[RESOLVED] Upgrading dirty pc

Started By ProblemsRBad, Jan 27 2012 07:07 AM

Next

You cannot start a new topic
You cannot reply to this topic
Go to first unread post

23 replies to this topic

#1 ProblemsRBad

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 01:41 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 27 January 2012 - 07:07 AM

Hello, I am upgrading my friends vista Emachine. She gave me her Windows 7 cd to upgrade it for her. But first I think the system is very badly infected. I installed mbam but it will not open. I can't get online the machine because I think the infection is blocking its accsess. When I ran gmer it said that found a rootkit but I said no to continue. About 3 hours later through the scan, gmer gave an error and said can not continue. I saved what was there for a log. Also dds will not run. So all I have is a incomplete gmer log and an aswMDR log.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2008-01-01 09:28:06
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\0000004a Hitachi_ rev.GMBO
Running: 4jb9tjsy.exe; Driver: C:\Users\THEBER~1\AppData\Local\Temp\ufdirkog.sys

---- System - GMER 1.0.15 ----

Code 87067230 ZwEnumerateKey
Code 86C86370 ZwFlushInstructionCache
Code 86D2E455 IofCallDriver
Code 86D2805E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCompleteRequest 81C58FE2 5 Bytes JMP 86D28063
.text ntkrnlpa.exe!IofCallDriver 81CDAF6F 5 Bytes JMP 86D2E45A
? system32\Drivers\PsBoot.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B202340, 0x3D9767, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs PsBoot.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxqtesadssrwhrhbvfdgyonokxmybxcrre.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxqtesadssrwhrhbvfdgyonokxmybxcrre.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxqtesadssrwhrhbvfdgyonokxmybxcrre.dll
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxqtesadssrwhrhbvfdgyonokxmybxcrre.dll

---- EOF - GMER 1.0.15 ----

=========================================================================================

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2008-01-01 09:36:53
-----------------------------
09:36:53.453 OS Version: Windows 6.0.6001 Service Pack 1
09:36:53.453 Number of processors: 1 586 0x5F03
09:36:53.453 ComputerName: THEBERRY-PC UserName: The Berry
09:37:11.758 Initialize success
09:37:13.248 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
09:44:52.693 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004a
09:44:52.693 Disk 0 Vendor: Hitachi_ GMBO Size: 152627MB BusType: 6
09:44:52.723 Disk 0 MBR read successfully
09:44:53.108 Disk 0 MBR scan
09:44:53.113 Disk 0 unknown MBR code
09:44:53.123 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
09:44:53.893 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142385 MB offset 20973568
09:44:53.908 Disk 0 scanning sectors +312579760
09:44:54.273 Disk 0 scanning C:\Windows\system32\drivers
09:45:20.818 File: C:\Windows\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys **HIDDEN**
09:45:20.823 Service scanning
09:45:23.003 Service gaopdxserv.sys C:\Windows\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys **HIDDEN**
09:45:24.533 Modules scanning
09:46:24.293 Disk 0 trace - called modules:
09:46:24.313 ntkrnlpa.exe >>UNKNOWN [0x86d2e45a]<<>>UNKNOWN [0x8bee7584]<<
09:46:24.318 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854756e0]
09:46:24.328 Scan finished successfully
09:49:26.383 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
09:49:26.419 The log file has been saved successfully to "E:\aswMBRlog.txt"

P.S. I am posting this from my laptop as the infected machine will not accsess the internet due to infection.

Back to top

#2 Broni Re: [RESOLVED] Upgrading dirty pc

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 11:41 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 18m 57s

Posted 27 January 2012 - 04:13 PM

Have you concidered clean installation instead of upgrading?

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

===============================================================

Download Bootkit Remover to your Desktop.

Unzip downloaded file to your Desktop.
Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

Back to top

#3 ProblemsRBad Re: [RESOLVED] Upgrading dirty pc

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 01:41 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 27 January 2012 - 06:28 PM

Well I dont want to lose any personal files and photos, dont want to take the time to back them all up for a clean install. So I want to just clean the infections off then upgrade it, i will post back with the logs in a few.

