Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Are you sure you want to move this folder to the recycle bin


  • Please log in to reply

#1
unclet_s

unclet_s

    Member

  • Member
  • PipPip
  • 12 posts
Hello Guys,

Please am having trouble removing this virus trying to send whatever I clicked on to the recycle bin. Well, I have used all latest antivirus including Norton.

Please this is very urgent as I needed to work with the laptop. I have installed and run the OTL.


OTL logfile created on: 8/5/2013 8:00:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.60 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 77.18% Memory free
3.21 Gb Paging File | 2.82 Gb Available in Paging File | 87.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.90 Gb Total Space | 86.48 Gb Free Space | 86.56% Space Free | Partition Type: NTFS
Drive D: | 132.88 Gb Total Space | 132.79 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/03 21:59:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2010/11/20 21:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 21:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 21:29:10 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/20 21:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/07/14 01:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/08/05 18:31:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/11/20 21:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 21:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 21:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 21:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 21:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 21:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 21:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 21:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 21:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 21:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 21:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 21:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2008/06/27 01:40:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ng.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 61 62 E9 15 92 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found



O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CF8ADBD-D92D-498B-9A82-E9116AE18B99}: DhcpNameServer = 192.168.20.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/05 19:22:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/05 19:22:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/05 19:22:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/05 19:21:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/05 19:21:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/05 19:16:33 | 005,099,708 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/08/05 19:01:34 | 000,335,872 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\RTL8187.sys
[2013/08/05 18:48:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/08/05 18:36:03 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/08/05 18:36:03 | 000,000,000 | R--D | C] -- C:\Users\user\Searches
[2013/08/05 18:36:03 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/08/05 18:36:02 | 000,000,000 | -H-D | C] -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/08/05 18:35:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Identities
[2013/08/05 18:35:42 | 000,000,000 | R--D | C] -- C:\Users\user\Contacts
[2013/08/05 18:35:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\VirtualStore
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Temporary Internet Files
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Templates
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Start Menu
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\SendTo
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Recent
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\PrintHood
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\NetHood
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Videos
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Pictures
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Music
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\My Documents
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Local Settings
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\History
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Cookies
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Application Data
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Application Data
[2013/08/05 18:35:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Temp
[2013/08/05 18:35:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Microsoft
[2013/08/05 18:35:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Media Center Programs
[2013/08/05 18:35:21 | 000,000,000 | --SD | C] -- C:\Users\user\AppData\Roaming\Microsoft
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Videos
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Saved Games
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Pictures
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Music
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Links
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Favorites
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Downloads
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Documents
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Desktop
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/08/05 18:35:21 | 000,000,000 | -H-D | C] -- C:\Users\user\AppData
[2013/08/05 18:31:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/05 18:31:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2013/08/05 18:30:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/05 18:30:12 | 000,000,000 | ---D | C] -- C:\Recovery
[2013/08/05 18:01:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/08/05 17:59:34 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/08/04 21:08:16 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/08/04 20:52:44 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013/08/04 20:44:12 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/08/05 19:56:17 | 000,001,407 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/05 19:22:13 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/05 19:22:13 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/05 19:08:33 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/05 19:08:33 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/05 19:01:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/05 19:00:55 | 1292,034,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/05 18:31:28 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2013/08/05 18:31:28 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2013/08/05 18:22:36 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/05 18:03:28 | 000,116,385 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013/08/04 14:54:06 | 005,099,708 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/08/03 21:59:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2013/08/05 19:56:17 | 000,001,407 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/05 19:22:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/05 19:22:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/05 19:22:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/05 19:22:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/05 19:22:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/05 18:36:07 | 000,001,413 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/08/05 18:35:23 | 000,000,290 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/08/05 18:35:23 | 000,000,272 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/08/05 18:03:12 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/08/05 18:02:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/08/05 17:58:32 | 1292,034,048 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >



OTL Extras logfile created on: 8/5/2013 8:00:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.60 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 77.18% Memory free
3.21 Gb Paging File | 2.82 Gb Available in Paging File | 87.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.90 Gb Total Space | 86.48 Gb Free Space | 86.56% Space Free | Partition Type: NTFS
Drive D: | 132.88 Gb Total Space | 132.79 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/5/2013 2:36:46 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/5/2013 3:02:46 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/5/2013 2:06:57 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Search service terminated with the following error: %%19

Error - 8/5/2013 3:23:14 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/5/2013 3:27:18 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/5/2013 3:31:07 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

Attached Files


Edited by CompCav, 05 August 2013 - 02:57 PM.
Post not attach files for helpers

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I don't see any malware in your logs.

What exactly do you mean when you say everything you clicked on goes to the recycle bin. Are you clicking on a link in Internet Explorer or in Windows Explorer or on your desktop or what? Can you download files OK?

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


sfc  /scannow


Does this say it can't fix everything?

Ron
  • 0

#3
unclet_s

unclet_s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I clicked on Start, All Programs, Accessories immediately a box can out. the title bar reads - Delete Folder, then the content is "Are you sure you want to move this folder to the Recycle Bin? Accessories, Date created: 8/5/2013 6:35 PM.

Am unable to go pass the accessories. When I tried to close the box it duplicate itself. Please what should I do now.
  • 0

#4
unclet_s

unclet_s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I have manage to go pass the Accessories by right clicking, then when I right clicked the Command Prompt the box came out asking if I want to send it to the Recycle bin. I did again I was able to scan. It found some error and asked to restart, I restarted but the problem was still there.
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
SFC finished and said it was able to repair everything?

Since you get this when you right click on a file:

See if you can download and run:

download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still have the problem when you right click.
  • 0

#6
unclet_s

unclet_s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The problem is still there. I was able to disable to non-microsoft additions, please note that am using a different computer to write to you as I can use the infected computer. It just kept saying are you sure you want to move this system file to the recycle bin, depending on what I want to do, if it is a folder am trying to open, it will then say are you sure you want to move this folder to the recycle bin. please what again can I try.

We have to laptop and both are have this problem.

Note: If I personally want to delete a file, it will say are you sure you want to move this file to the recycle bin? then when I click yes nothing happens, and then when I click no the dialog box still remain there. nothing happens.

Edited by unclet_s, 06 August 2013 - 12:08 PM.

  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Are you able to download Windows Repair All-In-One:

http://www.tweaking....all_in_one.html

Normally it needs you to Right click on it and Run As Admin. Can you do that? Does it run?


Can you download, save and run
(win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#8
unclet_s

unclet_s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Yes I was able to download and run the Windows Repair All-In-One:

below is the result from farbar service scanner


Farbar Service Scanner Version: 04-08-2013
Ran by user (administrator) on 07-08-2013 at 08:35:03
Running from "C:\Users\user\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll
[2010-11-20 21:29] - [2010-11-20 21:29] - 0132608 ____A (Microsoft Corporation) 2FE30D71919C51131405797620E0A714

C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I wonder if you could have a Delete key stuck? What PC is this? (Laptop or Desktop? Make and Model Number?) IF desktop does it have a USB keyboard or the older style with the round connector? Can you try another Keyboard (Even a laptop will let you use another USB keyboard).

Go to:
http://www.microsoft.com/appliedsciences/content/projects/KeyboardGhostingDemo.aspx
Click on Click to Use.

Press each Delete or Del key and make sure it turns green. Might as well test all of the keys.


You could also try
http://www.passmark.com/products/keytest.htm
. They have a free 30 day evaluation. Just download the software and Save it then right click on it and Run As Admin. It will Install. Once it installed you get to a place where it asks you to put in the registration key. For the 30 day trial just hit Continue. Once the program loads it will show you the keyboard. As you click each key it will turn red when you push it then green when you let go. IF a key is stuck it will be red.

Uninstall the program when done.
  • 0

#10
unclet_s

unclet_s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Please see the attached file. This is a screen print of the message when ever I click on anything. Both PC are laptop. Compag presario CQ57 Vision AMD, Dual Core. and Asus Eee PC Flare Series Dual Core

Attached Thumbnails

  • Graphic1.jpg

Edited by unclet_s, 07 August 2013 - 10:53 AM.

  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
No file.
  • 0

#12
unclet_s

unclet_s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry, I have updated it
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Right click on the clock and select Task Manager. Then Applications. Do you see a lot of Delete File entries?

Do test the keyboard just to rule it out.
  • 0

#14
unclet_s

unclet_s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Yes I do see loads of Delete File Entries
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Really sounds like a stuck key. I managed to get a bunch of Delete Files in my task list while I was testing the online keyboard test software.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP