Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Trojan.


  • This topic is locked This topic is locked
21 replies to this topic

#1 Whatareyoudoingdave

Whatareyoudoingdave

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 24 March 2011 - 11:21 AM

Hi,

I was following the instructions in the Prep Guide but 2 problems accrue:

1. DDS Hangs, never finishes and finally locks up the machine.
2. GMER BlueScreens the computer with an invalid page fault.

this computer is a Windows Vista Home Basic 32bit SP1 on a AMD athlon 64bit with 1GB of ram.

thanks in advance.

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 30 March 2011 - 05:50 PM

Hello and welcome to Bleeping Computer

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Since you're having issues with GMER, please try GMER in safe mode. If that doesn't work, try in safe mode, but uncheck 'devices'. If all else fails, try in safe mode and only check 'files' and 'sections'

In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Whatareyoudoingdave

Whatareyoudoingdave
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 30 March 2011 - 09:56 PM

Hi Etavares,

I have NOT resolved the problem, GMER causes a Page Fault Blue Screen caused by PWDOIPOW.SYS and DDS still will run, but it freezes the OS at some point and it never recovers.

I do have a windows installation CD.

I have installed some service packs since my first post, the computer is now running windows Vista Home Basic with Service Pack 2.


I Ran OTL as specified and here is the report:


OTL logfile created on: 3/30/2011 10:32:06 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\tekki\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.00 Mb Total Physical Memory | 203.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67.73 Gb Total Space | 27.15 Gb Free Space | 40.09% Space Free | Partition Type: NTFS

Computer Name: TEKKI-PC | User Name: tekki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/30 22:28:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\tekki\Desktop\OTL.exe
PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2011/01/27 17:13:50 | 000,226,624 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/01/27 17:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/09/14 23:33:34 | 000,006,656 | ---- | M] (Motorola) -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 10:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/07/07 09:42:06 | 002,156,368 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/08/15 18:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/01 17:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/05/18 06:43:00 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/02/26 00:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/03/30 22:28:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\tekki\Desktop\OTL.exe
MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/27 17:13:50 | 000,226,624 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/09/14 23:33:34 | 000,006,656 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe -- (MotoHelper.exe)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/01 17:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/02/26 00:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 09:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/03 14:03:08 | 000,020,352 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/09/29 17:13:46 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/07/12 13:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/07/12 13:48:56 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/05/08 10:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/18 23:43:20 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/08/01 17:37:20 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/07/28 02:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/03/28 10:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 02:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/30 14:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/10/23 19:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 08:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4156169706-639637757-2468694063-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-4156169706-639637757-2468694063-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-4156169706-639637757-2468694063-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/03/25 04:23:40 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-4156169706-639637757-2468694063-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-4156169706-639637757-2468694063-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKU\S-1-5-21-4156169706-639637757-2468694063-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4156169706-639637757-2468694063-1000\..Trusted Domains: adobe.com ([get] http in Trusted sites)
O15 - HKU\S-1-5-21-4156169706-639637757-2468694063-1000\..Trusted Domains: nickjrboost.com ([]http in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.18.1 170.215.255.114 65.73.172.4 10.10.18.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\tekki\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\tekki\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 22:29:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\tekki\Desktop\OTL.exe
[2011/03/30 19:13:49 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/03/30 16:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/03/30 16:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2011/03/30 16:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola
[2011/03/30 16:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2011/03/30 16:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2011/03/29 22:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/03/29 22:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/03/27 15:22:33 | 000,000,000 | ---D | C] -- C:\Users\tekki\.android
[2011/03/27 15:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2011/03/27 15:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Android
[2011/03/27 15:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2011/03/27 05:35:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/27 05:35:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/27 05:35:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/27 05:34:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/27 05:33:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/26 23:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/03/26 23:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/26 16:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2011/03/25 18:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Prolific
[2011/03/25 18:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeTT
[2011/03/25 18:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\teraterm
[2011/03/25 18:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOCD
[2011/03/25 14:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2011/03/24 22:43:01 | 000,000,000 | ---D | C] -- C:\Winbuilder
[2011/03/24 21:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/03/24 18:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK
[2011/03/24 18:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Imaging
[2011/03/24 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows AIK
[2011/03/24 18:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2011/03/24 18:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems
[2011/03/24 18:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2011/03/24 18:23:33 | 000,000,000 | ---D | C] -- C:\Users\tekki\Documents\My ISO Files
[2011/03/24 15:06:12 | 000,000,000 | ---D | C] -- C:\Users\tekki\AppData\Roaming\WinRAR
[2011/03/24 15:06:12 | 000,000,000 | ---D | C] -- C:\Users\tekki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/03/24 15:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/03/24 15:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/03/24 13:53:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/03/24 13:53:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/03/24 13:53:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/03/24 13:23:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/03/24 13:10:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/24 02:11:33 | 000,000,000 | ---D | C] -- C:\temp.tvap
[2011/03/24 00:37:58 | 000,000,000 | ---D | C] -- C:\Users\tekki\AppData\Roaming\WinBatch
[2011/03/24 00:37:52 | 000,000,000 | ---D | C] -- C:\safgv200
[2011/03/24 00:29:09 | 000,000,000 | ---D | C] -- C:\Users\tekki\AppData\Roaming\Apple Computer
[2011/03/24 00:29:09 | 000,000,000 | ---D | C] -- C:\Users\tekki\AppData\Local\Apple Computer
[2011/03/24 00:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/03/24 00:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/03/24 00:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/24 00:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/03/23 23:55:52 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011/03/23 23:09:32 | 000,000,000 | ---D | C] -- C:\Users\tekki\AppData\Local\Apple
[2011/03/23 23:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/03/23 23:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/03/23 23:01:17 | 000,000,000 | ---D | C] -- C:\bc3f6ce8112875ae86b5058f93
[2011/03/23 19:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
[2011/03/23 19:58:31 | 000,000,000 | ---D | C] -- C:\Users\tekki\AppData\Roaming\IObit
[2011/03/23 19:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/03/23 19:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2011/03/23 19:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/03/23 19:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/03/23 19:46:53 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/03/23 19:46:51 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/03/23 19:46:39 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/03/23 19:46:37 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/03/23 19:46:33 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/03/23 19:46:29 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/03/23 19:44:54 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/03/23 19:44:54 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/03/23 19:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/03/23 19:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/23 17:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/03/23 17:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/23 16:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/03/23 16:31:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/03/23 14:51:14 | 000,000,000 | ---D | C] -- C:\Users\tekki\AppData\Roaming\Malwarebytes
[2011/03/23 14:51:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/23 14:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/23 14:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/23 14:51:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/23 14:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/23 13:15:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/21 14:14:38 | 000,000,000 | ---D | C] -- C:\Users\tekki\AppData\Roaming\Macromedia
[2011/03/21 10:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/03/21 10:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/03/21 10:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/30 22:28:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\tekki\Desktop\OTL.exe
[2011/03/30 22:22:26 | 000,002,305 | ---- | M] () -- C:\Users\tekki\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/03/30 22:21:53 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/30 22:21:53 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/03/30 22:21:47 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/30 22:21:47 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/30 22:21:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/30 22:21:32 | 937,476,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/30 20:11:50 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/03/30 20:03:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/30 19:01:15 | 000,625,664 | ---- | M] () -- C:\Users\tekki\Desktop\dds.scr
[2011/03/30 18:57:25 | 003,697,975 | ---- | M] () -- C:\Users\tekki\Desktop\ComboFix.exe
[2011/03/30 16:43:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/03/30 16:43:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/03/30 16:43:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/03/30 16:22:38 | 000,001,027 | ---- | M] () -- C:\Users\tekki\Documents\HelperStartAfterInstall.vbs
[2011/03/30 16:21:30 | 000,000,723 | ---- | M] () -- C:\Users\tekki\Documents\HelperStart.vbs
[2011/03/30 16:03:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/30 15:56:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2011/03/28 22:37:55 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
[2011/03/28 22:37:50 | 000,000,410 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/03/27 05:43:09 | 000,397,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/26 23:50:10 | 000,197,900 | ---- | M] () -- C:\Users\tekki\Documents\cc_20110326_234957.reg
[2011/03/26 23:37:46 | 001,056,768 | ---- | M] () -- C:\Windows\System32\defltbase.sdb
[2011/03/25 11:50:24 | 000,002,838 | ---- | M] () -- C:\Windows\machine.ver
[2011/03/25 11:50:17 | 000,000,067 | ---- | M] () -- C:\Windows\swupdate.INI
[2011/03/25 04:23:40 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/24 18:39:14 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/03/24 18:39:13 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/03/24 13:18:22 | 000,000,954 | ---- | M] () -- C:\Users\tekki\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/24 00:28:48 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/03/23 23:22:47 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2011/03/23 23:22:34 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2011/03/23 22:37:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011/03/23 22:37:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/03/23 19:46:54 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/03/23 19:46:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/03/23 17:09:08 | 136,972,107 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/23 14:51:11 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/23 14:22:05 | 000,000,680 | ---- | M] () -- C:\Users\tekki\AppData\Local\d3d9caps.dat
[2011/03/21 10:58:32 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/30 20:00:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/03/30 19:00:50 | 000,625,664 | ---- | C] () -- C:\Users\tekki\Desktop\dds.scr
[2011/03/30 18:57:13 | 003,697,975 | ---- | C] () -- C:\Users\tekki\Desktop\ComboFix.exe
[2011/03/30 16:43:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/03/30 16:43:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/03/30 16:43:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/03/30 16:22:38 | 000,001,027 | ---- | C] () -- C:\Users\tekki\Documents\HelperStartAfterInstall.vbs
[2011/03/30 16:21:30 | 000,000,723 | ---- | C] () -- C:\Users\tekki\Documents\HelperStart.vbs
[2011/03/30 16:03:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/30 15:56:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2011/03/28 22:37:50 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/28 22:37:50 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2011/03/27 05:35:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/27 05:35:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/27 05:35:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/27 05:35:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/27 05:35:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/26 23:50:02 | 000,197,900 | ---- | C] () -- C:\Users\tekki\Documents\cc_20110326_234957.reg
[2011/03/26 15:44:35 | 001,056,768 | ---- | C] () -- C:\Windows\System32\defltbase.sdb
[2011/03/25 11:50:16 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2011/03/24 18:38:43 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/03/24 18:38:43 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/03/24 12:47:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/03/24 12:47:37 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011/03/24 12:36:55 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/24 12:22:23 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/03/24 12:22:22 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/24 12:22:22 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/24 12:12:02 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/03/24 12:11:59 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/03/24 12:11:51 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/03/24 12:11:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/24 12:11:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/24 12:11:45 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/03/24 12:11:40 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/03/24 12:11:24 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/03/24 12:11:22 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/03/24 12:10:32 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/03/24 12:10:24 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/03/24 00:49:26 | 937,476,096 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/24 00:28:48 | 000,002,305 | ---- | C] () -- C:\Users\tekki\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/03/24 00:28:48 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/03/24 00:28:48 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/03/24 00:10:46 | 000,000,960 | ---- | C] () -- C:\Users\tekki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/03/23 23:09:24 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/03/23 22:37:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011/03/23 22:37:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/03/23 22:36:22 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2011/03/23 19:58:49 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2011/03/23 19:46:54 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/03/23 16:31:33 | 136,972,107 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/03/23 14:51:11 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/23 14:22:05 | 000,000,680 | ---- | C] () -- C:\Users\tekki\AppData\Local\d3d9caps.dat
[2011/03/21 10:58:32 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/09/11 16:23:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/11 15:28:16 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/09/11 15:28:16 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/09/11 15:28:16 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/09/11 15:28:16 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/09/11 15:28:16 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/09/11 15:28:16 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/09/11 15:02:23 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/09/11 15:02:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/09/11 15:02:23 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/09/11 15:02:23 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/09/11 14:58:30 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/09/11 14:53:18 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/09/11 14:53:18 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/07/28 02:26:30 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/07/28 02:01:12 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/02/20 19:39:10 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/12/05 16:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,397,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,024 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/03/23 19:58:31 | 000,000,000 | ---D | M] -- C:\Users\tekki\AppData\Roaming\IObit
[2011/03/24 00:37:58 | 000,000,000 | ---D | M] -- C:\Users\tekki\AppData\Roaming\WinBatch
[2011/03/30 22:21:53 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2011/03/30 20:42:13 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2007/07/28 02:26:42 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll

< %systemroot%\system32\*.sys /90 >
[2010/12/31 09:57:01 | 002,039,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/09/11 14:52:10 | 006,045,696 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/09/11 14:52:08 | 000,098,304 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/09/11 14:52:10 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/09/11 14:52:18 | 014,671,872 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/09/11 14:52:19 | 005,906,432 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/09/11 14:52:22 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/03/30 22:21:32 | 937,476,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/30 22:21:28 | 1251,282,944 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >

#4 Whatareyoudoingdave

Whatareyoudoingdave
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 30 March 2011 - 10:21 PM

and the Extras txt:

OTL Extras logfile created on: 3/30/2011 10:32:06 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\tekki\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.00 Mb Total Physical Memory | 203.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67.73 Gb Total Space | 27.15 Gb Free Space | 40.09% Space Free | Partition Type: NTFS

Computer Name: TEKKI-PC | User Name: tekki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A4715AC0-2D42-49D9-BCBB-7562FE52E2D2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CDD6B8DB-0D2D-48B8-9601-14750CE0195C}" = lport=12345 | protocol=6 | dir=in | name=motorola helper |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{ACB42BF6-AB50-4FB7-B18F-01937B578D43}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D1EEF69A-D4D0-4F80-8B37-2DEF16F3DF81}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0221A397-962E-6D84-F786-64E445617999}" = CCC Help English
"{08CB1B3E-D42C-3ED5-7896-F8BC31839315}" = Catalyst Control Center Localization Czech
"{0C9B3E29-3B8B-295E-773B-82F3516F17DD}" = CCC Help Thai
"{0D99E1E9-D28C-6806-0820-13E10082CE7B}" = CCC Help Italian
"{0DC5B855-1CE2-9EA3-AA12-78C8939F68EF}" = Catalyst Control Center Core Implementation
"{0E2C948E-44D6-9A1C-54E7-05217E7DCC13}" = CCC Help Dutch
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1B5AB0D6-4F7C-9B93-5323-9037F1E61142}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21EA2A28-3146-E63D-16EE-0BF9FA3D6F5E}" = Catalyst Control Center Localization German
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{31C97472-E522-A760-F46D-FC0648F77E9C}" = CCC Help French
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40E3BE50-51A6-F8A0-DB5F-7C2698FA5E1F}" = CCC Help Spanish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{432DC370-01EF-F2D8-34C3-27DCC9B13083}" = CCC Help Norwegian
"{44151656-ECAC-99DC-1AC5-1F06A1A62939}" = Catalyst Control Center Graphics Light
"{454AB369-FABF-EB84-FBC1-CA4E8FBD3926}" = Catalyst Control Center Localization Hungarian
"{497268C1-AE62-4A1D-1129-1D03183538B0}" = Catalyst Control Center Localization Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CE6623E-C867-81B3-8B94-A4FE021782BF}" = CCC Help Portuguese
"{55FE1E6B-4E8A-0F2B-5B36-8F4363A0AEBC}" = Catalyst Control Center Localization Chinese Traditional
"{59DC42FB-13A7-45E1-BCC3-37CE5977951E}" = CCC Help Japanese
"{59DF97C6-3144-FA5A-4380-6B891BB44812}" = CCC Help German
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5BBE3EAB-D749-0560-2C39-53DC8531CB01}" = Catalyst Control Center Localization Korean
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{608738F2-51B4-CD53-C1CC-220363513ED7}" = CCC Help Czech
"{60C7374C-B546-45DE-A578-2E29BA8C3F1C}" = Moto Helper Service
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{649C3B52-AA90-1F36-3D36-CE7F2BB1CB8C}" = Catalyst Control Center Localization Chinese Standard
"{654CABFA-4289-9EC0-F088-34BFCC84A798}" = Catalyst Control Center Localization Turkish
"{65CC9CE1-AAF1-866B-B07E-FECC0B53277E}" = Catalyst Control Center Localization Danish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A9DF7EE-E7B9-E4F1-204A-FE72F47231CB}" = CCC Help Finnish
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7163A2F1-2DED-9EF4-24FC-06D607D2A9C9}" = Catalyst Control Center Graphics Full New
"{731341F3-55AA-8488-A3F1-3D4C43412C87}" = CCC Help Russian
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{755F77D1-717E-4D7D-BF21-D3EB63906365}" = Winbond CIR Device Drivers
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7A929336-7D2E-C4E3-2AC9-CA80FBEB5701}" = Catalyst Control Center Localization Spanish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84C7D852-CDF6-7006-91C7-E6A54519E5D5}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E850D2A-F5E9-C322-ABFF-683C69686C13}" = Catalyst Control Center Localization Russian
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{93FE0FBE-23F5-7BF4-9085-6E046D609F22}" = CCC Help Chinese Traditional
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A74BE9F1-1129-FB71-DA7B-96F5D99CA330}" = Catalyst Control Center Localization Finnish
"{A762A897-3E65-E264-5188-CBAD303064C2}" = Skins
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB79C30D-A920-D219-B4FD-C9552A0419D3}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AD6A78C4-AD77-448D-4F9D-43AD80C8D8FF}" = Catalyst Control Center Localization French
"{AEE482BA-1731-499C-346D-B5F498B7DBF8}" = CCC Help Turkish
"{B3E356C8-CEB3-467C-EA92-8FC2CA15AD51}" = Catalyst Control Center Localization Polish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BBD408BC-486B-9857-C805-945F8F083877}" = CCC Help Swedish
"{BE044C42-908B-4952-5140-E2B8FD67F267}" = CCC Help Danish
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C29D1033-0247-FFC6-7895-204ABABA0F20}" = ccc-utility
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C643EEE3-A55A-58D1-D543-ED46726288CB}" = CCC Help Greek
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C7C7C686-8479-4173-9570-F4B350D91B37}" = Motorola Mobile Drivers Installation 4.9.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0B87CB2-8599-4975-0E50-DB2F8E6B9AE6}" = Catalyst Control Center Localization Thai
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D3FA1DCD-FDA7-451C-849E-18E7B13D1F14}" = Mototools Software Update
"{DA401137-8791-F77A-591C-F0BC3E7ED04E}" = Catalyst Control Center Localization Greek
"{DC9B7572-50C6-180D-916D-3E2CBD00C0C7}" = Catalyst Control Center Localization Japanese
"{DFCFF0F1-005D-E317-733D-8D19D54FBF08}" = Catalyst Control Center Localization Swedish
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E748D6A5-D03D-BDE1-C094-DAE3F5BCEEF6}" = Catalyst Control Center Graphics Previews Vista
"{E8316038-8C38-52A8-9014-FD35536567E8}" = Catalyst Control Center Localization Dutch
"{E96A0335-C6EA-D11A-3A49-8586A8FED544}" = ccc-core-static
"{E9E6642B-0714-37B4-0248-D036B60F8F12}" = CCC Help Korean
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F05E0039-D2A7-198B-B79E-285395EBB5BB}" = Catalyst Control Center Localization Italian
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F734CA55-0939-1F1A-A8B5-19B91B3D4B1F}" = Catalyst Control Center Localization Norwegian
"{FE4C0830-A0F3-B67E-93BC-21C4B0BB0267}" = CCC Help Hungarian
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Android SDK Tools" = Android SDK Tools
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MotoHelper" = MotoHelper 2.0.44 Driver 4.9.0
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"UltraISO_is1" = UltraISO Premium V9.36
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2011 1:11:33 PM | Computer Name = tekki-PC | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
Class not registered .

Error - 3/24/2011 1:11:33 PM | Computer Name = tekki-PC | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.HistoryHandler cannot be loaded. Error description:
Class not registered .

Error - 3/24/2011 1:11:33 PM | Computer Name = tekki-PC | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
Class not registered .

Error - 3/24/2011 1:23:12 PM | Computer Name = tekki-PC | Source = LoadPerf | ID = 3002
Description =

Error - 3/24/2011 2:03:14 PM | Computer Name = tekki-PC | Source = ESENT | ID = 215
Description = WinMail (2600) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 3/24/2011 2:08:50 PM | Computer Name = tekki-PC | Source = LoadPerf | ID = 3002
Description =

Error - 3/24/2011 2:17:18 PM | Computer Name = tekki-PC | Source = LoadPerf | ID = 3002
Description =

Error - 3/24/2011 2:17:19 PM | Computer Name = tekki-PC | Source = LoadPerf | ID = 3002
Description =

Error - 3/24/2011 2:21:28 PM | Computer Name = tekki-PC | Source = LoadPerf | ID = 3002
Description =

Error - 3/24/2011 2:54:33 PM | Computer Name = tekki-PC | Source = LoadPerf | ID = 3002
Description =

[ System Events ]
Error - 3/30/2011 7:07:14 PM | Computer Name = tekki-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:04:51 PM on 3/30/2011 was unexpected.

Error - 3/30/2011 7:07:07 PM | Computer Name = tekki-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/30/2011 7:08:40 PM | Computer Name = tekki-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/30/2011 8:41:37 PM | Computer Name = tekki-PC | Source = DCOM | ID = 10010
Description =

Error - 3/30/2011 10:09:17 PM | Computer Name = tekki-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/30/2011 10:10:53 PM | Computer Name = tekki-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/30/2011 10:21:21 PM | Computer Name = tekki-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/30/2011 10:21:41 PM | Computer Name = tekki-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:19:26 PM on 3/30/2011 was unexpected.

Error - 3/30/2011 10:21:28 PM | Computer Name = tekki-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/30/2011 10:23:13 PM | Computer Name = tekki-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 31 March 2011 - 05:41 PM

Hello, Whatareyoudoingdave.

What caused you to think you have an unknown trojan? Those symptoms will help me diagnose it. If it's the GMER blue screen, that is extremely common with GMER and not virus related.


I do see you have IOBit's Advanced System Care 3. This is questionable software and has been caught stealing other's intellectual property (virus definitions). See here for more information In addition, it contains a registry cleaner, please see the warning below about registry cleaners. I do suggest you uninstall this program.




Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case Advanced SystemCare 3). Here at BC, we do not recommend using registry cleaners. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578

Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578




Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1


I see Combofix on your machine. have you ran it? If not, please do not run it yet. If you have, can you please post the contents of the logfile at C:\combofix.txt. If it's not there, please look in C:\Qoobox\ for Combofix1.txt through Combofix5.txt and attach any that may be there.





Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares

Edited by etavares, 31 March 2011 - 05:41 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 Whatareyoudoingdave

Whatareyoudoingdave
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 31 March 2011 - 07:57 PM

This is a relatives computer, it did have some performance issues.

I wont be too detailed but I will go through all the steps that I took:

  • I Uninstalled Macafee
  • I Installed Avast
    • a. a full Avast boot time scan revealed, 15 or so, malware and these were removed.
      (I Like to be thorough so I continued to do more scans)
  • I ran GMER and it blue screened.
  • I ran DDS and it hangs for a minute or two and then windows freezes.
  • I searched bleeping computers forms for like situations and I found none that were relative
  • I installed Malware bytes, and every-time I installed database updates before a scan the database version reverted to database 6220. (and never told me that the latest database was installed)
  • I created a VistaPE boot disk with Winbuilder and included Spybot and Sophos Antivirus in the build.
  • I booted on the disk and ran the scans and found nothing.
  • I tried to run GMER and DDS and update Malware bytes with the same problem.
  • I created this thread " Unknown Trojan ". And told my relative to wait a few days for communication.
  • Said "Relative" asked for a second opinion, from GeekSquad, and I "Think" they tried to run ComboFix but I don't see any logs in the Qoobox folder.
    • Geek squad told my relative that they needed to reinstall windows and that my relative would looses all her data.
    • Sub folders do exist in the Qoobox folder : TestC, Test, Quarantine, LastRun and BackEnv.
      the BackEnv folder contains *.DAT files
      the Quarantine folder contains folders C and Registry_backups. also it contains catchme.log with one entry
      -------- 2011-03-27 - 05:35:20 ------------
      all other folders were empty so, I do not think it completed.

I Just now I updated Malware bytes and got database version 6230 and I am performing a full scan. I will post results when complete.
I will also remove Advanced System Care.

#7 Whatareyoudoingdave

Whatareyoudoingdave
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 31 March 2011 - 09:28 PM

MBAM Log :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6230

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/31/2011 10:04:33 PM
mbam-log-2011-03-31 (22-04-33).txt

Scan type: Full scan (C:\|)
Objects scanned: 308440
Time elapsed: 1 hour(s), 34 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 01 April 2011 - 05:58 PM

Hello, Whatareyoudoingdave.

OK since you have the C folder, it did remove something. Let's take a look..I'm trying to understand what we are dealing with here. Do you have any logs from the Avast scan showing what it found?

So, let's see what Combofix did.

Please click Start --> type cmd in the box and wait for a second. Under Programs, right-click cmd and select Run as Administrator. At the prompt, type the following bold text (or copy/paste using the mouse) and press Enter:

dir c:\qoobox\ /s > "%USERPROFILE%\Desktop\DirLook.txt"

Then, please attach the DirLook.txt file that will appear on your desktop.


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 Whatareyoudoingdave

Whatareyoudoingdave
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 01 April 2011 - 06:13 PM

Hi etavares,

I looked through Avast and the original Log for the first boot time scan is missing. In fact Avast Alerted me to do the boot time scan as soon as it was done installing because it "Detected root kit activity". And now all the logs say are "No Virus Found", and all the STATISTICS are zero.

I have attached the DirLook.txt

thanks for all your help so far.

Attached Files



#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 01 April 2011 - 06:17 PM

Hello, Whatareyoudoingdave.
OK, it ran, maybe to completion, maybe not. Please delete your copy of Combofix if it's still on your desktop, download a fresh one and rename as below.



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 Whatareyoudoingdave

Whatareyoudoingdave
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 01 April 2011 - 07:17 PM

Ok etavares,

I saved Combofix as etavaresCF.exe, followed your instructions. and I followed the prompts.
  • It did not ask me to install the 'Windows Recovery Console' and it is not installed in the boot menu.
  • It Hung and froze the computer when it sad it was scanning the computer, I left it for an hour and I did not see any steps completed.
  • I had to force the computer to shutdown and when it rebooted an error windows appeared: "handleviewer failed" I clicked "Check for a solution for this problem" but it never continued to "Check for a solution" as you would expect it to.

Exact Error:
Faulting application handle.cfxxe, version 3.42.0.0, time stamp 0x492312a9, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000005, fault offset 0x00030cfa, process id 0xa6c, application start time 0x01cbf0c763bd4f41.

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 02 April 2011 - 09:26 AM

Hello, Whatareyoudoingdave.

OK, CF can do that sometimes. No worries. Let's try a different tack.



Step 1

You are using and outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.

Please download the latest version from:
http://get.adobe.com/reader/download/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.


You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

Please download TFC by OldTimer and save it to your desktop.
alternate download link


  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista or Windows 7, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.




Step 3

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 Whatareyoudoingdave

Whatareyoudoingdave
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 02 April 2011 - 08:33 PM

Hi etavares,

thanks for the help so far.

I updated Adobe as instructed and ran ESET via the smart installer.

ESET found nothing and it did not give the way to save the Log File.

I found a log file in the ESET program folder and I am not sure if it is what you are looking for:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=17a08abf5882c846937a6fcbbc47d4ae
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-02 11:53:42
# local_time=2011-04-02 07:53:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 138387647 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=168015
# found=0
# cleaned=0
# scan_time=8346

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 03 April 2011 - 08:14 AM

It does appear your system is clean, but I am still a bit concerned that DDS and Combofix aren't running. I'm much less concerned about GMER crashing...that's extremely common and related to what GMER does to look for rootkits.

When you run DDS, do you see a progress bar increasing before it hangs or does it hang instantly? My guess is that your antivirus program is interfering with it, but it runs fine for me with Avast. Does DDS run in Safe Mode?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 Whatareyoudoingdave

Whatareyoudoingdave
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 03 April 2011 - 10:05 AM

this is about how far dds gets:

Posted Image

I counted 52 colons when the computer was frozen. I tested and counted 3 times.

Safemode results are the same. :(

Edited by Whatareyoudoingdave, 03 April 2011 - 10:17 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users