Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

can't go to some sites - eg. google.com

Started by greg0r , Mar 26 2011 09:18 PM

  • This topic is locked This topic is locked

#16
greg0r
Posted 07 April 2011 - 11:09 AM

greg0r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Salagubang:

I had some troubles downloading my emails (it just hanged on two attempts, but the third attempt went fine), and I initially had trouble downloading the Kasperski tool. Same kind of thing, it just hanged at the start of the download. I clicked on the 'Download of Kaspersky Virus Removal Tool' and directed it to save it to a folder, and it took a long time to do nothing. Then I cancelled and clicked on 'If the download does not start automatically click here' and saved it to the desktop fine. Then I was also able to save it to the folder I wanted it in.


Once I downloaded the Kasperski tool and installed it, I'm not sure I selected the correct options. When you said 'On the first tab select all elements down to Computer' did you mean 'down to and including Computer' or not to include computer? I chose to include computer, and it took nearly 11 hours to do 14% of the scan. I had to stop it, and I saved the log, pasted below. I'll have to do the complete scan later, and if it does need to include 'Computer', I calculate it will take about 100 hours...too bad the tool uninstalls and doesn't allow a 'resume scan'.

Anyway, here's the report as far as it went (the first one it found I chose to quarantine as recommended, but it doesn't appear to report that):
Autoscan: stopped 2 minutes ago (events: 7, objects: 817999, time: 10:46:31)
07/04/2011 2:45:16 AM Detected: HEUR:Trojan.Win32.Generic File C:\System Volume Information\_restore{991E0322-35B4-4063-A410-BF65C029546B}\RP20\ A0009286.dll
07/04/2011 12:39:11 PM Deleted: Trojan-Downloader.JS.ListensEvent.b File D:\Greg\Technical\backup\HP kitchen C Drive\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\6JWLMH0V\ default[1].0s
07/04/2011 12:39:10 PM Deleted: Trojan-Downloader.JS.ListensEvent.b File D:\Greg\Technical\backup\HP kitchen C Drive\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\AU08VRG2\ default[1].0s
07/04/2011 10:58:39 AM Detected: Trojan-Downloader.JS.ListensEvent.b File D:\Greg\Technical\backup\HP kitchen C Drive\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\6JWLMH0V\ default[1].0s
07/04/2011 10:55:09 AM Detected: Trojan-Downloader.JS.ListensEvent.b File D:\Greg\Technical\backup\HP kitchen C Drive\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\AU08VRG2\ default[1].0s
07/04/2011 12:40:20 PM Task stopped
07/04/2011 1:53:49 AM Task started

Edited by greg0r, 07 April 2011 - 11:12 AM.

  • 0

Advertisements

#17
Salagubang
Posted 07 April 2011 - 08:33 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

When you said 'On the first tab select all elements down to Computer' did you mean 'down to and including Computer' or not to include computer?


I mean to include computer. :D

You may proceed with the manual disinfection analysis in my last instruction.
  • 0

#18
greg0r
Posted 07 April 2011 - 10:33 PM

greg0r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
oh, ok. Well this afternoon I had to leave for work so I set it up to scan again, but this time I set it to scan and NOT include computer...it's been almost 10 hours and it's at 56%. Should I let it keep going, or stop it and start again <including> computer?

I assume when you say to proceed with the manual disinfection that you mean to do so <after> the full scan including computer is complete. Correct?

Edited by greg0r, 07 April 2011 - 10:35 PM.

  • 0

#19
Salagubang
Posted 07 April 2011 - 10:35 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Let it finish then proceed with the manual disinfection scan.
  • 0

#20
greg0r
Posted 07 April 2011 - 11:15 PM

greg0r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
but I'm in the middle of a scan that includes everything in the list up to but <NOT> including 'Computer'. Should I:
a) let this scan finish, and then scan again with <only> Computer,
b) let this scan finish, and then scan again with <everything including> Computer,
c) let this scan finish and then do the manual disinfection scan <without> scanning 'Computer'?
or
d) stop this scan and then scan with <everything including> Computer?
  • 0

#21
Salagubang
Posted 07 April 2011 - 11:16 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

c) let this scan finish and then do the manual disinfection scan <without> scanning 'Computer'?


  • 0

#22
greg0r
Posted 07 April 2011 - 11:23 PM

greg0r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
ok. looks like it'll be another 8 hours or so before it's done, and I won't be able to get back to it for about 13 hours from now. Talk to you then. Sure appreciate your help!
  • 0

#23
greg0r
Posted 08 April 2011 - 06:05 AM

greg0r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
salagubang:

I guess I was too tired or something last night. I goofed. The scan actually <was> with 'computer' selected and included!

here's the full scan log. Looks like it didn't find anything else.