21:49:34.0933 3072 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
21:49:34.0965 3072 ============================================================
21:49:34.0965 3072 Current date / time: 2008/01/01 21:49:34.0965
21:49:34.0965 3072 SystemInfo:
21:49:34.0965 3072
21:49:34.0965 3072 OS Version: 6.0.6001 ServicePack: 1.0
21:49:34.0965 3072 Product type: Workstation
21:49:34.0965 3072 ComputerName: THEBERRY-PC
21:49:34.0965 3072 UserName: The Berry
21:49:34.0965 3072 Windows directory: C:\Windows
21:49:34.0965 3072 System windows directory: C:\Windows
21:49:34.0965 3072 Processor architecture: Intel x86
21:49:34.0965 3072 Number of processors: 1
21:49:34.0965 3072 Page size: 0x1000
21:49:34.0965 3072 Boot type: Normal boot
21:49:34.0965 3072 ============================================================
21:49:35.0323 3072 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:49:35.0339 3072 Drive \Device\Harddisk5\DR5 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:49:35.0370 3072 Initialize success
21:50:54.0322 1672 ============================================================
21:50:54.0322 1672 Scan started
21:50:54.0322 1672 Mode: Manual;
21:50:54.0322 1672 ============================================================
21:50:54.0743 1672 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
21:50:54.0743 1672 ACPI - ok
21:50:54.0805 1672 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:50:54.0805 1672 adp94xx - ok
21:50:54.0915 1672 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:50:54.0930 1672 adpahci - ok
21:50:54.0946 1672 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:50:54.0946 1672 adpu160m - ok
21:50:54.0977 1672 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:50:54.0977 1672 adpu320 - ok
21:50:55.0149 1672 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
21:50:55.0149 1672 AFD - ok
21:50:55.0258 1672 AgereSoftModem (baf68dcba949633df0c16d37af2a2351) C:\Windows\system32\DRIVERS\AGRSM.sys
21:50:55.0258 1672 AgereSoftModem - ok
21:50:55.0367 1672 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:50:55.0367 1672 agp440 - ok
21:50:55.0429 1672 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:50:55.0476 1672 aic78xx - ok
21:50:55.0507 1672 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:50:55.0507 1672 aliide - ok
21:50:55.0523 1672 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:50:55.0523 1672 amdagp - ok
21:50:55.0539 1672 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:50:55.0539 1672 amdide - ok
21:50:55.0585 1672 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:50:55.0585 1672 AmdK7 - ok
21:50:55.0617 1672 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
21:50:55.0632 1672 AmdK8 - ok
21:50:55.0726 1672 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:50:55.0726 1672 arc - ok
21:50:55.0773 1672 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:50:55.0773 1672 arcsas - ok
21:50:55.0819 1672 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:50:55.0819 1672 AsyncMac - ok
21:50:55.0882 1672 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
21:50:55.0882 1672 atapi - ok
21:50:56.0007 1672 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:50:56.0007 1672 Beep - ok
21:50:56.0053 1672 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:50:56.0053 1672 blbdrive - ok
21:50:56.0163 1672 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
21:50:56.0163 1672 bowser - ok
21:50:56.0194 1672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:50:56.0194 1672 BrFiltLo - ok
21:50:56.0287 1672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:50:56.0287 1672 BrFiltUp - ok
21:50:56.0319 1672 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:50:56.0319 1672 Brserid - ok
21:50:56.0334 1672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:50:56.0334 1672 BrSerWdm - ok
21:50:56.0350 1672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:50:56.0350 1672 BrUsbMdm - ok
21:50:56.0365 1672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:50:56.0365 1672 BrUsbSer - ok
21:50:56.0397 1672 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:50:56.0397 1672 BTHMODEM - ok
21:50:56.0412 1672 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:50:56.0412 1672 cdfs - ok
21:50:56.0506 1672 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
21:50:56.0506 1672 cdrom - ok
21:50:56.0537 1672 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:50:56.0537 1672 circlass - ok
21:50:56.0584 1672 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
21:50:56.0584 1672 CLFS - ok
21:50:56.0693 1672 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:50:56.0693 1672 cmdide - ok
21:50:56.0709 1672 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
21:50:56.0709 1672 Compbatt - ok
21:50:56.0740 1672 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:50:56.0740 1672 crcdisk - ok
21:50:56.0755 1672 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:50:56.0755 1672 Crusoe - ok
21:50:56.0802 1672 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
21:50:56.0802 1672 DfsC - ok
21:50:56.0927 1672 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
21:50:56.0927 1672 disk - ok
21:50:56.0974 1672 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:50:56.0974 1672 drmkaud - ok
21:50:57.0067 1672 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
21:50:57.0083 1672 DXGKrnl - ok
21:50:57.0145 1672 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:50:57.0145 1672 E1G60 - ok
21:50:57.0223 1672 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
21:50:57.0223 1672 Ecache - ok
21:50:57.0286 1672 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:50:57.0286 1672 elxstor - ok
21:50:57.0364 1672 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:50:57.0364 1672 ErrDev - ok
21:50:57.0457 1672 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
21:50:57.0457 1672 exfat - ok
21:50:57.0535 1672 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
21:50:57.0535 1672 fastfat - ok
21:50:57.0613 1672 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:50:57.0613 1672 fdc - ok
21:50:57.0707 1672 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:50:57.0707 1672 FileInfo - ok
21:50:57.0738 1672 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:50:57.0738 1672 Filetrace - ok
21:50:57.0785 1672 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:50:57.0785 1672 flpydisk - ok
21:50:57.0816 1672 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
21:50:57.0816 1672 FltMgr - ok
21:50:57.0879 1672 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:50:57.0879 1672 Fs_Rec - ok
21:50:57.0910 1672 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:50:57.0910 1672 gagp30kx - ok
21:50:57.0941 1672 Suspicious service (Hidden): gaopdxserv.sys
21:50:58.0003 1672 gaopdxserv.sys (9a829e8344b1020df7299bbd606f422b) C:\Windows\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys
21:50:58.0003 1672 Suspicious file (Hidden): C:\Windows\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys. md5: 9a829e8344b1020df7299bbd606f422b
21:50:58.0003 1672 gaopdxserv.sys ( Rootkit.Win32.TDSS.tdl2 ) - infected
21:50:58.0003 1672 gaopdxserv.sys - detected Rootkit.Win32.TDSS.tdl2 (0)
21:50:58.0097 1672 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:50:58.0097 1672 GEARAspiWDM - ok
21:50:58.0175 1672 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:50:58.0175 1672 HdAudAddService - ok
21:50:58.0222 1672 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:50:58.0222 1672 HDAudBus - ok
21:50:58.0237 1672 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:50:58.0237 1672 HidBth - ok
21:50:58.0253 1672 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:50:58.0253 1672 HidIr - ok
21:50:58.0362 1672 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
21:50:58.0362 1672 HidUsb - ok
21:50:58.0440 1672 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:50:58.0440 1672 HpCISSs - ok
21:50:58.0471 1672 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
21:50:58.0471 1672 HTTP - ok
21:50:58.0534 1672 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:50:58.0534 1672 i2omp - ok
21:50:58.0612 1672 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:50:58.0612 1672 i8042prt - ok
21:50:58.0705 1672 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:50:58.0705 1672 iaStorV - ok
21:50:58.0721 1672 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:50:58.0721 1672 iirsp - ok
21:50:58.0768 1672 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
21:50:58.0768 1672 int15 - ok
21:50:58.0893 1672 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
21:50:58.0908 1672 IntcAzAudAddService - ok
21:50:59.0002 1672 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:50:59.0002 1672 intelide - ok
21:50:59.0017 1672 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:50:59.0017 1672 intelppm - ok
