x2 - File not found
NetSvcs: netsvcs_0x3 - File not found
NetSvcs: netsvcs_0x4 - File not found
NetSvcs: netsvcs_0x5 - File not found
NetSvcs: netsvcs_0x6 - File not found
NetSvcs: netsvcs_0x7 - File not found
NetSvcs: netsvcs_0x8 - File not found
NetSvcs: netsvcs_0x9 - File not found
NetSvcs: netsvcs_0x10 - File not found
NetSvcs: netsvcs_0x11 - File not found
NetSvcs: netsvcs_0x12 - File not found
NetSvcs: DeBuGXssxXjrq - C:\ProgramFiles\Debugswwsswwa.dll File not found
NetSvcs: netsvcs_0x13 - File not found
NetSvcs: netsvcs_0x14 - File not found
NetSvcs: netsvcs_0x15 - File not found
NetSvcs: netsvcs_0x16 - File not found
NetSvcs: netsvcs_0x17 - File not found
NetSvcs: netsvcs_0x18 - File not found
NetSvcs: netsvcs_0x19 - File not found
NetSvcs: netsvcs_0x20 - File not found
NetSvcs: netsvcs_0x21 - File not found
NetSvcs: netsvcs_0x22 - File not found
NetSvcs: netsvcs_0x23 - File not found
NetSvcs: netsvcs_0x24 - File not found
NetSvcs: netsvcs_0x25 - File not found
NetSvcs: netsvcs_0x26 - File not found
NetSvcs: netsvcs_0x27 - File not found
NetSvcs: netsvcs_0x28 - File not found
NetSvcs: netsvcs_0x29 - File not found
NetSvcs: netsvcs_0x30 - File not found
NetSvcs: netsvcs_0x31 - File not found
NetSvcs: netsvcs_0x32 - File not found
NetSvcs: netsvcs_0x33 - File not found
NetSvcs: netsvcs_0x34 - File not found
NetSvcs: netsvcs_0x35 - File not found
NetSvcs: netsvcs_0x36 - File not found
NetSvcs: netsvcs_0x37 - File not found
NetSvcs: netsvcs_0x38 - File not found
NetSvcs: netsvcs_0x39 - File not found
NetSvcs: netsvcs_0x40 - File not found
NetSvcs: netsvcs_0x41 - File not found
NetSvcs: netsvcs_0x42 - File not found
NetSvcs: netsvcs_0x43 - File not found
NetSvcs: netsvcs_0x44 - File not found
NetSvcs: netsvcs_0x45 - File not found
NetSvcs: netsvcs_0x46 - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/16 14:42:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\win\Desktop\OTL.exe
[2012/06/16 14:40:26 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\win\Desktop\aswMBR.exe
[2012/06/13 21:24:04 | 000,188,416 | ---- | C] (Sogou.com Inc.) -- C:\18181.exe
[2012/06/11 21:35:51 | 000,112,060 | ---- | C] (深圳市迅雷网络技术有限公司) -- C:\11188.exe
[2012/06/11 19:16:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\191641
[2012/06/11 18:55:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\XXXXXX2157070F
[2012/06/11 12:24:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\tt
[2012/06/11 12:24:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\kk
[2012/06/11 12:24:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\bb
[2012/06/10 11:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/10 11:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/17 11:05:30 | 000,665,987 | ---- | M] () -- C:\brirish bang.JPG
[2012/06/17 08:46:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/17 08:45:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/16 14:42:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\win\Desktop\OTL.exe
[2012/06/16 14:41:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\win\Desktop\MBR.dat
[2012/06/16 14:40:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\win\Desktop\aswMBR.exe
[2012/06/16 12:31:53 | 000,003,375 | ---- | M] () -- C:\Report.html
[2012/06/13 21:24:04 | 000,188,416 | ---- | M] (Sogou.com Inc.) -- C:\18181.exe
[2012/06/12 10:42:48 | 000,007,084 | ---- | M] () -- C:\WINDOWS\System32\2157070F.key
[2012/06/12 09:46:53 | 000,081,920 | ---- | M] () -- C:\boot1.exe
[2012/06/12 09:41:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Default
[2012/06/11 23:56:05 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\2157070F
[2012/06/11 22:48:41 | 000,155,910 | ---- | M] () -- C:\WINDOWS\System32\803881AD.key
[2012/06/11 21:35:51 | 000,112,060 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\11188.exe
[2012/06/11 10:53:13 | 000,000,208 | ---- | M] () -- C:\WINDOWS\POD.INI
[2012/05/28 08:25:57 | 059,000,832 | ---- | M] () -- C:\paint195.mdb
[2012/05/23 23:07:39 | 000,000,001 | ---- | M] () -- C:\33061.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\WINDOWS\NewArea.exe
[2012/06/17 11:05:29 | 000,665,987 | ---- | C] () -- C:\brirish bang.JPG
[2012/06/16 14:41:32 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\win\Desktop\MBR.dat
[2012/06/12 09:46:53 | 000,081,920 | ---- | C] () -- C:\boot1.exe
[2012/06/12 09:41:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Default
[2012/06/11 19:49:41 | 000,007,084 | ---- | C] () -- C:\WINDOWS\System32\2157070F.key
[2012/06/11 18:55:42 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\2157070F
[2012/06/11 12:01:10 | 000,155,910 | ---- | C] () -- C:\WINDOWS\System32\803881AD.key
[2012/05/23 23:07:39 | 000,000,001 | ---- | C] () -- C:\33061.exe
[2012/05/20 09:54:52 | 059,000,832 | ---- | C] () -- C:\paint195.mdb
[2012/03/07 14:44:10 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\xml13659.dll
[2011/12/25 10:39:47 | 000,102,400 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.ADODB.dll
[2011/12/25 10:39:47 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.DAO.dll
[2011/12/25 10:39:47 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.MSFlexGridLib.dll
[2011/12/25 10:39:47 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2011/12/25 10:39:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AxInterop.MSFlexGridLib.dll
[2011/12/25 10:39:47 | 000,014,848 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.MSScriptControl.dll
[2011/12/25 10:39:47 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.VBA.dll
[2011/12/25 10:39:47 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.JRO.dll
[2011/12/25 10:39:47 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\mscorlib.dll
[2011/11/30 17:06:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\amd.dll
[2011/06/05 11:57:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/05 11:57:28 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\win\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/24 14:16:43 | 002,247,450 | ---- | C] () -- C:\WINDOWS\System32\keyboar.dat
[2011/02/27 10:01:17 | 000,065,595 | ---- | C] () -- C:\Program Files\Donvert2.exe
[2011/02/23 13:26:00 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\win\Application Data\a.exe
[2010/09/28 12:49:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/31 23:18:11 | 000,003,733 | ---- | C] () -- C:\WINDOWS\System32\perfc008.dat
[2010/08/13 16:59:11 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/06/19 00:41:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\sys.dll