Autoscan: completed 1 hour ago (events: 2, objects: 2696031, time: 15:55:58)
07/04/2011 2:45:51 PM Task started
08/04/2011 6:41:49 AM Task completed
  • 0

#24
greg0r
Posted 08 April 2011 - 06:20 AM

greg0r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
here's the zip file. uh, I can't find how to attach it. I copied it and went to 'insert media' and 'insert code snippet' but I'm not sure that did it.

http://
  • 0

#25
Salagubang
Posted 08 April 2011 - 06:27 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
To attach a file, click on the Use Full Editor just below where you type your post. An option will be available to attach a file. :D
  • 0

Advertisements

#26
greg0r
Posted 08 April 2011 - 12:31 PM

greg0r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
here you go!

Attached Files


  • 0

#27
Salagubang
Posted 08 April 2011 - 06:15 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

Please run OTL and click Run Scan, post the log on your next reply.

How is the computer running?
  • 0

#28
greg0r
Posted 08 April 2011 - 08:46 PM

greg0r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
salagubang:

The computer still seems to be doing some funny things. My wife logged off my son's login and we got an 'End Program' dialog, with a Rebit icon saying 'this program is not responding. To return to windows and check the status of the program, click cancel'. I clicked cancel and it continued to log off. I've never seen that message before with the Rebit icon. Logging on periodically seems to take considerably longer, but I haven't done extensive tests on this.

I just tried to go to Google, and after a few seconds, the status bar at lower left said 'done', but stayed on my home page (which fwiw is http://ca.msn.com/?l...-ca&OCID=iefvrt). I tried a couple of random google searches, and it <did> display the search results. Then I tried google.com again and it went there (actually to google.ca, but I think that's understandable, since I'm in Canada).

So it's better, but I'm not convinced it's completely clean yet...

I just noticed that the log file says that I have 3g of ram, but I should have 4. could that be related, or is it supposed to show 3 when I have 4?

Here's the OTL log:
OTL logfile created on: 08/04/2011 9:42:37 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Greg\downloads\technical utilities\troubleshooting\scanners+cleaners\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.48 Gb Total Space | 120.75 Gb Free Space | 82.43% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 793.72 Gb Free Space | 85.21% Space Free | Partition Type: NTFS
Drive L: | 1863.01 Gb Total Space | 1667.86 Gb Free Space | 89.52% Space Free | Partition Type: NTFS

Computer Name: DAD-XP-GATEWAY | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/04 08:19:38 | 000,484,520 | ---- | M] (F-Secure Corporation) -- C:\Program Files\COGECO Security Services\Anti-Virus\fsav32.exe
PRC - [2011/03/26 21:13:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Greg\downloads\technical utilities\troubleshooting\scanners+cleaners\OTL\OTL.exe
PRC - [2011/03/15 11:57:06 | 002,640,120 | ---- | M] (Rebit) -- C:\Program Files\Rebit 5\DashUI.exe
PRC - [2011/03/15 11:57:00 | 003,224,312 | ---- | M] (Rebit, Inc.) -- C:\Program Files\Rebit 5\Rebit-5-Svc_xp.exe
PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2011/02/02 08:46:23 | 000,918,184 | ---- | M] (F-Secure Corporation) -- C:\Program Files\COGECO Security Services\Anti-Virus\fssm32.exe
PRC - [2011/02/02 08:46:22 | 000,508,584 | ---- | M] (F-Secure Corporation) -- C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32.exe
PRC - [2011/01/09 03:50:55 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\COGECO Security Services\FWES\program\fsdfwd.exe
PRC - [2011/01/09 03:37:42 | 000,063,992 | ---- | M] (F-Secure Corporation) -- C:\Program Files\COGECO Security Services\ORSP Client\fsorsp.exe
PRC - [2010/04/12 04:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/18 19:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/08/05 11:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
PRC - [2009/08/05 11:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\COGECO Security Services\Common\FSM32.EXE
PRC - [2009/08/05 11:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\COGECO Security Services\Common\FSHDLL32.EXE
PRC - [2009/08/05 11:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 08:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2003/10/10 12:03:10 | 000,634,880 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2003/10/10 11:16:08 | 000,077,824 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Wacom\TabUserW.exe


========== Modules (SafeList) ==========

MOD - [2011/03/26 21:13:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Greg\downloads\technical utilities\troubleshooting\scanners+cleaners\OTL\OTL.exe
MOD - [2011/02/22 13:57:42 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/18 19:17:48 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll
MOD - [2009/08/05 11:59:08 | 000,256,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files\COGECO Security Services\Spam Control\fsscoepl.dll
MOD - [2009/08/05 11:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\cogeco security services\hips\fshook32.dll
MOD - [2003/10/10 12:57:12 | 000,044,544 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/15 11:57:00 | 003,224,312 | ---- | M] (Rebit, Inc.) [Auto | Running] -- C:\Program Files\Rebit 5\Rebit-5-Svc_xp.exe -- (Rebit-5-Svc)
SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2011/01/20 21:05:32 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/09 03:50:55 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2011/01/09 03:37:42 | 000,063,992 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\COGECO Security Services\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/01/09 01:21:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/08/05 11:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\COGECO Security Services\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 11:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2003/10/10 12:03:10 | 000,634,880 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)