21:50:59.0049 1672 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:50:59.0049 1672 IpFilterDriver - ok
21:50:59.0080 1672 IpInIp - ok
21:50:59.0080 1672 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:50:59.0095 1672 IPMIDRV - ok
21:50:59.0111 1672 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:50:59.0111 1672 IPNAT - ok
21:50:59.0127 1672 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:50:59.0142 1672 IRENUM - ok
21:50:59.0236 1672 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:50:59.0236 1672 isapnp - ok
21:50:59.0267 1672 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
21:50:59.0267 1672 iScsiPrt - ok
21:50:59.0283 1672 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:50:59.0283 1672 iteatapi - ok
21:50:59.0298 1672 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:50:59.0298 1672 iteraid - ok
21:50:59.0329 1672 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:50:59.0329 1672 kbdclass - ok
21:50:59.0423 1672 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
21:50:59.0423 1672 kbdhid - ok
21:50:59.0470 1672 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
21:50:59.0470 1672 KSecDD - ok
21:50:59.0501 1672 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:50:59.0501 1672 lltdio - ok
21:50:59.0610 1672 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:50:59.0626 1672 LSI_FC - ok
21:50:59.0626 1672 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:50:59.0641 1672 LSI_SAS - ok
21:50:59.0688 1672 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:50:59.0688 1672 LSI_SCSI - ok
21:50:59.0782 1672 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:50:59.0782 1672 luafv - ok
21:50:59.0797 1672 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:50:59.0797 1672 megasas - ok
21:50:59.0844 1672 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:50:59.0844 1672 MegaSR - ok
21:50:59.0875 1672 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:50:59.0875 1672 Modem - ok
21:50:59.0953 1672 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:50:59.0953 1672 monitor - ok
21:50:59.0985 1672 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:50:59.0985 1672 mouclass - ok
21:51:00.0016 1672 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:51:00.0016 1672 mouhid - ok
21:51:00.0047 1672 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:51:00.0047 1672 MountMgr - ok
21:51:00.0156 1672 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:51:00.0156 1672 mpio - ok
21:51:00.0187 1672 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:51:00.0187 1672 mpsdrv - ok
21:51:00.0203 1672 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:51:00.0203 1672 Mraid35x - ok
21:51:00.0234 1672 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
21:51:00.0234 1672 MRxDAV - ok
21:51:00.0328 1672 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:51:00.0328 1672 mrxsmb - ok
21:51:00.0375 1672 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:51:00.0375 1672 mrxsmb10 - ok
21:51:00.0453 1672 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:51:00.0453 1672 mrxsmb20 - ok
21:51:00.0499 1672 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:51:00.0499 1672 msahci - ok
21:51:00.0515 1672 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:51:00.0515 1672 msdsm - ok
21:51:00.0546 1672 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:51:00.0546 1672 Msfs - ok
21:51:00.0624 1672 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:51:00.0624 1672 msisadrv - ok
21:51:00.0702 1672 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:51:00.0702 1672 MSKSSRV - ok
21:51:00.0780 1672 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:51:00.0780 1672 MSPCLOCK - ok
21:51:00.0811 1672 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:51:00.0827 1672 MSPQM - ok
21:51:00.0843 1672 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
21:51:00.0843 1672 MsRPC - ok
21:51:00.0874 1672 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:51:00.0874 1672 mssmbios - ok
21:51:00.0967 1672 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:51:00.0967 1672 MSTEE - ok
21:51:01.0014 1672 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
21:51:01.0014 1672 Mup - ok
21:51:01.0108 1672 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
21:51:01.0108 1672 NativeWifiP - ok
21:51:01.0170 1672 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
21:51:01.0170 1672 NDIS - ok
21:51:01.0248 1672 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:51:01.0248 1672 NdisTapi - ok
21:51:01.0295 1672 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:51:01.0295 1672 Ndisuio - ok
21:51:01.0311 1672 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
21:51:01.0326 1672 NdisWan - ok
21:51:01.0373 1672 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:51:01.0373 1672 NDProxy - ok
21:51:01.0435 1672 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:51:01.0435 1672 NetBIOS - ok
21:51:01.0467 1672 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
21:51:01.0467 1672 netbt - ok
21:51:01.0560 1672 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:51:01.0560 1672 nfrd960 - ok
21:51:01.0576 1672 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
21:51:01.0576 1672 Npfs - ok
21:51:01.0591 1672 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:51:01.0591 1672 nsiproxy - ok
21:51:01.0654 1672 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
21:51:01.0654 1672 Ntfs - ok
21:51:01.0701 1672 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:51:01.0701 1672 ntrigdigi - ok
21:51:01.0747 1672 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:51:01.0747 1672 Null - ok
21:51:01.0841 1672 NVENETFD (c39ad3b818502edfa4b819148b72a0e3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:51:01.0857 1672 NVENETFD - ok
21:51:02.0044 1672 nvlddmkm (69d60d2ecd43d0f9f3accc16926e9128) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:51:02.0169 1672 nvlddmkm - ok
21:51:02.0278 1672 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:51:02.0278 1672 nvraid - ok
21:51:02.0293 1672 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:51:02.0293 1672 nvstor - ok
21:51:02.0340 1672 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
21:51:02.0340 1672 nvstor32 - ok
21:51:02.0434 1672 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:51:02.0434 1672 nv_agp - ok
21:51:02.0449 1672 NwlnkFlt - ok
21:51:02.0465 1672 NwlnkFwd - ok
21:51:02.0512 1672 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:51:02.0512 1672 ohci1394 - ok
21:51:02.0543 1672 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:51:02.0543 1672 Parport - ok
21:51:02.0574 1672 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
21:51:02.0574 1672 partmgr - ok
21:51:02.0621 1672 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:51:02.0621 1672 Parvdm - ok
21:51:02.0699 1672 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
21:51:02.0699 1672 pci - ok
21:51:02.0761 1672 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:51:02.0761 1672 pciide - ok
21:51:02.0839 1672 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:51:02.0839 1672 pcmcia - ok
21:51:02.0980 1672 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:51:02.0980 1672 PEAUTH - ok
21:51:03.0120 1672 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:51:03.0120 1672 PptpMiniport - ok
21:51:03.0167 1672 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:51:03.0167 1672 Processor - ok
21:51:03.0198 1672 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
21:51:03.0198 1672 PSched - ok
21:51:03.0307 1672 PSINAflt (1656739ea9759ef1c3adc6f73e89d070) C:\Windows\system32\DRIVERS\PSINAflt.sys
21:51:03.0307 1672 PSINAflt - ok
21:51:03.0370 1672 PSINFile (072a5c1983b85504239c307d41d741be) C:\Windows\system32\DRIVERS\PSINFile.sys
21:51:03.0370 1672 PSINFile - ok
21:51:03.0495 1672 PSINKNC (f778579e0b47f0027cce47da1a64ef88) C:\Windows\system32\DRIVERS\psinknc.sys
21:51:03.0510 1672 PSINKNC - ok
21:51:03.0588 1672 PSINProc (0fb3436762e672800eb1c0578ac379c8) C:\Windows\system32\DRIVERS\PSINProc.sys
21:51:03.0588 1672 PSINProc - ok
21:51:03.0651 1672 PSINProt (7534273ca15900cdd1c3b392dd6b595b) C:\Windows\system32\DRIVERS\PSINProt.sys
21:51:03.0651 1672 PSINProt - ok
21:51:03.0760 1672 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:51:03.0760 1672 ql2300 - ok
21:51:03.0807 1672 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:51:03.0807 1672 ql40xx - ok
21:51:03.0838 1672 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:51:03.0838 1672 QWAVEdrv - ok
21:51:03.0900 1672 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:51:03.0900 1672 RasAcd - ok
21:51:03.0931 1672 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:51:03.0931 1672 Rasl2tp - ok
21:51:03.0963 1672 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
21:51:03.0963 1672 RasPppoe - ok
21:51:03.0978 1672 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
21:51:03.0978 1672 RasSstp - ok