========== LOP Check ==========

[2011/12/17 15:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/12/17 16:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/12/17 15:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2010/09/25 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm
[2011/04/11 18:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\win\Application Data\Aventail
[2011/12/17 15:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\win\Application Data\Babylon
[2011/12/18 11:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\win\Application Data\MySQL
[2011/06/06 15:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\win\Application Data\TeamViewer

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2012/06/11 21:35:51 | 000,112,060 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\11188.exe
[2012/06/13 21:24:04 | 000,188,416 | ---- | M] (Sogou.com Inc.) -- C:\18181.exe
[2012/05/23 23:07:39 | 000,000,001 | ---- | M] () -- C:\33061.exe
[2012/06/12 09:46:53 | 000,081,920 | ---- | M] () -- C:\boot1.exe
[2007/04/07 20:01:32 | 004,075,520 | ---- | M] (Gemini Paints) -- C:\Inventory_new.exe
[2010/08/12 21:28:26 | 000,903,364 | RHS- | M] () -- C:\sgnshp.exe
[2011/03/31 16:54:43 | 003,269,184 | ---- | M] (TeamViewer GmbH) -- C:\TeamViewer_Setup_en.exe
[2010/08/20 12:20:57 | 000,176,128 | ---- | M] () -- C:\upload.exe
[2006/02/28 16:33:27 | 000,570,868 | RHS- | M] () -- C:\xxhoju.exe

< MD5 for: EXPLORER.EXE >
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES >
[2001/08/23 17:30:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\system32\dllcache\services.exe
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2010/04/23 10:50:53 | 000,001,602 | ---- | M] () MD5=D881EEEE4F02DBFE0A350DD3C86A28BC -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2001/08/23 17:30:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

< >

< End of report >

OTL Extras logfile created on: 16/06/2012 2:44:41 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\win\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1015.29 Mb Total Physical Memory | 741.08 Mb Available Physical Memory | 72.99% Memory free
2.39 Gb Paging File | 1.99 Gb Available in Paging File | 83.46% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 25.44 Gb Free Space | 68.27% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 10.01 Gb Free Space | 26.88% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 34.03 Gb Free Space | 91.33% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 28.81 Gb Free Space | 77.32% Space Free | Partition Type: NTFS