========== Driver Services (SafeList) ==========

DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2011/01/09 03:51:32 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2011/01/09 03:40:35 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2011/01/09 03:37:40 | 000,130,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\COGECO Security Services\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\07937052.sys -- (07937052)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\07937051.sys -- (07937051)
DRV - [2009/08/05 11:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\COGECO Security Services\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 11:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\COGECO Security Services\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/05 11:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\COGECO Security Services\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/07/24 20:28:50 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2005/06/02 20:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 19:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005/02/09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/04/09 14:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\COGECO Security Services\NRS\[email protected] [2011/03/28 05:55:04 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/05 13:24:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\COGECO Security Services\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\COGECO Security Services\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\COGECO Security Services\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\COGECO Security Services\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Rebit 5 Dashboard] C:\Program Files\Rebit 5\DashUI.exe (Rebit)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Dad.DAD-XPHOME\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Dad.DAD-XPHOME\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\COGECO Security Services\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\COGECO Security Services\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\COGECO Security Services\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\COGECO Security Services\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1294553507140 (WUWebControl Class)
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck....com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/24 15:15:04 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/15 13:57:40 | 000,000,052 | ---- | M] () - L:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/07 14:15:19 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\0793705.sys
[2011/04/07 14:15:19 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\07937051.sys
[2011/04/07 14:15:19 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\07937052.sys
[2011/04/07 14:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.DAD-XPHOME\Desktop\Virus Removal Tool
[2011/04/07 01:46:33 | 097,779,768 | ---- | C] ( ) -- C:\Documents and Settings\Dad.DAD-XPHOME\Desktop\setup_9.0.0.722_07.04.2011_08-44.exe
[2011/04/07 00:33:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/06 13:58:44 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dad.DAD-XPHOME\Desktop\aswMBR.exe
[2011/04/05 13:11:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/05 13:08:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/05 13:08:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/05 13:08:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/05 13:08:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/05 13:05:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/05 02:00:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/05 01:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/05 01:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.DAD-XPHOME\Application Data\Qualys
[2011/04/03 12:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThreatFire
[2011/04/03 12:51:44 | 000,069,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/04/03 12:51:44 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/04/03 12:51:44 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/04/03 12:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2011/04/03 12:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/04/01 01:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rebit 5
[2011/04/01 01:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Rebit 5
[2011/04/01 01:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rebit 5
[2011/03/31 14:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.DAD-XPHOME\Start Menu\Programs\freestar
[2011/03/31 14:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\freestar
[2011/03/27 14:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NexusFont
[2011/03/27 14:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\NexusFont
[2011/03/26 17:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/26 17:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/03/26 17:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/03/25 01:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.DAD-XPHOME\Application Data\thecleaner
[2011/03/24 02:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.DAD-XPHOME\Application Data\Panda Security
[2011/03/24 02:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.DAD-XPHOME\Application Data\SurfSecret Privacy Suite
[2011/03/24 02:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/03/24 02:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/03/24 01:00:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dad.DAD-XPHOME\IECompatCache
[2011/03/23 11:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\.working
[2011/03/23 00:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.DAD-XPHOME\Application Data\Malwarebytes
[2011/03/23 00:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/23 00:53:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/23 00:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/23 00:53:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/23 00:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/09 01:21:13 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2011/01/09 01:21:12 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/08 21:32:19 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/08 21:31:34 | 000,501,178 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/08 21:31:34 | 000,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/08 21:30:58 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/08 21:26:35 | 000,000,251 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2011/04/08 21:26:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/08 21:24:55 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000005-00001102-00000004-10051102}.rfx
[2011/04/08 21:24:55 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000005-00001102-00000004-10051102}.rfx
[2011/04/08 21:24:55 | 000,029,352 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000005-00001102-00000004-10051102}.rfx
[2011/04/08 21:24:55 | 000,029,352 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000005-00001102-00000004-10051102}.rfx
[2011/04/08 21:24:55 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000005-00001102-00000004-10051102}.rfx
[2011/04/08 21:24:18 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000005-00001102-00000004-10051102}.CDF
[2011/04/08 21:24:18 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000005-00001102-00000004-10051102}.BAK
[2011/04/08 15:50:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/08 14:19:57 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B8C9C3F9-2D75-408B-B6F2-0D84A44D2744}.job
[2011/04/08 00:00:15 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2011/04/07 23:21:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/07 01:46:36 | 097,779,768 | ---- | M] ( ) -- C:\Documents and Settings\Dad.DAD-XPHOME\Desktop\setup_9.0.0.722_07.04.2011_08-44.exe
[2011/04/06 13:58:44 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dad.DAD-XPHOME\Desktop\aswMBR.exe
[2011/04/05 13:24:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/05 13:11:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/05 02:06:18 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Dad.DAD-XPHOME\Desktop\gmer.exe
[2011/04/03 14:45:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/03 00:30:00 | 000,000,201 | ---- | M] () -- C:\error.fstmp
[2011/04/03 00:30:00 | 000,000,000 | ---- | M] () -- C:\infect.fstmp
[2011/04/02 23:37:42 | 000,000,112 | ---- | M] () -- C:\WINDOWS\Printdir.bat
[2011/03/31 14:20:40 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\Dad.DAD-XPHOME\Desktop\FreeStar AMR MP3 Converter.lnk
[2011/03/31 14:17:45 | 000,000,000 | ---- | M] () -- C:\systemlog
[2011/03/31 12:58:13 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/31 12:30:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/03/27 14:26:39 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NexusFont.lnk
[2011/03/24 00:57:24 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Dad.DAD-XPHOME\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/23 03:03:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/05 13:11:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/05 13:11:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/05 13:08:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/05 13:08:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/05 13:08:28 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/05 13:08:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/05 13:08:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/03 00:36:42 | 000,000,418 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B8C9C3F9-2D75-408B-B6F2-0D84A44D2744}.job
[2011/04/03 00:30:00 | 000,000,201 | ---- | C] () -- C:\error.fstmp
[2011/04/03 00:30:00 | 000,000,000 | ---- | C] () -- C:\infect.fstmp
[2011/04/02 23:37:42 | 000,000,112 | ---- | C] () -- C:\WINDOWS\Printdir.bat
[2011/03/31 14:20:40 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\Dad.DAD-XPHOME\Desktop\FreeStar AMR MP3 Converter.lnk
[2011/03/31 14:17:45 | 000,000,000 | ---- | C] () -- C:\systemlog
[2011/03/27 14:26:39 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NexusFont.lnk
[2011/03/24 00:56:02 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2011/03/20 17:07:56 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Dad.DAD-XPHOME\Desktop\gmer.exe
[2011/02/16 23:15:54 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/06 18:40:34 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2011/02/06 18:40:34 | 000,000,127 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2011/01/26 04:03:04 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2011/01/25 02:15:00 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Dad.DAD-XPHOME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/24 15:27:04 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2011/01/24 15:15:04 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2011/01/24 15:15:04 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2011/01/24 15:15:04 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2011/01/24 15:15:04 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2011/01/24 15:15:04 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2011/01/24 15:15:04 | 000,001,194 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2011/01/24 13:46:45 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2011/01/24 13:46:45 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2011/01/18 14:28:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/18 02:36:15 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2011/01/15 19:39:20 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\wacom.dat
[2011/01/14 05:55:55 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2011/01/14 05:55:55 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2011/01/14 03:03:06 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/01/14 03:03:06 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/01/14 03:03:05 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2011/01/12 18:23:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/09 03:31:00 | 000,042,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/01/09 01:21:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2011/01/09 01:21:14 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2011/01/09 01:21:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2011/01/09 01:21:14 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2011/01/09 01:21:13 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/01/09 01:21:13 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/01/09 01:21:13 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2011/01/09 01:21:12 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2011/01/09 01:21:12 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2011/01/09 01:21:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2011/01/09 01:21:12 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/01/09 01:21:12 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2011/01/09 01:21:12 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2011/01/09 01:21:12 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/01/09 01:19:29 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2011/01/08 22:28:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/08 22:24:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/08 17:11:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/08 17:10:32 | 000,169,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,501,178 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,086,080 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/12/20 19:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/03/11 02:26:10 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Edited by greg0r, 08 April 2011 - 08:48 PM.

  • 0

#29
Salagubang
Posted 08 April 2011 - 09:02 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\07937052.sys -- (07937052)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\07937051.sys -- (07937051)

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I am not familiar with thre Rebit application. Can you check if it has a repair function or if a reinstall could fix the issue.

Tell me how it goes.
  • 0

#30
greg0r
Posted 09 April 2011 - 11:15 AM

greg0r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Salagubang:

I have been running the fix for over 2 hours now and it is not apparent that anything is happening, except it says 'killing processes. DO NOT INTERRUPT...'

How long do you expect it will take?

I closed everything but the IE window for geekstogo, and have been opening new tabs, etc. I hope that kind of activity is not considered 'interrupting'...

Is there any way to tell if OTL is working or has hanged? I'm afraid to open taskmgr in case that's considered interrupting...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP