This topic is lockedIf you see that he is still stuck try to stop the scan and restart your system. If you can delete all finding before you stop VRT.
Virus can't use computer at all. [Solved]
Started by
Bobcat Bob
, Jul 16 2012 07:25 PM
#16
Posted 17 July 2012 - 01:53 PM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
If you see that he is still stuck try to stop the scan and restart your system. If you can delete all finding before you stop VRT.
#17
Posted 17 July 2012 - 01:59 PM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Let me know if you stop the scan.
#18
Posted 17 July 2012 - 02:10 PM
Bobcat Bob
- Topic Starter
-
- Member
-
- 111 posts
Member
It seems to have finally gotten past that one flie and is moving again.
#19
Posted 17 July 2012 - 02:18 PM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Great! VRT scan is standard anti-virus scan for your PC and it scans all your files. That's why it takes so long. Please bare with me and let it finish.
#20
Posted 17 July 2012 - 02:21 PM
Bobcat Bob
- Topic Starter
-
- Member
-
- 111 posts
Member
Sorry for being impatient and thanks again for helping 
#21
Posted 17 July 2012 - 06:38 PM
Bobcat Bob
- Topic Starter
-
- Member
-
- 111 posts
Member
Here is the Kaspersky log
Attached Files
-
Kaspersky.txt 11.64KB
182 downloads
#22
Posted 17 July 2012 - 11:03 PM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
VRT did great job and removed a lot as I expected. It's time to try Combofix again. Please try to run Combofix and hopefully post log after the scan.
#23
Posted 18 July 2012 - 12:27 AM
Bobcat Bob
- Topic Starter
-
- Member
-
- 111 posts
Member
Its been running for over an hour and is stuck on ( C:\ProgramData\Temp) for about the 45 mins. Some error message popped up when I started it and I hit ignore and then one while it was running that the only option was ok. I hope I didn't mess anything up.
I restarted the computer and am trying it again.
I restarted the computer and am trying it again.
Edited by Bobcat Bob, 18 July 2012 - 01:22 AM.
#24
Posted 18 July 2012 - 02:18 AM
Bobcat Bob
- Topic Starter
-
- Member
-
- 111 posts
Member
I got the log but now when I try to open the internet it won't open and it says "illegal operation on a registry key that has been marked for deletion"
Edited by Bobcat Bob, 18 July 2012 - 02:18 AM.
#25
Posted 18 July 2012 - 02:21 AM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Just restart your system once. It will sort that error. Post log here for me after restart.
#26
Posted 18 July 2012 - 02:31 AM
Bobcat Bob
- Topic Starter
-
- Member
-
- 111 posts
Member
ComboFix 12-07-16.01 - Book Worm 07/18/2012 2:18.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4059.3140 [GMT -5:00]
Running from: c:\users\Book Worm\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\ccsjzu.dll
c:\users\Book Worm\AppData\Local\Temp\8243529\3262941.exe . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\advdis.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\avlib.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\avpgs.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\avpgui.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\avs.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\avspm.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\avzkrnl.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\avzscan.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\base64.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\base64p.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\basegui.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\arkmon.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\avengine.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\avpcure.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\kavbase.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\kavsys.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\kjim.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\klavemu.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\mark.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\pbs.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\qscan.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\vlns.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bl.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\btdisk.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\btimages.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\buffer.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\clldr.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\crpthlpr.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\dbghelp.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\deflate.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\diffs.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\dmap.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\dtreg.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\filemap.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\fsdrvplg.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\fssync.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\hashmd5.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\hashsha1.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\icheck3.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\inflate.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\inifile.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\kldw.exe . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\klsrlsvc.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\mailmsg.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\mdb.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\mdmap.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\memmng.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\memmodsc.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\memscan.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\minizip.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\mkavio.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\msoe.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\msvcm80.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\msvcp80.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\msvcr80.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\ndetect.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\netdtls.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\nfio.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\ntfsstrm.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\ods.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\params.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\passdmap.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\prloader.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\procmon.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\propmap.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\proxydet.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\prremote.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\prseqio.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\prtransp.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\prutil.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\pxstub.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\qb.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\quantum.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\regmap.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\report.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\reportdb.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\resip.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\schedule.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\sfdb.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\stat.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\stdcomp.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\stenum2.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\superio.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\syswatch.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\thpimpl.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\timer.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\tm.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\uniarc.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\updater.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\urlflt.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\ushata.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\volenum.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\wdiskio.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\winreg.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\wmihlpr.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\x64\wmi64.exe . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\xorio.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\3262941.exe . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\advdis.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\avlib.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\avpgs.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\avpgui.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\avs.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\avspm.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\avzkrnl.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\avzscan.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\base64.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\base64p.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\basegui.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\arkmon.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\avengine.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\avpcure.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\kavbase.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\kavsys.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\kjim.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\klavemu.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\mark.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\pbs.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\qscan.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\vlns.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bl.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\btdisk.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\btimages.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\buffer.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\clldr.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\crpthlpr.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\dbghelp.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\deflate.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\diffs.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\dmap.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\dtreg.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\filemap.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\fsdrvplg.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\fssync.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\hashmd5.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\hashsha1.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\icheck3.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\inflate.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\inifile.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\kldw.exe . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\klsrlsvc.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\mailmsg.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\mdb.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\mdmap.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\memmng.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\memmodsc.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\memscan.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\minizip.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\mkavio.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\msoe.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\msvcm80.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\msvcp80.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\msvcr80.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\ndetect.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\netdtls.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\nfio.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\ntfsstrm.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\ods.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\params.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\passdmap.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\prloader.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\procmon.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\propmap.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\proxydet.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\prremote.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\prseqio.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\prtransp.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\prutil.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\pxstub.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\qb.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\quantum.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\regmap.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\report.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\reportdb.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\resip.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\schedule.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\sfdb.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\stat.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\stdcomp.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\stenum2.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\superio.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\syswatch.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\thpimpl.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\timer.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\tm.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\uniarc.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\updater.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\urlflt.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\ushata.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\volenum.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\wdiskio.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\winreg.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\wmihlpr.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\x64\wmi64.exe . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\xorio.ppl . . . . Failed to delete
.
-- Previous Run --
.
-- Previous Run --
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
--------
.
c:\windows\SysWow64\sfcfiles.dll . . . is missing!!
.
c:\windows\system32\drivers\ipsec.sys . . . is missing!!
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 07:37 . 2012-07-18 07:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-18 07:37 . 2012-07-18 07:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 16:53 . 2012-07-17 16:53 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-17 16:53 . 2012-07-17 23:56 556632 ----a-w- c:\windows\system32\drivers\3262941drv.sys
2012-07-17 09:26 . 2012-07-17 09:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-17 08:16 . 2012-07-17 08:16 -------- d-----w- C:\_OTL
2012-07-17 01:36 . 2012-07-17 01:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-17 01:36 . 2012-07-17 01:36 -------- d-----w- c:\windows\system32\Macromed
2012-07-17 00:52 . 2012-07-17 00:52 -------- d-----w- c:\users\Book Worm\AppData\Local\ElevatedDiagnostics
2012-07-09 03:27 . 2012-07-09 03:27 -------- d-----w- C:\found.002
2012-07-07 14:14 . 2012-07-07 14:14 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-17_08.49.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-18 07:38 . 2012-07-18 07:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-17 08:48 . 2012-07-17 08:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-17 08:48 . 2012-07-17 08:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-18 07:38 . 2012-07-18 07:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-06 18:25 . 2012-07-17 09:20 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-02-06 18:25 . 2012-07-17 02:18 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-07-14 04:54 . 2012-07-17 09:20 8994816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 08:49 8994816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 08:49 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-17 09:20 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"Google"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\ccsjzu.dll" [2012-07-13 665088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"TUSBSleepChargeSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [BU]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Google"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\ccsjzu.dll" [2012-07-13 665088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe" [BU]
.
c:\users\Book Worm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_38772662.lnk - c:\users\Book Worm\AppData\Local\Temp\_uninst_38772662.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg s pku2u
.
