Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

UkASH INFECTION [Solved]

Started by MARKTEN , Dec 15 2012 05:31 AM

  • This topic is locked This topic is locked

#16
Buddierdl
Posted 18 December 2012 - 05:32 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Are you sure you set the computer to boot from the CD drive first?
  • 0

Advertisements

#17
MARKTEN
Posted 18 December 2012 - 09:01 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Yes

The screen showed a progress bar at the bottom and mentioned reatogo-x-pe

That completed and the CD was active all the time. Then it showed windows XP breifly before it blue screened with that message

I just tried it again and when the progress bar completes the disc drive starts hunting and it sticks on the black screen with the progress bar complete for some time then it goes quiet and flips to the computer's own hard drive.

Mark
  • 0

#18
Buddierdl
Posted 20 December 2012 - 08:34 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Mark,

We need to check your hard drive for errors.

You will need an XP disc in order to do this. If you don't have one, let me know and we will try a different way.
  • Insert the XP CD and restart the computer. If prompted, select any options required to boot from the CD.
  • When the text-based part of Setup begins, follow the prompts; choose the repair or recover option by pressing R.
  • Choose the installation that you need to access from the Recovery Console. You should only have one option - pick this one.
  • When prompted, type the Administrator password.
  • You should now have a command prompt. Please type:

    chdsk /f

    and press enter.
  • Let the process complete and then see if you can boot your computer from the last CD we made. If so please continue to follow the instructions here.

  • 0

#19
MARKTEN
Posted 22 December 2012 - 04:49 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,

Sorry for the delay in replying.

I thought I had the recovery discs but they must be for my very old toshiba because it tells me they are incompatible.

I put the system back to default and it powers up OK from the HD with the white screen and does not give the HDD error and blue screen.

The person that did this one was certainly an artist.

Are there any more avenues to explore? If all the disc has to be wiped so be it, its a pain but not the end of the world.

Anyhow have a good Christmas, we've got 36 degrees © here today

Cheers

Mark
  • 0

#20
Buddierdl
Posted 23 December 2012 - 11:55 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Markten,

We have some more tricks up our sleeve to try. :)

Please download the following the following file: rc.iso

Next, download and install ImgBurn if you don't already have it.

Following the tutorial here, please burn the file you downloaded to a CD.

Booting from the CD, you should press R to get to the recovery console.

Then:
  • Choose the installation that you need to access from the Recovery Console. You should only have one option - pick this one.
  • When prompted, type the Administrator password.
  • You should now have a command prompt. Please type:

    chdsk /r

    and press enter.
  • Let the process complete and then see if you can boot your computer from the last CD we made. If so please continue to follow the instructions for the scan.

  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#21
MARKTEN
Posted 23 December 2012 - 03:10 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi

Give me a couple of days and I'll let you know how I went

Cheers

Mark
  • 0

#22
Buddierdl
Posted 23 December 2012 - 03:46 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Ok. Merry Christmas. :)
  • 0

#23
MARKTEN
Posted 25 December 2012 - 11:56 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,

Christmas over lets get back to it

The disc starts to load and appears to get to the end then I get the same blue screen however the stop codes vary slightly;

Stop: 0000007B ( 0xF78DA63C,0xC0000034,0x00000000,0x00000000)

It does not get as far as giving the recovery option. Taking out the disc the PC boots up and allows me to log on with the problem as before.

Best Regards

Mark
  • 0

#24
Buddierdl
Posted 27 December 2012 - 07:26 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Markten,

Can you go into your BIOS and look for a setting for SATA mode? We need it to be ATA or IDE, not AHCI. Could you please see if you can find and change this setting, then try to boot from the OTLPE CD that we made in this post.
  • 0

#25
MARKTEN
Posted 27 December 2012 - 04:08 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,

That did it.

Only one difference it missed out steps 8 and 9 the rest went as listed

Select the Windows folder of the infected drive if it asks for a location
<LI>When asked "Do you wish to load the remote registry", select Yes

Best Regards

Mark

OTL logfile created on: 12/28/2012 8:48:10 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 210.03 Gb Free Space | 70.46% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (Smcinst)
SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2012/12/13 15:46:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 22:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/29 22:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/10/19 04:18:12 | 000,077,944 | ---- | M] (Autodesk) [On_Demand] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/08/24 00:34:48 | 001,302,272 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Spyware Doctor\swdsvc.exe -- (sdCoreService)
SRV - [2011/08/24 00:34:44 | 000,708,176 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Spyware Doctor\svcntaux.exe -- (sdAuxService)
SRV - [2010/08/30 01:31:34 | 000,218,480 | ---- | M] (Sierra Wireless, Inc.) [Auto] -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2009/12/09 11:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto] -- C:\Program Files\AES Chemunex\eviSENSE\PostGreSQL\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/11/18 06:27:44 | 000,108,280 | ---- | M] (AuthenTec, Inc) [Auto] -- C:\Program Files\TrueSuite\TrueSuite.Service.exe -- (FPLService)
SRV - [2009/11/16 04:10:52 | 002,034,936 | R--- | M] (AuthenTec, Inc.) [Auto] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV - [2009/11/12 12:59:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/11/05 11:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/10/21 12:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/30 22:02:38 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 22:02:36 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/21 17:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/09/21 17:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/09/21 17:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/08/24 21:25:56 | 000,575,552 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/07 11:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/09 22:21:23 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/09 22:21:23 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/10/09 22:21:18 | 001,787,200 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/10/09 22:21:18 | 000,312,720 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/10/09 22:21:16 | 002,436,536 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/08/20 23:03:02 | 000,073,782 | ---- | M] (SafeNet) [Auto] -- C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe -- (IPSECMON)
SRV - [2008/08/20 23:03:00 | 000,413,746 | ---- | M] (SafeNet) [Auto] -- C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe -- (IreIKE)
SRV - [2008/06/30 01:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/21 02:26:40 | 000,151,552 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/12/14 14:00:32 | 000,126,976 | ---- | M] (TOSHIBA) [Auto] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005/01/17 18:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)
DRV - File not found [Kernel | On_Demand] -- -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/11/06 00:43:20 | 000,174,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2012/09/17 03:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121214.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/17 03:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121214.003\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/15 03:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2012/08/09 03:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/31 23:17:22 | 000,010,584 | R--- | M] (Red Lion Controls Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\g3usb.sys -- (HMI)
DRV - [2010/10/07 23:57:54 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/07/28 01:33:34 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/06/21 00:07:20 | 000,078,720 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swiwdmbus.sys -- (swiwdmbus)
DRV - [2010/06/20 23:47:14 | 000,156,544 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV - [2010/06/20 23:46:50 | 000,201,088 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV - [2010/04/05 20:49:59 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/28 00:34:44 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/11/15 07:42:12 | 000,671,488 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/11/13 03:59:06 | 000,215,040 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2009/11/12 12:46:02 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/11/02 20:43:32 | 005,939,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/10/26 14:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/24 19:54:26 | 000,169,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/09/23 19:14:10 | 000,160,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2009/09/17 14:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/09/15 14:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/09/14 16:29:36 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/08/10 18:54:22 | 000,059,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/08/10 03:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/07/28 22:01:26 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009/07/28 20:24:20 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/07/24 13:31:58 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/14 00:13:10 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/07/04 20:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 10:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/29 12:25:30 | 000,029,760 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2009/06/22 19:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/17 13:59:46 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2009/06/11 16:05:00 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/05/20 12:23:36 | 000,074,368 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/05/11 21:11:44 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2008/10/09 22:21:30 | 000,041,792 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/10/09 22:21:25 | 000,317,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/09 22:21:25 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/10/09 22:21:23 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/09 22:21:20 | 000,091,968 | ---- | M] (Symantec Corporation) [Kernel | Disabled] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/10/09 22:21:20 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/10/09 22:21:04 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/10/09 22:21:03 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/10/09 22:21:01 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/20 22:45:08 | 000,138,296 | ---- | M] (SafeNet) [Kernel | System] -- C:\WINDOWS\system32\drivers\IpSecDrv.sys -- (IPSECDRV)
DRV - [2008/08/05 22:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/30 02:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/06/19 02:27:56 | 000,125,584 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/04/14 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 08:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/20 23:42:52 | 000,004,211 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alertdrv.sys -- (AlertDrv)
DRV - [2008/01/16 21:35:44 | 000,536,634 | ---- | M] (SafeNet) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Crypto.sys -- (Crypto)
DRV - [2008/01/02 02:48:32 | 000,029,184 | ---- | M] (Deterministic Networks Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vap.sys -- (DniVap) SafeNet WAN Miniport (VA)
DRV - [2007/12/18 13:46:34 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/08/23 00:58:06 | 000,467,968 | R--- | M] (DiBcom) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2007/06/28 19:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/04/19 00:18:20 | 000,083,536 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2007/04/19 00:18:16 | 000,059,984 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IkSysFlt)
DRV - [2007/04/19 00:18:12 | 000,052,304 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2007/04/19 00:18:08 | 000,039,248 | ---- | M] (PCTools Research Pty Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\ikfileflt.sys -- (IKFileFlt)
DRV - [2007/03/26 14:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/02/22 17:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/19 14:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007/02/15 18:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/01/04 17:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/07/27 17:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/06/16 13:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2003/07/15 23:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.30.71;www.dksh.com.au;www.edwardkeller.com.au;www.diethelmkeller.com.au;195.61.37.4;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=dvscfw37.telstra.proxy:80;https=dvscfw37.telstra.proxy:80;ftp=dvscfw37.telstra.proxy:80