21:51:04.0025 1672 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
21:51:04.0025 1672 rdbss - ok
21:51:04.0103 1672 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:51:04.0103 1672 RDPCDD - ok
21:51:04.0134 1672 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:51:04.0150 1672 rdpdr - ok
21:51:04.0181 1672 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:51:04.0181 1672 RDPENCDD - ok
21:51:04.0212 1672 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
21:51:04.0212 1672 RDPWD - ok
21:51:04.0321 1672 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:51:04.0321 1672 rspndr - ok
21:51:04.0353 1672 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:51:04.0368 1672 sbp2port - ok
21:51:04.0415 1672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:51:04.0415 1672 secdrv - ok
21:51:04.0509 1672 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:51:04.0509 1672 Serenum - ok
21:51:04.0540 1672 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:51:04.0540 1672 Serial - ok
21:51:04.0587 1672 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:51:04.0587 1672 sermouse - ok
21:51:04.0633 1672 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:51:04.0649 1672 sffdisk - ok
21:51:04.0665 1672 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:51:04.0665 1672 sffp_mmc - ok
21:51:04.0743 1672 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:51:04.0743 1672 sffp_sd - ok
21:51:04.0805 1672 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:51:04.0805 1672 sfloppy - ok
21:51:04.0852 1672 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:51:04.0852 1672 sisagp - ok
21:51:04.0867 1672 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:51:04.0867 1672 SiSRaid2 - ok
21:51:04.0899 1672 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:51:04.0899 1672 SiSRaid4 - ok
21:51:04.0977 1672 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
21:51:04.0977 1672 Smb - ok
21:51:05.0023 1672 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:51:05.0023 1672 spldr - ok
21:51:05.0086 1672 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
21:51:05.0086 1672 srv - ok
21:51:05.0148 1672 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
21:51:05.0148 1672 srv2 - ok
21:51:05.0211 1672 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
21:51:05.0211 1672 srvnet - ok
21:51:05.0289 1672 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:51:05.0289 1672 swenum - ok
21:51:05.0320 1672 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:51:05.0320 1672 Symc8xx - ok
21:51:05.0351 1672 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:51:05.0351 1672 Sym_hi - ok
21:51:05.0398 1672 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:51:05.0398 1672 Sym_u3 - ok
21:51:05.0476 1672 Tcpip (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys
21:51:05.0476 1672 Tcpip - ok
21:51:05.0538 1672 Tcpip6 (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys
21:51:05.0538 1672 Tcpip6 - ok
21:51:05.0569 1672 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
21:51:05.0569 1672 tcpipreg - ok
21:51:05.0632 1672 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:51:05.0632 1672 TDPIPE - ok
21:51:05.0647 1672 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:51:05.0647 1672 TDTCP - ok
21:51:05.0679 1672 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
21:51:05.0694 1672 tdx - ok
21:51:05.0741 1672 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
21:51:05.0741 1672 TermDD - ok
21:51:05.0835 1672 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:51:05.0835 1672 tssecsrv - ok
21:51:05.0866 1672 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:51:05.0866 1672 tunmp - ok
21:51:05.0881 1672 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
21:51:05.0881 1672 tunnel - ok
21:51:05.0913 1672 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:51:05.0913 1672 uagp35 - ok
21:51:05.0975 1672 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
21:51:05.0975 1672 udfs - ok
21:51:06.0053 1672 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:51:06.0053 1672 uliagpkx - ok
21:51:06.0084 1672 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:51:06.0084 1672 uliahci - ok
21:51:06.0100 1672 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:51:06.0115 1672 UlSata - ok
21:51:06.0178 1672 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:51:06.0178 1672 ulsata2 - ok
21:51:06.0209 1672 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:51:06.0209 1672 umbus - ok
21:51:06.0271 1672 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:51:06.0271 1672 usbccgp - ok
21:51:06.0349 1672 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:51:06.0349 1672 usbcir - ok
21:51:06.0412 1672 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
21:51:06.0427 1672 usbehci - ok
21:51:06.0443 1672 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
21:51:06.0459 1672 usbhub - ok
21:51:06.0521 1672 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
21:51:06.0521 1672 usbohci - ok
21:51:06.0599 1672 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:51:06.0599 1672 usbprint - ok
21:51:06.0615 1672 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:51:06.0615 1672 USBSTOR - ok
21:51:06.0677 1672 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:51:06.0677 1672 usbuhci - ok
21:51:06.0708 1672 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:51:06.0708 1672 vga - ok
21:51:06.0755 1672 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:51:06.0755 1672 VgaSave - ok
21:51:06.0786 1672 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:51:06.0786 1672 viaagp - ok
21:51:06.0802 1672 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:51:06.0802 1672 ViaC7 - ok
21:51:06.0817 1672 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:51:06.0817 1672 viaide - ok
21:51:06.0864 1672 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:51:06.0864 1672 volmgr - ok
21:51:06.0895 1672 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
21:51:06.0895 1672 volmgrx - ok
21:51:06.0958 1672 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
21:51:06.0958 1672 volsnap - ok
21:51:07.0020 1672 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:51:07.0020 1672 vsmraid - ok
21:51:07.0051 1672 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:51:07.0051 1672 WacomPen - ok
21:51:07.0083 1672 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:51:07.0083 1672 Wanarp - ok
21:51:07.0098 1672 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:51:07.0098 1672 Wanarpv6 - ok
21:51:07.0161 1672 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:51:07.0161 1672 Wd - ok
21:51:07.0223 1672 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:51:07.0239 1672 Wdf01000 - ok
21:51:07.0348 1672 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
21:51:07.0348 1672 WmiAcpi - ok
21:51:07.0473 1672 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
21:51:07.0473 1672 WpdUsb - ok
21:51:07.0566 1672 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:51:07.0566 1672 ws2ifsl - ok
21:51:07.0675 1672 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:51:07.0675 1672 WUDFRd - ok
21:51:07.0722 1672 MBR (0x1B8) (8c9f9e03865c35f0f3829a23cda42f5d) \Device\Harddisk0\DR0
21:51:10.0702 1672 \Device\Harddisk0\DR0 - ok
21:51:10.0702 1672 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
21:51:10.0717 1672 \Device\Harddisk5\DR5 - ok
21:51:10.0733 1672 Boot (0x1200) (319d8873509918f99eaa9571bb577d5d) \Device\Harddisk0\DR0\Partition0
21:51:10.0733 1672 \Device\Harddisk0\DR0\Partition0 - ok
21:51:10.0749 1672 Boot (0x1200) (8416d1dc555a38fd5d7dac7b4cddfad3) \Device\Harddisk5\DR5\Partition0
21:51:10.0749 1672 \Device\Harddisk5\DR5\Partition0 - ok
21:51:10.0749 1672 ============================================================
21:51:10.0749 1672 Scan finished
21:51:10.0749 1672 ============================================================
21:51:10.0780 2744 Detected object count: 1
21:51:10.0780 2744 Actual detected object count: 1
21:51:39.0609 2744 C:\Windows\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys - will be deleted on reboot
21:51:39.0609 2744 C:\Windows\system32\gaopdxqtesadssrwhrhbvfdgyonokxmybxcrre.dll - will be deleted on reboot
21:51:39.0609 2744 HKLM\SYSTEM\ControlSet001\services\gaopdxserv.sys - will be deleted on reboot
21:51:39.0624 2744 HKLM\SYSTEM\ControlSet002\services\gaopdxserv.sys - will be deleted on reboot
21:51:39.0640 2744 HKLM\SYSTEM\ControlSet003\services\gaopdxserv.sys - will be deleted on reboot
21:51:39.0640 2744 HKLM\SYSTEM\ControlSet004\services\gaopdxserv.sys - will be deleted on reboot
21:51:39.0671 2744 C:\Windows\system32\drivers\gaopdxfqvcfpqppnmnqipxdakmguiutjiypdxl.sys - will be deleted on reboot
21:51:39.0671 2744 gaopdxserv.sys ( Rootkit.Win32.TDSS.tdl2 ) - User select action: Delete
21:52:33.0517 3872 Deinitialize success