R1 MpKsle154af47;MpKsle154af47;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4EE0EB7-791B-44B3-A6AC-9ADEF647825D}\MpKsle154af47.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-22 1255736]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-03-26 35392]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-04 14872]
S1 3262941drv;3262941drv;c:\windows\system32\DRIVERS\3262941drv.sys [2012-07-17 556632]
S1 PMCF;PMCF;c:\windows\system32\drivers\PMCF.sys [2009-03-19 16392]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 31016]
S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-17 20544]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-03-07 36864]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-02-12 57344]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-01-14 55296]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-02-19 55808]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-24 242176]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-03-18 32832]
S3 rtl819xpn64;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-07-09 573440]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17 01:36]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 16:28]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 16:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-24 8081952]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-04-03 308736]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-08-24 1833504]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:11,8d,d7,5d,da,5b,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,ef,2f,e5,14,b1,51,47,a1,a2,ef,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,ef,2f,e5,14,b1,51,47,a1,a2,ef,\
.
[HKEY_USERS\S-1-5-21-2961013583-7795755-3641863504-1000\Software\SecuROM\License information*]
"datasecu"=hex:32,a1,2d,1f,a5,f1,1e,22,44,b7,e6,99,75,18,f7,a0,2a,cd,39,2d,56,
2f,13,b7,02,f6,0b,2a,18,02,62,50,d9,a8,16,62,f2,73,2d,cc,c2,7f,fb,cb,58,56,\
"rkeysecu"=hex:5f,3b,6b,42,77,de,03,3b,8e,d0,c5,69,e7,5a,aa,72
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-07-18 03:09:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-18 08:09
.
Pre-Run: 205,086,105,600 bytes free
Post-Run: 204,577,914,880 bytes free
.
- - End Of File - - B71B6A7F3FAEDDC0C5A9AB03D71CE0AE
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4059.3140 [GMT -5:00]
Running from: c:\users\Book Worm\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\ccsjzu.dll
c:\users\Book Worm\AppData\Local\Temp\8243529\3262941.exe . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\advdis.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\avlib.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\avpgs.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\avpgui.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\avs.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\avspm.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\avzkrnl.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\avzscan.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\base64.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\base64p.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\basegui.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\arkmon.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\avengine.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\avpcure.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\kavbase.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\kavsys.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\kjim.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\klavemu.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\mark.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\pbs.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\qscan.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bases\vlns.kdl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\bl.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\btdisk.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\btimages.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\buffer.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\clldr.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\crpthlpr.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\dbghelp.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\deflate.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\diffs.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\dmap.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\dtreg.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\filemap.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\fsdrvplg.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\fssync.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\hashmd5.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\hashsha1.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\icheck3.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\inflate.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\inifile.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\kldw.exe . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\klsrlsvc.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\mailmsg.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\mdb.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\mdmap.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\memmng.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\memmodsc.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\memscan.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\minizip.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\mkavio.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\msoe.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\msvcm80.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\msvcp80.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\msvcr80.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\ndetect.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\netdtls.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\nfio.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\ntfsstrm.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\ods.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\params.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\passdmap.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\prloader.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\procmon.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\propmap.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\proxydet.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\prremote.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\prseqio.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\prtransp.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\prutil.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\pxstub.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\qb.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\quantum.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\regmap.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\report.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\reportdb.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\resip.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\schedule.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\sfdb.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\stat.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\stdcomp.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\stenum2.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\superio.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\syswatch.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\thpimpl.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\timer.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\tm.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\uniarc.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\updater.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\urlflt.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\ushata.dll . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\volenum.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\wdiskio.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\winreg.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\wmihlpr.ppl . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\x64\wmi64.exe . . . . Failed to delete