Computer Name: COMPAQ1 | User Name: win | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3306:TCP" = 3306:TCP:*:Enabled:Mysql
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40A07E01-709A-4C88-9A0C-25473E778497}" = GEMINISETUP
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{7635D07D-B727-496F-94CA-8AC60E0C40CE}" = Microsoft Report Viewer Redistributable 2005
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{8AA037A8-E104-493A-A962-8D58535A0198}" = MySQL Server 5.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{98FA9751-E7E0-4509-BE22-0E66BE8592B4}" = MySQL Tools for 5.0
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D689B418-235A-4290-A0A5-A75E490E0351}" = Symantec Endpoint Protection
"{DA1A4DBF-48A1-4ABE-8890-DD60DF92B498}" = MySQL Connector/ODBC 3.51
"{EFBB2251-22CC-4484-9B49-07ED25248CB6}" = MySQL Connector Net 5.0.6
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DreamCoder for MySQL Free Edition_is1" = DreamCoder for MySQL 4.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"MosChip Technology" = MosChip Multi-IO Controller
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"ST6UNST #1" = Gemini Inventory System
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.0.1
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"c895048403dc6db3" = GEMINI
"fa33ce86aa49d492" = GEMINI - 1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15/06/2012 12:16:38 AM | Computer Name = COMPAQ1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Backdoor.Nitol in File: Unavailable by: Startup
scan. Action: Delete failed : Leave Alone failed. Action Description:

Error - 15/06/2012 11:44:15 AM | Computer Name = COMPAQ1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Downloader in File: C:\WINDOWS\amd.dll by: Auto-Protect
scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.

Error - 15/06/2012 11:44:25 AM | Computer Name = COMPAQ1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Downloader in File: C:\WINDOWS\amd.dll by: Auto-Protect
scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.

Error - 15/06/2012 2:16:56 PM | Computer Name = COMPAQ1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Downloader in File: C:\WINDOWS\amd.dll by: Auto-Protect
scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.

Error - 15/06/2012 2:17:52 PM | Computer Name = COMPAQ1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Downloader in File: C:\WINDOWS\amd.dll by: Auto-Protect
scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.

Error - 16/06/2012 11:16:14 PM | Computer Name = COMPAQ1 | Source = MySQL | ID = 100
Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information,
see Help and Support Center at http://www.mysql.com.

Error - 16/06/2012 11:16:14 PM | Computer Name = COMPAQ1 | Source = MySQL | ID = 100
Description = Can't open shared library 'C:FZ.dll' (errno: 0 ) For more information,
see Help and Support Center at http://www.mysql.com.

Error - 16/06/2012 11:16:14 PM | Computer Name = COMPAQ1 | Source = MySQL | ID = 100
Description = Can't open shared library 'sql.dll' (errno: 0 ) For more information,
see Help and Support Center at http://www.mysql.com.

Error - 16/06/2012 5:07:02 AM | Computer Name = COMPAQ1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2180, fault address 0x00052d7d.

Error - 16/06/2012 5:20:09 AM | Computer Name = COMPAQ1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Panddos in File: C:\WINDOWS\NewArea.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

[ System Events ]
Error - 15/06/2012 12:17:23 AM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Microsoft Device Mana service terminated with the following error:
%%126

Error - 15/06/2012 12:17:23 AM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Microsoft Device ManagwsxerXsX service terminated with the following
error: %%126

Error - 15/06/2012 12:17:23 AM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 15/06/2012 12:17:23 AM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Routing and Remote Access service terminated with the following
error: %%126

Error - 16/06/2012 11:17:40 PM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Microsoft Device Managerjuiouou1 service terminated with the following
error: %%126

Error - 16/06/2012 11:17:40 PM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Microsoft Device Manager service terminated with the following
error: %%126

Error - 16/06/2012 11:17:40 PM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Microsoft Device ManagwsxerXsX service terminated with the following
error: %%126

Error - 16/06/2012 11:17:40 PM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 16/06/2012 11:17:40 PM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Microsoft Device Mana service terminated with the following error:
%%126

Error - 16/06/2012 11:17:40 PM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Routing and Remote Access service terminated with the following
error: %%126

< End of report >

#4
Essexboy

Posted 18 June 2012 - 07:39 AM

GeekU Moderator

Retired Staff
69,964 posts

Hmm bit of a weird one this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - File not found [Auto | Stopped] -- C:\ProgramFiles\Debugswwsswwa.dll -- (DeBuGXssxXjrq)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\6to4ex.dll -- (6to4)FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\5.bin\NPFunWeb.dll (Fun Web Products, Inc.)
[2011/12/17 15:59:44 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O27 - HKLM IFEO\AYAgent.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\AYAgentSrv.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\AYRTSrv.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\AYScanner.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\AYUpdSrv.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\ekrn.exe: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\V3PScan.exe: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\V3SP.exe: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\V3Svc.exe: Debugger - c:\windows\system32\altv.exe File not found
NetSvcs: 6to4 - C:\WINDOWS\system32\6to4ex.dll File not found
NetSvcs: netsvcs_0x0 - File not found
NetSvcs: netsvcs_0x1 - File not found
NetSvcs: netsvcs_0x2 - File not found
NetSvcs: netsvcs_0x3 - File not found
NetSvcs: netsvcs_0x4 - File not found
NetSvcs: netsvcs_0x5 - File not found
NetSvcs: netsvcs_0x6 - File not found
NetSvcs: netsvcs_0x7 - File not found
NetSvcs: netsvcs_0x8 - File not found
NetSvcs: netsvcs_0x9 - File not found
NetSvcs: netsvcs_0x10 - File not found
NetSvcs: netsvcs_0x11 - File not found
NetSvcs: netsvcs_0x12 - File not found
NetSvcs: DeBuGXssxXjrq - C:\ProgramFiles\Debugswwsswwa.dll File not found
NetSvcs: netsvcs_0x13 - File not found
NetSvcs: netsvcs_0x14 - File not found
NetSvcs: netsvcs_0x15 - File not found
NetSvcs: netsvcs_0x16 - File not found
NetSvcs: netsvcs_0x17 - File not found
NetSvcs: netsvcs_0x18 - File not found
NetSvcs: netsvcs_0x19 - File not found
NetSvcs: netsvcs_0x20 - File not found
NetSvcs: netsvcs_0x21 - File not found
NetSvcs: netsvcs_0x22 - File not found
NetSvcs: netsvcs_0x23 - File not found
NetSvcs: netsvcs_0x24 - File not found
NetSvcs: netsvcs_0x25 - File not found
NetSvcs: netsvcs_0x26 - File not found
NetSvcs: netsvcs_0x27 - File not found
NetSvcs: netsvcs_0x28 - File not found
NetSvcs: netsvcs_0x29 - File not found
NetSvcs: netsvcs_0x30 - File not found
NetSvcs: netsvcs_0x31 - File not found
NetSvcs: netsvcs_0x32 - File not found
NetSvcs: netsvcs_0x33 - File not found
NetSvcs: netsvcs_0x34 - File not found
NetSvcs: netsvcs_0x35 - File not found
NetSvcs: netsvcs_0x36 - File not found
NetSvcs: netsvcs_0x37 - File not found
NetSvcs: netsvcs_0x38 - File not found
NetSvcs: netsvcs_0x39 - File not found
NetSvcs: netsvcs_0x40 - File not found
NetSvcs: netsvcs_0x41 - File not found
NetSvcs: netsvcs_0x42 - File not found
NetSvcs: netsvcs_0x43 - File not found
NetSvcs: netsvcs_0x44 - File not found
NetSvcs: netsvcs_0x45 - File not found
NetSvcs: netsvcs_0x46 - File not found
[2012/06/13 21:24:04 | 000,188,416 | ---- | C] (Sogou.com Inc.) -- C:\18181.exe
[2012/06/11 21:35:51 | 000,112,060 | ---- | C] (深圳市迅雷网络技术有限公司) -- C:\11188.exe
[2012/06/11 19:16:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\191641
[2012/06/11 18:55:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\XXXXXX2157070F
[2012/06/11 12:24:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\tt
[2012/06/11 12:24:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\kk
[2012/06/11 12:24:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\bb
[2012/06/12 10:42:48 | 000,007,084 | ---- | M] () -- C:\WINDOWS\System32\2157070F.key
[2012/06/12 09:46:53 | 000,081,920 | ---- | M] () -- C:\boot1.exe
[2012/05/23 23:07:39 | 000,000,001 | ---- | M] () -- C:\33061.exe
[2006/02/28 16:33:27 | 000,570,868 | RHS- | M] () -- C:\xxhoju.exe

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#5
Gemini Paints

Posted 19 June 2012 - 03:24 AM

New Member

Topic Starter
Member
6 posts

Hi

Thank you for your reply. The logs are as below :

Regards

Kumar
Gemini Paints
OTL logfile created on: 18/06/2012 2:35:56 PM - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\win\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1015.29 Mb Total Physical Memory | 509.60 Mb Available Physical Memory | 50.19% Memory free
2.39 Gb Paging File | 1.99 Gb Available in Paging File | 83.60% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 25.70 Gb Free Space | 68.96% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 10.01 Gb Free Space | 26.87% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 34.03 Gb Free Space | 91.33% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 28.81 Gb Free Space | 77.32% Space Free | Partition Type: NTFS

Computer Name: COMPAQ1 | User Name: win | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 14:42:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\win\Desktop\OTL.exe
PRC - [2009/05/12 23:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/05/12 21:55:30 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/05/12 21:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/03/17 01:25:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/03/17 01:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/07/06 13:14:02 | 005,730,304 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2004/08/04 00:56:54 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2007/07/06 13:14:02 | 005,730,304 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\grrxv.cc3 -- (RemoteAccess)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\pylzsc.exe -- (Nationalwxf)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\abkby.exe -- (National2.0)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Update.dll -- (I33198453K)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\wdwed.cc3 -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\Local User\360safe.dll -- (360svc)
SRV - [2012/06/10 11:09:06 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2009/05/12 23:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/05/12 21:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/03/17 01:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/03/17 01:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/02/01 22:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2007/07/06 13:14:02 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/30 13:30:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/30 13:30:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/15 13:30:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120618.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/15 13:30:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120618.017\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/04/23 13:21:52 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/05/12 21:58:06 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/05/12 21:56:32 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/03/04 14:07:52 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/03/04 14:07:52 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/03/04 14:07:52 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/11/18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 12:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/09/09 14:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008/08/21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/05/31 16:49:24 | 000,096,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/03/26 20:51:06 | 004,395,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/11 08:42:00 | 000,076,416 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2004/08/04 01:05:44 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.co.in/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0
FF - prefs.js..keyword.URL: "http://search.babylo...01e90a59c06&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/10 11:09:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/21 15:06:49 | 000,000,000 | ---D | M]

[2010/09/28 12:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\win\Application Data\Mozilla\Extensions
[2012/04/30 16:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\win\Application Data\Mozilla\Firefox\Profiles\r8y1fqfb.default\extensions
[2011/12/17 16:00:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\win\Application Data\Mozilla\Firefox\Profiles\r8y1fqfb.default\extensions\[email protected]
[2010/09/28 12:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/10 11:09:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/21 15:06:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/21 15:06:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/18 14:28:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [smss] C:\Program Files\smss.exe File not found
O4 - HKLM..\Run: [Yahoo Messenger] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1324612835078 (WUWebControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8707D81-75E1-4A8F-8B83-DE6EBF49720A}: NameServer = 203.145.184.13,203.145.184.32
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://l.yimg.com/zz...h-min-265196.js
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/23 10:50:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4045eeba-54e8-11df-9ce7-001e90a59c06}\Shell - "" = AutoRun
O33 - MountPoints2\{4045eeba-54e8-11df-9ce7-001e90a59c06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4045eeba-54e8-11df-9ce7-001e90a59c06}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{4045eebd-54e8-11df-9ce7-001e90a59c06}\Shell\AutoRun\command - "" = H:\ROOT\SYSTEM\MaY.exe
O33 - MountPoints2\{4045eebd-54e8-11df-9ce7-001e90a59c06}\Shell\open\command - "" = H:\ROOT\SYSTEM\MaY.exe
O33 - MountPoints2\{4cad76b8-b0cd-11df-9e92-001e90a59c06}\Shell\AutoRun\command - "" = H:\wMhNPu.eXE
O33 - MountPoints2\{4cad76b8-b0cd-11df-9e92-001e90a59c06}\Shell\OPeN\comMANd - "" = H:\WmhNPu.Exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/18 14:27:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/16 14:42:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\win\Desktop\OTL.exe
[2012/06/16 14:40:26 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\win\Desktop\aswMBR.exe
[2012/06/10 11:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/10 11:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla

========== Files - Modified Within 30 Days ==========

[2012/06/18 14:30:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/18 14:28:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/06/18 14:17:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/17 11:05:30 | 000,665,987 | ---- | M] () -- C:\brirish bang.JPG
[2012/06/16 18:12:29 | 000,002,960 | ---- | M] () -- C:\Report.html
[2012/06/16 14:42:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\win\Desktop\OTL.exe
[2012/06/16 14:41:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\win\Desktop\MBR.dat
[2012/06/16 14:40:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\win\Desktop\aswMBR.exe
[2012/06/12 09:46:53 | 000,081,920 | ---- | M] () -- C:\boot1.exe
[2012/06/12 09:41:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Default
[2012/06/11 23:56:05 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\2157070F
[2012/06/11 22:48:41 | 000,155,910 | ---- | M] () -- C:\WINDOWS\System32\803881AD.key
[2012/06/11 10:53:13 | 000,000,208 | ---- | M] () -- C:\WINDOWS\POD.INI
[2012/05/28 08:25:57 | 059,000,832 | ---- | M] () -- C:\paint195.mdb

========== Files Created - No Company Name ==========

[2012/06/17 11:05:29 | 000,665,987 | ---- | C] () -- C:\brirish bang.JPG
[2012/06/16 14:41:32 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\win\Desktop\MBR.dat
[2012/06/12 09:46:53 | 000,081,920 | ---- | C] () -- C:\boot1.exe
[2012/06/12 09:41:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Default
[2012/06/11 18:55:42 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\2157070F
[2012/06/11 12:01:10 | 000,155,910 | ---- | C] () -- C:\WINDOWS\System32\803881AD.key
[2012/05/20 09:54:52 | 059,000,832 | ---- | C] () -- C:\paint195.mdb
[2012/03/07 14:44:10 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\xml13659.dll
[2011/12/25 10:39:47 | 000,102,400 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.ADODB.dll
[2011/12/25 10:39:47 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.DAO.dll
[2011/12/25 10:39:47 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.MSFlexGridLib.dll
[2011/12/25 10:39:47 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2011/12/25 10:39:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AxInterop.MSFlexGridLib.dll
[2011/12/25 10:39:47 | 000,014,848 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.MSScriptControl.dll
[2011/12/25 10:39:47 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.VBA.dll
[2011/12/25 10:39:47 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.JRO.dll
[2011/12/25 10:39:47 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\mscorlib.dll
[2011/11/30 17:06:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\amd.dll
[2011/06/05 11:57:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/05 11:57:28 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\win\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/24 14:16:43 | 002,247,450 | ---- | C] () -- C:\WINDOWS\System32\keyboar.dat
[2011/02/27 10:01:17 | 000,065,595 | ---- | C] () -- C:\Program Files\Donvert2.exe
[2011/02/23 13:26:00 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\win\Application Data\a.exe
[2010/09/28 12:49:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/31 23:18:11 | 000,003,733 | ---- | C] () -- C:\WINDOWS\System32\perfc008.dat
[2010/08/13 16:59:11 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

========== LOP Check ==========

[2011/12/17 15:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/12/17 16:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/12/17 15:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2010/09/25 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm
[2011/04/11 18:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\win\Application Data\Aventail
[2011/12/17 15:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\win\Application Data\Babylon
[2011/12/18 11:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\win\Application Data\MySQL
[2011/06/06 15:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\win\Application Data\TeamViewer

========== Purity Check ==========

< End of report >

#6
Essexboy

Posted 19 June 2012 - 08:02 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you post the Combofix log please

#7
Gemini Paints

Posted 21 June 2012 - 04:35 AM

New Member

Topic Starter
Member
6 posts

Could you post the Combofix log please

Hi

The combofix log is pasted below.

Meanwhile we noticed that this system has been isolated in the network( We are unable to acces other systems in the LAN and so also other machines are unable to access this machine).

Thanks and regards

Gemini Paints
ComboFix 12-06-19.03 - win 21/06/2012 15:49:59.1.2 - x86
Running from: c:\documents and settings\win\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Storm
c:\documents and settings\win\Application Data\a.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\5.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\5.bin\F3PLUGIN.DLL
C:\programfiles
c:\programfiles\lab\HAM.docx
c:\programfiles\lab\LAB REQUIREMENTS.docx
c:\programfiles\lab\RED OXIDE METAL PRIMER MATT.docx
c:\programfiles\lab\SYNTHETIC ENAMEL 1st GRADE.docx
c:\programfiles\lab\SYNTHETIC ENAMEL 2nd GRADE.docx
c:\programfiles\lab\SYNTHETIC ENAMEL.docx
c:\programfiles\september11\1 Kg -09.xls
c:\programfiles\september11\1 Kg Distemper ctns - 09.xls
c:\programfiles\september11\1 Kg Distemper Pouches - 09.xls
c:\programfiles\september11\10 Kg pail 09.xls
c:\programfiles\september11\20 Kg pail - 09.xls
c:\programfiles\september11\20 Kg pail Sai-09.xls
c:\programfiles\september11\20 Micron Calcite -09.xls
c:\programfiles\september11\20 Micron Talc -09.xls
c:\programfiles\september11\25 Kg Durocem Bag -09.xls
c:\programfiles\september11\30 Kg bag for L.C.Putty - 09.xls
c:\programfiles\september11\5 Kg pail -09.xls
c:\programfiles\september11\5 Kg Poly Bag -09.xls
c:\programfiles\september11\Alien 98-09.xls
c:\programfiles\september11\BLUE AR-B.09.xls
c:\programfiles\september11\Ca. Chloride -09.xls
c:\programfiles\september11\caicite 240-1 - 09.xls
c:\programfiles\september11\Cal x 120-09.xls
c:\programfiles\september11\CDI - 09.xls
c:\programfiles\september11\Cement - 1 - 09.xls
c:\programfiles\september11\CMC A - 09.xls
c:\programfiles\september11\GREEN GR B.09.xls
c:\programfiles\september11\MEG-09.xls
c:\programfiles\september11\NDW-09.xls
c:\programfiles\september11\P. Green-09.xls
c:\programfiles\september11\PCC - 09.xls
c:\programfiles\september11\PERMANENT RED 2G.09.xls
c:\programfiles\september11\Red 1115 -09.xls
c:\programfiles\september11\Red Oxide 473 -09.xls
c:\programfiles\september11\S.Acid - 09.xls
c:\programfiles\september11\TI02- KIL -09.xls
c:\programfiles\september11\Vis.830 - 09.xls
c:\programfiles\september11\Visicryl 6155- 09.xls
c:\programfiles\september11\water 09.xls
c:\programfiles\september11\Yellow FINE G-B.09.xls
c:\programfiles\september11\Yellow Oxide.09.xls
C:\root
c:\root\SYSTEM\Desktop.ini
c:\windows\system32\applelogs.key
c:\windows\system32\ctfmon1.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\f5859b27.rdb
c:\windows\system32\keyboar.dat
c:\windows\system32\sys.dll
c:\windows\system32\systeminf.inf
c:\windows\system32\temp.aaa
E:\khq
F:\khq
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_360SVC
-------\Legacy_NATIONAL2.0
-------\Legacy_NATIONALWXF
-------\Service_360svc
-------\Service_Ball
-------\Service_National2.0
-------\Service_Nationalwxf
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-18 08:57 . 2012-06-18 08:57 -------- d-----w- C:\_OTL
2012-06-12 04:16 . 2012-06-12 04:16 81920 ----a-w- C:\boot1.exe
2012-06-10 05:39 . 2012-06-10 05:39 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-10 05:39 . 2012-06-10 05:39 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-10 05:39 . 2012-06-10 05:39 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-24 04:18 . 2004-08-03 19:26 19968 ----a-w- c:\windows\system32\wshtcpip.dll
2011-02-27 04:31 . 2011-02-27 04:31 65595 ----a-w- c:\program files\Donvert2.exe
2012-06-10 05:39 . 2012-02-21 09:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
.
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2004-08-03 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2004-08-03 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2004-08-03 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\netman.dll
[-] 2004-08-03 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2004-08-03 19:26 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[-] 2004-08-03 19:26 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2004-08-03 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-08-03 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2004-08-03 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\system32\rpcss.dll
[-] 2004-08-03 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\rpcss.dll
.
[-] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
[-] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\services.exe
.
[-] 2004-08-03 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-03 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\spoolsv.exe
.
[-] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2004-08-03 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2004-08-03 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-03 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2001-08-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2004-08-03 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-03 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2004-08-03 19:26 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\system32\es.dll
[-] 2004-08-03 19:26 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\es.dll
.
[-] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2004-08-03 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\system32\kernel32.dll
[-] 2004-08-03 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\kernel32.dll
.
[-] 2004-08-03 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-03 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
.
[-] 2004-08-03 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2004-08-03 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-03 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2001-08-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll
[-] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\mswsock.dll
.
[-] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2004-08-03 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-03 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2004-08-03 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2004-08-03 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2004-08-03 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-03 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
[-] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2004-08-03 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[-] 2004-08-03 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2004-08-03 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
[-] 2004-08-03 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ole32.dll
.
[-] 2004-08-03 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll
[-] 2004-08-03 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\dllcache\usp10.dll
.
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\ksuser.dll
.
[-] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2004-08-03 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-03 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\shsvcs.dll
.
[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2004-08-03 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-08-03 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2004-08-03 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-03 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2004-08-03 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2004-08-03 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2004-08-03 17:09 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\dllcache\aec.sys
[-] 2004-08-03 17:09 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys
.
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2001-08-23 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2001-08-23 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2004-08-03 19:26 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-08-03 19:26 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2004-08-03 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2004-08-03 19:26 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-03 19:26 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2004-08-03 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
[-] 2004-08-03 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[-] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
[-] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
[-] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2004-08-03 19:26 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
[-] 2004-08-03 19:26 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
[-] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll
.
[-] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
[-] 2004-08-03 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
.
[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
[-] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2004-08-03 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-03 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2004-08-03 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
[-] 2004-08-03 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2004-08-03 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\system32\rasadhlp.dll
[-] 2004-08-03 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-16 115560]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:Mysql
.
R2 I33198453K;Microsoft Device Mana;c:\windows\System32\svchost.exe [2004-08-03 14336]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-11-18 23888]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-10 129976]
S1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [2006-10-11 76416]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-30 106656]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
svchost REG_MULTI_SZ I33198453K
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{F8707D81-75E1-4A8F-8B83-DE6EBF49720A}: NameServer = 203.145.184.13,203.145.184.32
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\win\Application Data\Mozilla\Firefox\Profiles\r8y1fqfb.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100996&babsrc=adbartrp&mntrId=e0165a55000000000000001e90a59c06&q=
FF - user.js: extensions.BabylonToolbar_i.id - e0165a55000000000000001e90a59c06
FF - user.js: extensions.BabylonToolbar_i.hardId - e0165a55000000000000001e90a59c06
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15325
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:00
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100996
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DriverCD - G:\Run.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-21 15:55
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"seRVicedlL"="c:\documents and settings\All Users\Application Data\Storm\update\%SESSIONNAME%\grrxv.cc3"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(636)
c:\windows\system32\shdoclc.dll
c:\windows\system32\msi.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2012-06-21 16:01:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-21 10:30
.
Pre-Run: 27,494,195,200 bytes free
Post-Run: 27,183,493,120 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BDF0C9BE024E7994F3745DD36A124C7E

#8
Essexboy

Posted 21 June 2012 - 08:57 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets check out the system .. Any further problems apart from that ?

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

#9
Gemini Paints

Posted 22 June 2012 - 01:31 AM

New Member

Topic Starter
Member
6 posts

OK lets check out the system .. Any further problems apart from that ?

run farbar service scanner

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Hi

the log is posted below. we have only the network problem..and no other issues..

regards

gemini Paints

Farbar Service Scanner Version: 19-06-2012 01
Ran by win (administrator) on 21-06-2012 at 11:14:12
Running from "C:\Documents and Settings\win\Desktop"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-03 23:14] - [2004-08-03 23:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-03 23:14] - [2004-08-03 23:14] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-03 23:14] - [2004-08-03 23:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 00:56] - [2004-08-04 00:56] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 00:56] - [2004-08-04 00:56] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-04 00:56] - [2004-08-04 00:56] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-04-23 10:47] - [2004-08-04 00:56] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2010-04-23 10:48] - [2004-08-04 00:56] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2010-04-23 10:48] - [2004-08-03 23:06] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 00:56] - [2004-08-04 00:56] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-04-23 10:47] - [2004-08-04 00:56] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2010-04-23 10:48] - [2004-08-04 00:56] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2010-04-23 10:48] - [2004-08-04 00:56] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-04 00:56] - [2004-08-04 00:56] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 00:56] - [2004-08-04 00:56] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-04 00:56] - [2004-08-04 00:56] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 00:56] - [2004-08-04 00:56] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

C:\WINDOWS\system32\services.exe
[2004-08-04 00:56] - [2004-08-04 00:56] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4

**** End of log ****

#10
Essexboy

Posted 22 June 2012 - 06:34 AM

GeekU Moderator

Retired Staff
69,964 posts

A lot of system services are not running and we need to determine why

I will ask you to start one of the services manually, if you could note down what error message you get I will then have a feel for how to proceed

Go to Control Panel > Administrative Tools > Services
Locate cryptsvc
On the top left select Start
Does it start ? if not what error does it give

[attachment=58515:Capture.JPG]

#11
Gemini Paints

Posted 25 June 2012 - 06:04 AM

New Member

Topic Starter
Member
6 posts

A lot of system services are not running and we need to determine why

I will ask you to start one of the services manually, if you could note down what error message you get I will then have a feel for how to proceed

Go to Control Panel > Administrative Tools > Services
Locate cryptsvc
On the top left select Start
Does it start ? if not what error does it give

[attachment=58515:Capture.JPG]

Hi

This is the error we got : " Could not start the Cryptsvc service on local computer. Error 1053: The service did not respond to the start or control request in a timely fashion."

Regards

#12
Essexboy

Posted 25 June 2012 - 07:04 AM

GeekU Moderator

Retired Staff
69,964 posts

The windows file system catalogue appears to be corrupt... In the majority of cases the following will fix it

Download and transfer to the affected system Windows XP SP3

Once on the desktop then install

On completion could you again recheck one of the services and ensure that it is running

#13
Essexboy

Posted 29 June 2012 - 07:35 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.