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\hutcheor.DKSH_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://192.168.30.35
IE - HKU\hutcheor.DKSH_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.30.35
IE - HKU\hutcheor.DKSH_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\hutcheor.DKSH_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.30.71;www.dksh.com.au;www.edwardkeller.com.au;www.diethelmkeller.com.au;195.61.37.4;<local>
IE - HKU\hutcheor.DKSH_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=dvscfw37.telstra.proxy:80;https=dvscfw37.telstra.proxy:80;ftp=dvscfw37.telstra.proxy:80



IE - HKU\postgres_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\tennantm_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://192.168.30.35
IE - HKU\tennantm_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.30.35
IE - HKU\tennantm_ON_C\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\tennantm_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\tennantm_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.30.71;www.dksh.com.au;www.edwardkeller.com.au;www.diethelmkeller.com.au;195.61.37.4;<local>
IE - HKU\tennantm_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=dvscfw37.telstra.proxy:80;https=dvscfw37.telstra.proxy:80;ftp=dvscfw37.telstra.proxy:80

IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\tennantm_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe (PC Tools)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SystemTray] C:\Program Files\TrueSuite\TrueSuite.SysTray.exe (AuthenTec, Inc)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TNRotate] C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [WatcherHelper] C:\Program files\Telstra\Telstra Connection Manager\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\tennantm_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\tennantm_ON_C..\Run: [Startw3i] File not found
O4 - HKU\Administrator_ON_C..\RunOnce: [SysOff] File not found
O4 - HKU\hutcheor.DKSH_ON_C..\RunOnce: [FlashPlayerUpdate] File not found
O4 - HKU\postgres_ON_C..\RunOnce: [SysOff] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe (SafeNet)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SimHID.lnk = C:\Program Files\Remote\SimHID.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\hutcheor.DKSH\Start Menu\Programs\Startup\SimHID.exe.lnk = C:\Program Files\Remote\SimHID.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\hutcheor.DKSH_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\hutcheor.DKSH_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\postgres_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\tennantm_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\tennantm_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://melm01.dksh.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dksh.local
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\tennantm_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\tennantm_ON_C Winlogon: Shell - (C:\Documents and Settings\tennantm\Application Data\skype.dat) - C:\Documents and Settings\tennantm\Application Data\skype.dat ()
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/01 06:18:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/12/15 05:12:08 | 000,713,632 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\tennantm\Desktop\SpyHunter-Installer-k.com
[2010/03/24 18:40:01 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[4 C:\Documents and Settings\tennantm\My Documents\*.tmp files -> C:\Documents and Settings\tennantm\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/26 00:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/26 00:50:16 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2012/12/26 00:49:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/26 00:48:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/20 21:18:12 | 002,608,712 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/20 21:10:13 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/20 21:09:46 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SimHID.lnk
[2012/12/20 21:09:41 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/12/20 21:08:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/20 21:08:24 | 000,502,088 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/20 21:08:21 | 000,090,670 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/15 05:07:08 | 000,713,632 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\tennantm\Desktop\SpyHunter-Installer-k.com
[2012/12/15 04:46:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/15 04:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/12/15 02:25:50 | 000,354,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/15 01:35:33 | 000,000,044 | ---- | M] () -- C:\WINDOWS\DSELite.INI
[2012/12/15 01:18:14 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2012/12/13 15:46:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/13 15:46:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/12 14:32:16 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/08 00:55:18 | 001,249,167 | ---- | M] () -- C:\Documents and Settings\tennantm\Desktop\ABB-Vikt manual E1T_845-0077B.pdf
[4 C:\Documents and Settings\tennantm\My Documents\*.tmp files -> C:\Documents and Settings\tennantm\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/15 04:29:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/08 00:55:18 | 001,249,167 | ---- | C] () -- C:\Documents and Settings\tennantm\Desktop\ABB-Vikt manual E1T_845-0077B.pdf
[2012/05/27 07:45:50 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2012/05/27 07:20:34 | 000,124,687 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2012/05/27 07:19:39 | 000,181,563 | R--- | C] () -- C:\WINDOWS\System32\hpoff314.dat
[2012/05/27 07:19:39 | 000,181,151 | R--- | C] () -- C:\WINDOWS\System32\hpoF300.dat
[2012/05/14 03:56:24 | 002,608,712 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/01 17:30:04 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2012/04/01 17:29:28 | 000,007,803 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2012/04/01 17:28:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2012/04/01 17:28:52 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll
[2012/02/15 04:02:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/04 22:30:30 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\tennantm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/04 21:01:48 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/06/10 09:04:55 | 000,000,044 | ---- | C] () -- C:\WINDOWS\DSE890.INI
[2011/05/17 02:32:09 | 000,000,078 | ---- | C] () -- C:\WINDOWS\_RENAMER.INI
[2011/05/17 02:17:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\DSELite.INI
[2011/05/15 23:22:18 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2011/02/22 01:36:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/11/17 17:00:27 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/11/17 17:00:27 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/09/16 20:39:40 | 000,000,065 | ---- | C] () -- C:\WINDOWS\logger.INI
[2010/07/28 01:33:34 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2010/07/18 17:22:49 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\hutcheor.DKSH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/15 17:40:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2010/06/29 17:05:00 | 000,000,456 | RHS- | C] () -- C:\Documents and Settings\hutcheor.DKSH\ntuser.pol
[2010/04/06 19:14:43 | 000,000,736 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2010/04/06 00:02:15 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2010/03/24 19:22:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/24 19:08:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/03/24 18:55:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2010/03/24 18:52:15 | 000,000,916 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.dat
[2010/03/24 18:48:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2010/03/24 18:44:21 | 000,007,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2010/03/24 18:44:21 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010/03/24 18:40:01 | 000,874,032 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2010/03/24 18:40:01 | 000,127,896 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2009/12/01 22:02:01 | 000,002,368 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/12/01 22:01:25 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/12/01 22:00:17 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/12/01 21:59:47 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/12/01 21:58:23 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/12/01 21:58:15 | 000,502,088 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/01 21:58:15 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/12/01 21:58:15 | 000,090,670 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/01 21:58:15 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/12/01 21:58:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/12/01 21:58:13 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/12/01 21:58:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/12/01 21:57:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/12/01 21:57:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/12/01 21:57:38 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/12/01 21:57:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/12/01 06:20:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/01 06:16:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/01 06:16:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/11/30 22:14:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/30 22:14:01 | 000,354,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/28 19:01:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/05/05 05:10:17 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/04/12 05:40:14 | 000,147,584 | ---- | C] () -- C:\WINDOWS\System32\hpz9xd14.drv
[2005/10/19 05:57:22 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\TWXAPI32.DLL
[2003/02/27 00:27:52 | 000,237,632 | ---- | C] () -- C:\WINDOWS\System32\INT2F.DLL
[2001/07/06 12:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/01/31 21:57:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Sierra Wireless
[2010/03/24 19:02:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba
[2009/12/01 06:24:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\WinBatch
[2010/03/24 19:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2009/12/01 06:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinBatch
[2011/01/31 22:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hutcheor.DKSH\Application Data\Sierra Wireless
[2010/11/05 01:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hutcheor.DKSH\Application Data\toshiba
[2010/11/05 01:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hutcheor.DKSH\Application Data\WinBatch
[2010/03/24 19:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\postgres\Application Data\toshiba
[2009/12/01 06:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\postgres\Application Data\WinBatch
[2011/05/12 23:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sierra Wireless
[2010/03/24 19:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\toshiba
[2009/12/01 06:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinBatch
[2011/10/19 04:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/03/24 19:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/11/26 17:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Wireless
[2012/12/15 02:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/14 23:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
[2010/03/24 19:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueSuite
[2010/09/20 22:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/17 16:33:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F0B1F1D2-24C3-4CE4-92A5-B8871B1BA610}
[2011/09/13 23:39:06 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\ErrorEND.job
[2010/03/24 19:12:41 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2010/03/24 19:12:41 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2012/12/15 04:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Attached Files