c:\users\Book Worm\AppData\Local\Temp\8243529\xorio.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\3262941.exe . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\advdis.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\avlib.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\avpgs.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\avpgui.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\avs.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\avspm.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\avzkrnl.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\avzscan.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\base64.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\base64p.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\basegui.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\arkmon.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\avengine.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\avpcure.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\kavbase.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\kavsys.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\kjim.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\klavemu.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\mark.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\pbs.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\qscan.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bases\vlns.kdl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\bl.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\btdisk.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\btimages.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\buffer.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\clldr.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\crpthlpr.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\dbghelp.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\deflate.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\diffs.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\dmap.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\dtreg.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\filemap.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\fsdrvplg.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\fssync.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\hashmd5.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\hashsha1.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\icheck3.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\inflate.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\inifile.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\kldw.exe . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\klsrlsvc.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\mailmsg.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\mdb.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\mdmap.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\memmng.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\memmodsc.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\memscan.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\minizip.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\mkavio.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\msoe.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\msvcm80.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\msvcp80.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\msvcr80.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\ndetect.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\netdtls.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\nfio.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\ntfsstrm.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\ods.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\params.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\passdmap.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\prloader.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\procmon.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\propmap.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\proxydet.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\prremote.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\prseqio.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\prtransp.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\prutil.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\pxstub.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\qb.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\quantum.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\regmap.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\report.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\reportdb.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\resip.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\schedule.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\sfdb.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\stat.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\stdcomp.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\stenum2.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\superio.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\syswatch.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\thpimpl.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\timer.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\tm.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\uniarc.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\updater.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\urlflt.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\ushata.dll . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\volenum.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\wdiskio.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\winreg.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\wmihlpr.ppl . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\x64\wmi64.exe . . . . Failed to delete
c:\users\BOOKWO~1\AppData\Local\Temp\8243529\xorio.ppl . . . . Failed to delete
.
-- Previous Run --
.
-- Previous Run --
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
--------
.
c:\windows\SysWow64\sfcfiles.dll . . . is missing!!
.
c:\windows\system32\drivers\ipsec.sys . . . is missing!!
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 07:37 . 2012-07-18 07:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-18 07:37 . 2012-07-18 07:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 16:53 . 2012-07-17 16:53 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-17 16:53 . 2012-07-17 23:56 556632 ----a-w- c:\windows\system32\drivers\3262941drv.sys
2012-07-17 09:26 . 2012-07-17 09:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-17 08:16 . 2012-07-17 08:16 -------- d-----w- C:\_OTL
2012-07-17 01:36 . 2012-07-17 01:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-17 01:36 . 2012-07-17 01:36 -------- d-----w- c:\windows\system32\Macromed
2012-07-17 00:52 . 2012-07-17 00:52 -------- d-----w- c:\users\Book Worm\AppData\Local\ElevatedDiagnostics
2012-07-09 03:27 . 2012-07-09 03:27 -------- d-----w- C:\found.002
2012-07-07 14:14 . 2012-07-07 14:14 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-17_08.49.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-18 07:38 . 2012-07-18 07:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-17 08:48 . 2012-07-17 08:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-17 08:48 . 2012-07-17 08:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-18 07:38 . 2012-07-18 07:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-06 18:25 . 2012-07-17 09:20 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-02-06 18:25 . 2012-07-17 02:18 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-07-14 04:54 . 2012-07-17 09:20 8994816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 08:49 8994816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 08:49 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-17 09:20 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"Google"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\ccsjzu.dll" [2012-07-13 665088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"TUSBSleepChargeSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [BU]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Google"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\ccsjzu.dll" [2012-07-13 665088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe" [BU]
.
c:\users\Book Worm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_38772662.lnk - c:\users\Book Worm\AppData\Local\Temp\_uninst_38772662.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg s pku2u
.
R1 MpKsle154af47;MpKsle154af47;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4EE0EB7-791B-44B3-A6AC-9ADEF647825D}\MpKsle154af47.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-22 1255736]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-03-26 35392]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-04 14872]
S1 3262941drv;3262941drv;c:\windows\system32\DRIVERS\3262941drv.sys [2012-07-17 556632]
S1 PMCF;PMCF;c:\windows\system32\drivers\PMCF.sys [2009-03-19 16392]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 31016]
S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-17 20544]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-03-07 36864]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-02-12 57344]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-01-14 55296]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-02-19 55808]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-24 242176]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-03-18 32832]
S3 rtl819xpn64;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-07-09 573440]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17 01:36]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 16:28]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 16:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-24 8081952]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-04-03 308736]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-08-24 1833504]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:11,8d,d7,5d,da,5b,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,ef,2f,e5,14,b1,51,47,a1,a2,ef,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,ef,2f,e5,14,b1,51,47,a1,a2,ef,\
.
[HKEY_USERS\S-1-5-21-2961013583-7795755-3641863504-1000\Software\SecuROM\License information*]
"datasecu"=hex:32,a1,2d,1f,a5,f1,1e,22,44,b7,e6,99,75,18,f7,a0,2a,cd,39,2d,56,
2f,13,b7,02,f6,0b,2a,18,02,62,50,d9,a8,16,62,f2,73,2d,cc,c2,7f,fb,cb,58,56,\
"rkeysecu"=hex:5f,3b,6b,42,77,de,03,3b,8e,d0,c5,69,e7,5a,aa,72
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-07-18 03:09:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-18 08:09
.
Pre-Run: 205,086,105,600 bytes free
Post-Run: 204,577,914,880 bytes free
.
- - End Of File - - B71B6A7F3FAEDDC0C5A9AB03D71CE0AE
#27
Posted 18 July 2012 - 02:55 AM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
We still have work to do but I need to know how is your system now? What problems you have?
#28
Posted 18 July 2012 - 03:09 AM
Bobcat Bob
- Topic Starter
-
- Member
-
- 111 posts
Member
All I notice right now is when I go to Yahoo mail it says there is a problem with Security Certificate and that seems to be the only site having that problem.
And the start up menu is not correct, the left white part is empty and then when you click on all programs it seems to be missing some programs and they only have a picture of a file folder instead of their icons.
Also Microsoft Security Essentials won't open.
Also A Security Alert pops up asking about server authentication
Also on start up I get a Run DLL error
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\google\ccjzu.dll
And the start up menu is not correct, the left white part is empty and then when you click on all programs it seems to be missing some programs and they only have a picture of a file folder instead of their icons.
Also Microsoft Security Essentials won't open.
Also A Security Alert pops up asking about server authentication
Also on start up I get a Run DLL error
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\google\ccjzu.dll
Edited by Bobcat Bob, 18 July 2012 - 03:16 AM.
#29
Posted 18 July 2012 - 03:25 AM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
There is several system file missing. I'm going to try and find substitute for them but if this fails then maybe we will need your Windows installation disk (CD). Do you have it?
Step 1
Download Unhide.exe from here to your desktop and run ti. It should unhide all your files in Start menu.
Let me know results.
Step 2
NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!
Please close all running programs and Run OTL
Run OTL again
Please don't forget to include these items in your reply:
Step 1
Download Unhide.exe from here to your desktop and run ti. It should unhide all your files in Start menu.
Let me know results.
Step 2
NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!
Please close all running programs and Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:processes
killallprocesses
:OTL
:Files
c:\users\Book Worm\AppData\Local\Temp\8243529
:Commands
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Run OTL again
- Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
- Press button named None
- Under the Custom Scan/Fixes box paste this in
/md5start sfcfiles.* ipsec.* /md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open OTL.txt. This file is also saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me
Please don't forget to include these items in your reply:
- OTL fix log
- New OTL scan log
#30
Posted 18 July 2012 - 03:28 AM
Bobcat Bob
- Topic Starter
-
- Member
-
- 111 posts
Member
Not sure on the Disk will have to ask my mother for it when she wakes up.
Also it seems some links works and some dont
Also it seems some links works and some dont
Edited by Bobcat Bob, 18 July 2012 - 03:30 AM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