==================================================================================================

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 1 (build 600
1), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`80100000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: c3f4814ee2c87f8f4fc3acd72454a04d

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

Back to top

#4 Broni Re: [RESOLVED] Upgrading dirty pc

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 11:41 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 18m 57s

Posted 27 January 2012 - 08:10 PM

Post new aswMBR log

...and..

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.
Post it in your next reply..

Back to top

#5 ProblemsRBad Re: [RESOLVED] Upgrading dirty pc

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 01:41 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 27 January 2012 - 08:38 PM

Ok, I still cant get online with the machine, so aswmbr will not fetch new update but it still scans
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2008-01-01 23:37:52
-----------------------------
23:37:52.293 OS Version: Windows 6.0.6001 Service Pack 1
23:37:52.293 Number of processors: 1 586 0x5F03
23:37:52.293 ComputerName: THEBERRY-PC UserName: The Berry
23:37:52.855 Initialize success
23:37:55.527 AVAST engine download error: 0
23:37:59.427 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004a
23:37:59.443 Disk 0 Vendor: Hitachi_ GMBO Size: 152627MB BusType: 6
23:37:59.443 Disk 0 MBR read successfully
23:37:59.443 Disk 0 MBR scan
23:37:59.459 Disk 0 unknown MBR code
23:37:59.459 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
23:37:59.474 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142385 MB offset 20973568
23:37:59.474 Disk 0 scanning sectors +312579760
23:37:59.537 Disk 0 scanning C:\Windows\system32\drivers
23:38:03.858 Service scanning
23:38:04.856 Modules scanning
23:38:09.645 Disk 0 trace - called modules:
23:38:09.677 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
23:38:09.677 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x850641a8]
23:38:09.677 3 CLASSPNP.SYS[875a7745] -> nt!IofCallDriver -> [0x8470f508]
23:38:09.692 5 acpi.sys[806166a0] -> nt!IofCallDriver -> \Device\0000004a[0x83d9ac90]
23:38:09.692 Scan finished successfully
23:38:52.436 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
23:38:52.452 The log file has been saved successfully to "E:\aswMBRlog2.txt"

====================================================================================

ListParts by Farbar
Ran by The Berry on 01-01-2008 at 23:39:09
Windows Vista (X86)
Running From: C:\Users\The Berry\Desktop
************************************************************

========================= Memory info ======================

Percentage of memory in use: 27%
Total physical RAM: 1917.76 MB
Available physical RAM: 1393.45 MB
Total Pagefile: 4077.46 MB
Available Pagefile: 3502.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.48 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:139.05 GB) (Free:44.31 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive e: () (Removable) (Total:14.9 GB) (Free:14.89 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 15 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 1024 KB
Partition 2 Primary 139 GB 10 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 139 GB Healthy System (partition with boot components)

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 16 KB

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 15 GB Healthy

****** End Of Log ******

Back to top

#6 Broni Re: [RESOLVED] Upgrading dirty pc

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 11:41 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 18m 57s

Posted 27 January 2012 - 09:09 PM

Looks good.
We'll try to get you back online as soon as I can see the computer is fairly clean.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Back to top

#7 ProblemsRBad Re: [RESOLVED] Upgrading dirty pc

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 01:41 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 27 January 2012 - 09:42 PM

okay i didnt need to run rkill

ComboFix 12-01-27.01 - The Berry 01/27/2012 16:26:57.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1918.1323 [GMT -5:00]
Running from: c:\users\The Berry\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
c:\program files\DVDTool
c:\program files\DVDTool\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\DVDTool
c:\programdata\Microsoft\Windows\Start Menu\Programs\DVDTool\Uninstall.lnk
c:\users\The Berry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDTool
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxqtesadssrwhrhbvfdgyonokxmybxcrre.dll
c:\windows\Update.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2008-01-01 05:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 92704]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^The Berry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\The Berry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2008-12-12 18:46 9555968 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-02-27 21:01 413696 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 05:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-23 18:25 6183456 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-09-25 02:33 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3136167521-570259519-2348853543-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 79250197
*Deregistered* - 79250197
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0109&m=et1161-05
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Aim6 - (no file)
HKLM-Run-eRecoveryService - (no file)
SafeBoot-79250197.sys
AddRemove-DVDTool - c:\program files\DVDTool\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-27 16:34
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-01-27 16:36:57
ComboFix-quarantined-files.txt 2012-01-27 21:36
.
Pre-Run: 47,569,489,920 bytes free
Post-Run: 47,603,359,744 bytes free
.
- - End Of File - - 6FE4F2B7157EB372E6C9F031D825FBD5

Back to top

#8 Broni Re: [RESOLVED] Upgrading dirty pc

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 11:41 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 18m 57s

Posted 27 January 2012 - 09:45 PM

Very well.

Still no internet?

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Back to top

#9 ProblemsRBad Re: [RESOLVED] Upgrading dirty pc

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 01:41 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 27 January 2012 - 10:19 PM

the internet is working now but when i try to come to your site using internet explorere on the machine internet explorer gives me an pop up said:

internet explorer cannot open the internet site http://www.smartestcomputing.us.com/.

operation aborted

also i am able to run malwarebytes but i did not do a scan yet

Farbar Service Scanner Version: 18-01-2012 01
Ran by The Berry (administrator) on 27-01-2012 at 17:18:35
Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2008-01-20 21:33] - [2008-01-20 21:33] - 0273920 ____A (Microsoft Corporation) 763E172A55177E478CB419F88FD0BA03

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2008-10-28 21:22] - [2008-04-26 03:26] - 0891448 ____A (Microsoft Corporation) 82E266BEE5F0167E41C6ECFDD2A79C02

C:\Windows\system32\dnsrslvr.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0086528 ____A (Microsoft Corporation) F5A0F1DA1ED8B429597E71D27D976E31

C:\Windows\system32\mpssvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-20 21:33] - [2008-01-20 21:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-10-28 21:25] - [2008-04-18 00:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C

**** End of log ****

Back to top

#10 Broni Re: [RESOLVED] Upgrading dirty pc

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 11:41 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 18m 57s

Posted 27 January 2012 - 10:30 PM

Good news :)

Quote

internet explorer cannot open the internet site http://www.smartestcomputing.us.com/.
operation aborted

Open IE, go Tools>Internet options>Advanced tab and click on "Reset" button.
Restart IE.
Same issue?
Do you have another browser to try?

===========================================================

You have one registry key missing, which affects system restore.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek...system-restore/

Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Click Advanced.
Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.
Download Vista.zip file from here: http://www.smartestc...y-network-keys/
Unzip downloaded file.
You'll find several files inside.
Double-click legacy_sdrsvc.reg and confirm the prompt.
Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
Restart computer.
Post new FSS log.

=============================================================================

Update MBAM, run quick scan, post new log.

Back to top

#11 ProblemsRBad Re: [RESOLVED] Upgrading dirty pc

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 01:41 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 27 January 2012 - 10:53 PM

ok i am posting from the infected pc now i installed firefox, same issue with ie after following your steps.

when i get to this step:

Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.

I get a box pop said:

registry editor could not set owner on the key currently selected, or some of its subkeys.

should i just skip this and continue?

Back to top

#12 Broni Re: [RESOLVED] Upgrading dirty pc

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 11:41 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 18m 57s

Posted 27 January 2012 - 11:31 PM

Yeah, go ahead.

Back to top

#13 ProblemsRBad Re: [RESOLVED] Upgrading dirty pc

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 01:41 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 28 January 2012 - 12:14 AM

Farbar Service Scanner Version: 18-01-2012 01
Ran by The Berry (administrator) on 27-01-2012 at 18:59:35
Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2008-01-20 21:33] - [2008-01-20 21:33] - 0273920 ____A (Microsoft Corporation) 763E172A55177E478CB419F88FD0BA03

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2008-10-28 21:22] - [2008-04-26 03:26] - 0891448 ____A (Microsoft Corporation) 82E266BEE5F0167E41C6ECFDD2A79C02

C:\Windows\system32\dnsrslvr.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0086528 ____A (Microsoft Corporation) F5A0F1DA1ED8B429597E71D27D976E31

C:\Windows\system32\mpssvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-20 21:33] - [2008-01-20 21:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-10-28 21:25] - [2008-04-18 00:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C

**** End of log ****

==============================================================================================================================

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.07

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
The Berry :: THEBERRY-PC [administrator]

Protection: Enabled

1/27/2012 7:04:54 PM
mbam-log-2012-01-27 (19-04-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181070
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\The Berry\Downloads\Windows.Media.Player.License.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

(end)

Back to top

#14 Broni Re: [RESOLVED] Upgrading dirty pc

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 11:41 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 18m 57s

Posted 28 January 2012 - 12:25 AM

Good :)

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Back to top

#15 ProblemsRBad Re: [RESOLVED] Upgrading dirty pc

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 01:41 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 28 January 2012 - 12:43 AM

the system is running better now

OTL logfile created on: 1/27/2012 7:32:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\The Berry\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 66.34% Memory free
3.98 Gb Paging File | 3.22 Gb Available in Paging File | 80.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 41.47 Gb Free Space | 29.82% Space Free | Partition Type: NTFS

Computer Name: THEBERRY-PC | User Name: The Berry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/27 19:30:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Berry\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/04/28 14:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/22 21:14:28 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/02/22 06:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2008/07/22 21:14:28 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/05 12:12:48 | 000,143,624 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2011/04/28 13:57:30 | 000,112,712 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2011/04/28 13:57:07 | 000,126,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2011/04/28 13:57:07 | 000,111,176 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2011/04/28 13:57:07 | 000,099,400 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2008/07/22 21:14:24 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/06/11 14:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/02 09:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/25 00:38:20 | 001,048,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 07:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...109&m=et1161-05
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...109&m=et1161-05

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3136167521-570259519-2348853543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...109&m=et1161-05
IE - HKU\S-1-5-21-3136167521-570259519-2348853543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3136167521-570259519-2348853543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-3136167521-570259519-2348853543-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3136167521-570259519-2348853543-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/27 17:41:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/27 17:37:42 | 000,000,000 | ---D | M]

[2012/01/27 17:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Berry\AppData\Roaming\Mozilla\Extensions
[2012/01/27 17:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Berry\AppData\Roaming\Mozilla\Firefox\Profiles\00qe5pos.default\extensions
[2012/01/27 17:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/01/27 16:34:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3136167521-570259519-2348853543-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3136167521-570259519-2348853543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3789212C-4E37-4DC7-8B34-88599A8C27F4}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\The Berry\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\The Berry\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/27 19:29:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\The Berry\Desktop\OTL.exe
[2012/01/27 18:39:47 | 000,000,000 | ---D | C] -- C:\Users\The Berry\Desktop\Vista
[2012/01/27 17:41:20 | 000,000,000 | ---D | C] -- C:\Users\The Berry\AppData\Roaming\Mozilla
[2012/01/27 17:41:20 | 000,000,000 | ---D | C] -- C:\Users\The Berry\AppData\Local\Mozilla
[2012/01/27 17:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2012/01/27 17:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/27 16:56:39 | 000,000,000 | ---D | C] -- C:\Users\The Berry\AppData\Roaming\Malwarebytes
[2012/01/27 16:37:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/27 16:36:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/27 16:36:59 | 000,000,000 | ---D | C] -- C:\Users\The Berry\AppData\Local\temp
[2012/01/27 16:25:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/27 16:25:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/27 16:25:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/27 16:11:04 | 004,391,956 | R--- | C] (Swearware) -- C:\Users\The Berry\Desktop\ComboFix.exe
[2012/01/27 13:26:17 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\The Berry\Desktop\tdsskiller.exe
[2012/01/26 20:51:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\The Berry\Desktop\dds.scr
[2012/01/26 20:51:08 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\The Berry\Desktop\aswMBR.exe

========== Files - Modified Within 30 Days ==========

[2012/01/27 19:30:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Berry\Desktop\OTL.exe
[2012/01/27 19:15:53 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/27 19:15:53 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/27 19:09:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 19:09:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 19:09:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/27 19:09:20 | 2011,680,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/27 17:41:23 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2012/01/27 17:37:44 | 000,001,710 | ---- | M] () -- C:\Users\The Berry\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/27 17:37:44 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/27 17:34:17 | 000,000,905 | ---- | M] () -- C:\Users\The Berry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/27 17:14:42 | 000,334,429 | ---- | M] () -- C:\Users\The Berry\Desktop\FSS.exe
[2012/01/27 16:34:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/27 16:11:08 | 004,391,956 | R--- | M] (Swearware) -- C:\Users\The Berry\Desktop\ComboFix.exe
[2012/01/27 15:27:38 | 000,302,901 | ---- | M] () -- C:\Users\The Berry\Desktop\ListParts.exe
[2012/01/27 13:26:32 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\The Berry\Desktop\tdsskiller.exe
[2012/01/26 20:51:24 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\The Berry\Desktop\aswMBR.exe
[2012/01/26 20:51:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\The Berry\Desktop\dds.scr
[2012/01/26 20:51:02 | 000,302,592 | ---- | M] () -- C:\Users\The Berry\Desktop\4jb9tjsy.exe

========== Files Created - No Company Name ==========

[2012/01/27 17:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/01/27 17:37:44 | 000,001,710 | ---- | C] () -- C:\Users\The Berry\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/27 17:37:44 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/27 17:34:17 | 000,000,905 | ---- | C] () -- C:\Users\The Berry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/27 17:14:38 | 000,334,429 | ---- | C] () -- C:\Users\The Berry\Desktop\FSS.exe
[2012/01/27 16:25:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/27 16:25:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/27 16:25:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/27 16:25:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/27 16:25:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/27 15:27:35 | 000,302,901 | ---- | C] () -- C:\Users\The Berry\Desktop\ListParts.exe
[2012/01/26 20:50:59 | 000,302,592 | ---- | C] () -- C:\Users\The Berry\Desktop\4jb9tjsy.exe
[2009/05/03 16:16:31 | 000,000,112 | ---- | C] () -- C:\Users\The Berry\AppData\Roaming\wklnhst.dat
[2009/03/18 20:30:15 | 000,010,240 | ---- | C] () -- C:\Users\The Berry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/12 23:54:50 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/01/20 12:33:40 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/10/28 21:37:42 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/10/28 21:24:52 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/28 21:24:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/01/01 01:00:34 | 000,000,680 | ---- | C] () -- C:\Users\The Berry\AppData\Local\d3d9caps.dat
[2008/01/01 00:23:11 | 000,000,264 | ---- | C] () -- C:\Windows\System32\PSUNCpl.dat
[2006/11/22 17:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,306,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/02/18 20:12:41 | 000,000,000 | ---D | M] -- C:\Users\Elijah\AppData\Roaming\Ludia
[2009/02/11 15:17:20 | 000,000,000 | ---D | M] -- C:\Users\Elijah\AppData\Roaming\PlayFirst
[2009/02/08 19:17:01 | 000,000,000 | ---D | M] -- C:\Users\Elijah\AppData\Roaming\WildTangent
[2009/02/05 22:59:51 | 000,000,000 | ---D | M] -- C:\Users\The Berry\AppData\Roaming\acccore
[2007/12/31 23:33:14 | 000,000,000 | ---D | M] -- C:\Users\The Berry\AppData\Roaming\Azureus
[2008/01/01 00:28:23 | 000,000,000 | ---D | M] -- C:\Users\The Berry\AppData\Roaming\Panda Security
[2009/05/03 16:16:39 | 000,000,000 | ---D | M] -- C:\Users\The Berry\AppData\Roaming\Template
[2009/03/27 10:04:54 | 000,000,000 | ---D | M] -- C:\Users\The Berry\AppData\Roaming\uTorrent
[2009/02/08 22:13:33 | 000,000,000 | ---D | M] -- C:\Users\The Berry\AppData\Roaming\WildTangent
[2012/01/27 19:08:32 | 000,032,128 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 21:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/10/28 21:59:59 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/01/20 12:40:07 | 000,000,032 | ---- | M] () -- C:\cds.log
[2012/01/27 16:36:58 | 000,006,039 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/05/01 18:27:10 | 000,210,776 | ---- | M] () -- C:\coreuninstall.log
[2006/12/07 14:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll
[2012/01/27 19:09:20 | 2011,680,768 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/05 22:59:40 | 000,000,367 | -H-- | M] () -- C:\IPH.PH
[2008/10/28 21:55:14 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
[2009/01/20 12:37:20 | 000,000,106 | ---- | M] () -- C:\ms.log
[2009/03/27 11:48:11 | 000,000,827 | ---- | M] () -- C:\net_save.dna
[2012/01/27 19:09:18 | 2325,491,712 | -HS- | M] () -- C:\pagefile.sys
[2009/05/01 18:27:10 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2009/05/01 18:27:10 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
[2008/10/28 21:46:38 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2006/11/02 07:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:35:34 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/10/22 00:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD97.DLL
[2007/10/22 00:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP97.DLL
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/01/27 17:34:18 | 000,000,286 | -HS- | M] () -- C:\Users\The Berry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/01/26 20:51:02 | 000,302,592 | ---- | M] () -- C:\Users\The Berry\Desktop\4jb9tjsy.exe
[2012/01/26 20:51:24 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\The Berry\Desktop\aswMBR.exe
[2012/01/27 16:11:08 | 004,391,956 | R--- | M] (Swearware) -- C:\Users\The Berry\Desktop\ComboFix.exe
[2012/01/27 17:14:42 | 000,334,429 | ---- | M] () -- C:\Users\The Berry\Desktop\FSS.exe
[2012/01/27 15:27:38 | 000,302,901 | ---- | M] () -- C:\Users\The Berry\Desktop\ListParts.exe
[2012/01/27 19:30:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Berry\Desktop\OTL.exe
[2012/01/27 13:26:32 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\The Berry\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/02/04 23:49:02 | 000,000,402 | -HS- | M] () -- C:\Users\The Berry\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/01/20 12:40:02 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/01/20 12:39:18 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-03-12 07:01:01

< End of report >

=======================================================================================================

OTL Extras logfile created on: 1/27/2012 7:32:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\The Berry\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 66.34% Memory free
3.98 Gb Paging File | 3.22 Gb Available in Paging File | 80.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 41.47 Gb Free Space | 29.82% Space Free | Partition Type: NTFS

Computer Name: THEBERRY-PC | User Name: The Berry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3136167521-570259519-2348853543-1000\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3136167521-570259519-2348853543-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E2587AF-44C9-485D-A8FE-E3986D641185}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2DEFD7C9-23DD-4AD3-B0A3-0F685B472440}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{361E17A5-555E-464E-9546-BF971DEFA553}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{45051C14-79D0-4390-AF4D-82140328E7FE}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{4C22A2E4-6A58-4A81-95A3-5313CB4C1505}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{630DFE74-9672-408D-8989-F3F5C816B774}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{697D8EF6-4303-44E2-81C4-DF7A89D4DAF4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8331BBFE-269D-44F3-81C8-19E1BB1A8952}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F4BFC8A-C80E-40FE-A928-B5FC1AFE6759}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D20ECA7D-9797-44C2-9517-69FA4DFAC6A5}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{EAD48D50-4C37-4EF5-AB1C-7A85E0A4715A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{FA111BE0-F221-4D0D-82BE-D7608E16586C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{A4364E61-BD09-4A3B-A198-36D9598B0955}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{AF42FC46-4D6D-4EC6-A956-974D8729C898}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AIM_6" = AIM 6
"Disney Toontown Online" = Disney Toontown Online
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MySpaceIM" = MySpaceIM
"NVIDIA Drivers" = NVIDIA Drivers
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"VLC media player" = VLC media player 1.1.11
"Vuze" = Vuze
"WildTangent emachines Master Uninstall" = eMachines Games

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3136167521-570259519-2348853543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2009 6:38:37 PM | Computer Name = TheBerry-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/30/2009 7:10:45 PM | Computer Name = TheBerry-PC | Source = EventSystem | ID = 4621
Description =

Error - 4/30/2009 7:11:47 PM | Computer Name = TheBerry-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
Description =

Error - 4/30/2009 7:11:51 PM | Computer Name = TheBerry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/30/2009 7:11:51 PM | Computer Name = TheBerry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/30/2009 7:11:51 PM | Computer Name = TheBerry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/30/2009 7:11:51 PM | Computer Name = TheBerry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/30/2009 7:13:15 PM | Computer Name = TheBerry-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/30/2009 7:15:30 PM | Computer Name = TheBerry-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
Description =

Error - 4/30/2009 7:18:30 PM | Computer Name = TheBerry-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
Description =

[ System Events ]
Error - 4/10/2009 6:33:03 PM | Computer Name = TheBerry-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 4/10/2009 6:33:04 PM | Computer Name = TheBerry-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 4/10/2009 6:33:04 PM | Computer Name = TheBerry-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 4/10/2009 6:33:05 PM | Computer Name = TheBerry-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 4/10/2009 6:33:05 PM | Computer Name = TheBerry-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 4/10/2009 6:33:06 PM | Computer Name = TheBerry-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 4/10/2009 6:33:07 PM | Computer Name = TheBerry-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 4/10/2009 6:33:07 PM | Computer Name = TheBerry-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 4/10/2009 6:33:08 PM | Computer Name = TheBerry-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 4/10/2009 6:33:08 PM | Computer Name = TheBerry-PC | Source = WPDMTPDriver | ID = 80836
Description =

< End of report >

Back to top

#16 Broni Re: [RESOLVED] Upgrading dirty pc

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 11:41 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 18m 57s

Posted 28 January 2012 - 12:49 AM

Good :)

OTL log is clean.

1. Update your Java version here: http://www.java.com/...d/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

========================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Back to top

#17 ProblemsRBad Re: [RESOLVED] Upgrading dirty pc

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 01:41 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 28 January 2012 - 01:14 AM

ok the eset will not connect and download , it keeps coming up red saying: can not get update. is proxy configured?
What do i do?

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 1 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Panda Cloud Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 29
Mozilla Firefox (3.6.25) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUNMain.exe
``````````End of Log````````````

====================================================================================

Farbar Service Scanner Version: 18-01-2012 01
Ran by The Berry (administrator) on 27-01-2012 at 20:03:50
Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2008-01-20 21:33] - [2008-01-20 21:33] - 0273920 ____A (Microsoft Corporation) 763E172A55177E478CB419F88FD0BA03

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2008-10-28 21:22] - [2008-04-26 03:26] - 0891448 ____A (Microsoft Corporation) 82E266BEE5F0167E41C6ECFDD2A79C02

C:\Windows\system32\dnsrslvr.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0086528 ____A (Microsoft Corporation) F5A0F1DA1ED8B429597E71D27D976E31

C:\Windows\system32\mpssvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-20 21:33] - [2008-01-20 21:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-10-28 21:25] - [2008-04-18 00:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C

**** End of log ****

Back to top

#18 Broni Re: [RESOLVED] Upgrading dirty pc

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 11:41 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 18m 57s

Posted 28 January 2012 - 02:07 AM

Quote

ok the eset will not connect and download , it keeps coming up red saying: can not get update. is proxy configured?

Use Firefox.

Back to top

#19 ProblemsRBad Re: [RESOLVED] Upgrading dirty pc

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 01:41 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 28 January 2012 - 02:11 AM

i am using firefox, i have the eset downloaded, its when it tries to update it self, its not connecting.

Back to top

#20 Broni Re: [RESOLVED] Upgrading dirty pc

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 11:41 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 18m 57s

Posted 28 January 2012 - 02:14 AM

Use IE then.

If still a problem....

Please, run F-Secure Online Scanner

Disable your Antivirus program.
Checkmark I have read and accepted the license terms.
Click on Run Check button.
Quick scan (recommended) option will come pre-checked. Don't change it.
Click on Start button.
When scan is done, in Step 3: Clean the files, leave all settings as they're.
Click Next button.
Click Full report... button.
Copy report's content and paste it into your next reply.