  • Attached File  OTL.txt   87.15KB   113 downloads

  • 0

Advertisements

#26
Buddierdl
Posted 28 December 2012 - 04:33 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Markten,

Let's see if we can get your computer to boot.

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Now see if your computer can boot without the UKASH screen.

Attached Files

  • Attached File  fix.txt   180bytes   94 downloads

  • 0

#27
Buddierdl
Posted 28 December 2012 - 04:34 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Mark,

You can scratch the last line about posting a new OTL log for now.
  • 0

#28
MARKTEN
Posted 28 December 2012 - 11:45 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,

You are a legend

It did power up OK, although it took an age to do it.

I got the message system changed therefore a reboot is needed so I did that.

I then did a restart after that ( 3rd time after the fix) and it took 4 mins to get to the enter password screen and a further 18 mins to get to a stable, usable main screen

I have not yet attempted to go on the internet. Would a system restore help speed this up?

Best Regards

Mark
  • 0

#29
MARKTEN
Posted 29 December 2012 - 01:17 AM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,

Put the SATA mode back to AHCI and it has drastically improved the start up time.

Am I OK to go online with this PC now?

Cheers

Mark
  • 0

#30
Buddierdl
Posted 29 December 2012 - 11:27 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Mark,

Let's sweep for remnants.

Step 1: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run MBAM.

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:
  • SecurityCheck log
  • MBAM log
  • ESET log
  • Any outstanding problems?

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP