Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

internet crime complaint center virus


  • This topic is locked This topic is locked
11 replies to this topic

#1 jhonn

jhonn

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 15 March 2013 - 09:18 AM

Hey guys, im having  the same trouble with my friend pc.

Already run the FRST and get this log

 

Here is the only place i found some useful help. Thank you!

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013
Ran by SYSTEM at 15-03-2013 10:54:22
Running from I:\
Microsoft Windows XP  Service Pack 1 (X86) OS Language: Portuguese Standard 
The current controlset is ControlSet001
 
==================== Registry (Whitelisted) ===================
 
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [ROC_roc_dec12] "C:\Arquivos de programas\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
HKLM\...\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [BCSSync] "C:\Arquivos de programas\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\Balbino\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Balbino\...\Run: [Facebook Update] "C:\Documents and Settings\Balbino\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-09-25] (Facebook Inc.)
HKU\Balbino\...\Run: [otzy.exe] "C:\Documents and Settings\Balbino\Dados de aplicativos\Vuvi\otzy.exe" [208499 2012-02-29] ()
HKU\Balbino\...\Run: [AdobeBridge]  [x]
HKLM\...\Policies\Explorer\Run: [768] C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msnzosirk.exe [1071813 2012-06-02] (Adobe Systems Inc)
HKLM\...\Winlogon: [Shell] Explorer.exe, C:\Documents and Settings\All Users\Dados de aplicativos\t5ggctg [x ] ()
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Lsa: [Authentication Packages] msv1_0 nwprovau
 
==================== Services (Whitelisted) ===================
 
2 Apple Mobile Device; "C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [55184 2012-08-11] (Apple Inc.)
2 avgwd; "C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 Bonjour Service; "C:\Arquivos de programas\Bonjour\mDNSResponder.exe" [390504 2011-08-31] (Apple Inc.)
2 cvhsvc; "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [822624 2012-01-04] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\services.exe [111104 2009-02-09] (Microsoft Corporation)
2 GEST Service; "C:\Arquivos de programas\GIGABYTE\EnergySaver\GSvr.exe" [68136 2008-09-24] ()
2 gupdate; "C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc [136176 2012-02-12] (Google Inc.)
3 gupdatem; "C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc [136176 2012-02-12] (Google Inc.)
3 iPod Service; "C:\Arquivos de programas\iPod\bin\iPodService.exe" [553440 2012-12-12] (Apple Inc.)
3 Microsoft SharePoint Workspace Audit Service; "C:\Arquivos de programas\Microsoft Office\Office14\GROOVE.EXE" /auditservice [30785672 2012-09-20] (Microsoft Corporation)
3 MozillaMaintenance; "C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe" [115608 2013-02-20] (Mozilla Foundation)
3 NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-05] (Nero AG)
3 NMIndexingService; "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe" [262144 2006-12-23] (Nero AG)
3 npggsvc; C:\WINDOWS\system32\GameMon.des -service [2755797 2009-05-17] (INCA Internet Co., Ltd.)
2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
3 ose; "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE" [149352 2010-01-10] (Microsoft Corporation)
3 osppsvc; "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-10] (Microsoft Corporation)
2 RichVideo; "C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe" [167936 2005-08-07] ()
2 sftlist; "C:\Arquivos de programas\Microsoft Application Virtualization Client\sftlist.exe" [508776 2011-10-01] (Microsoft Corporation)
3 sftvsa; "C:\Arquivos de programas\Microsoft Application Virtualization Client\sftvsa.exe" [219496 2011-10-01] (Microsoft Corporation)
2 SkypeUpdate; "C:\Arquivos de programas\Skype\Updater\Updater.exe" [161536 2013-01-08] (Skype Technologies)
3 Steam Client Service; C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe /RunAsService [407336 2011-03-16] (Valve Corporation)
3 SwitchBoard; "C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
2 TeamViewer8; "C:\Arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe" [3467768 2012-12-14] (TeamViewer GmbH)
3 WMPNetworkSvc; "C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe" [914944 2006-11-03] (Microsoft Corporation)
4 AVGIDSAgent; "C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe" [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
4 vToolbarUpdater14.0.1; C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2009-08-24] (Meetinghouse Data Communications)
3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [19200 2006-05-01] (SlySoft, Inc.)
3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [6554624 2011-05-25] (ATI Technologies Inc.)
3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101392 2011-03-30] (Advanced Micro Devices)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134608 2011-07-11] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [23120 2011-07-11] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24272 2011-07-11] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [16720 2011-10-04] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [230608 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [40016 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [295248 2011-07-11] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [31576 2013-01-25] ()
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [8064 2006-04-22] (Elaborate Bytes AG)
3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [4608 2005-04-12] (Elaborate Bytes AG)
1 FsVga; C:\Windows\System32\DRIVERS\fsvga.sys [12416 2001-10-28] (Microsoft Corporation)
3 gdrv; \??\C:\WINDOWS\gdrv.sys [16608 2013-03-15] (Windows ® 2000 DDK provider)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
1 ISODrive; \??\C:\Arquivos de programas\UltraISO\drivers\ISODrive.sys [73728 2008-05-25] (EZB Systems, Inc.)
3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2004-10-08] (Logitech Inc.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-10-28] (Microsoft Corporation)
2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-10-28] (Microsoft Corporation)
3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
3 QCMerced; C:\Windows\System32\DRIVERS\LVCM.sys [585824 2004-10-08] ()
3 RT73; C:\Windows\System32\DRIVERS\rt73.sys [451968 2007-10-01] (Ralink Technology, Corp.)
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [111360 2008-08-07] (Realtek Semiconductor Corporation                           )
3 Sftfs; C:\Windows\System32\DRIVERS\Sftfsxp.sys [584680 2011-10-01] (Microsoft Corporation)
3 Sftplay; C:\Windows\System32\DRIVERS\Sftplayxp.sys [209512 2011-10-01] (Microsoft Corporation)
3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirxp.sys [20584 2011-10-01] (Microsoft Corporation)
3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolxp.sys [18280 2011-10-01] (Microsoft Corporation)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows ® Codename Longhorn DDK provider)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows ® Codename Longhorn DDK provider)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk;  [x]
4 abp480n5;  [x]
4 adpu160m;  [x]
4 Aha154x;  [x]
4 aic78u2;  [x]
4 aic78xx;  [x]
4 AliIde;  [x]
4 amsint;  [x]
4 asc;  [x]
4 asc3350p;  [x]
4 asc3550;  [x]
4 Atdisk;  [x]
4 cd20xrnt;  [x]
1 Changer;  [x]
4 CmdIde;  [x]
4 Cpqarray;  [x]
4 dac2w2k;  [x]
4 dac960nt;  [x]
4 dpti2o;  [x]
3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [x]
3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [x]
4 hpn;  [x]
1 i2omgmt;  [x]
4 i2omp;  [x]
4 ini910u;  [x]
4 IntelIde;  [x]
1 lbrtfdc;  [x]
4 mraid35x;  [x]
1 PCIDump;  [x]
3 PDCOMP;  [x]
3 PDFRAME;  [x]
3 PDRELI;  [x]
3 PDRFRAME;  [x]
4 perc2;  [x]
4 perc2hib;  [x]
4 ql1080;  [x]
4 Ql10wnt;  [x]
4 ql12160;  [x]
4 ql1240;  [x]
4 ql1280;  [x]
4 Simbad;  [x]
4 Sparrow;  [x]
4 symc810;  [x]
4 symc8xx;  [x]
4 sym_hi;  [x]
4 sym_u3;  [x]
4 TosIde;  [x]
4 ultra;  [x]
4 ViaIde;  [x]
3 WDICA;  [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-03-15 13:07 - 2013-03-15 13:07 - 00000017 ____A C:\Windows\System32\shortcut_ex.dat
2013-03-15 12:13 - 2013-03-15 12:13 - 00000000 ____D C:\Windows\CSC
2013-03-15 11:42 - 2008-04-14 02:20 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\hidserv.dll
2013-03-15 11:42 - 2008-04-14 01:58 - 00014720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2013-03-15 10:50 - 2013-03-15 10:50 - 00000000 ____D C:\FRST
2013-03-02 15:03 - 2013-03-02 15:04 - 00006043 ____A C:\Windows\KB2618451.log
2013-03-02 06:37 - 2013-03-02 05:40 - 00002483 ____A C:\Documents and Settings\Balbino\Desktop\Microsoft Excel 2010.lnk
2013-03-02 06:37 - 2013-03-02 05:39 - 00002551 ____A C:\Documents and Settings\Balbino\Desktop\Microsoft Word 2010.lnk
2013-03-02 06:36 - 2013-03-02 06:36 - 00000904 ____A C:\Documents and Settings\Balbino\Desktop\Atalho para Photoshop.exe.lnk
2013-03-02 06:12 - 2013-03-08 05:00 - 00000368 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-HOME-Balbino.job
2013-03-02 05:38 - 2013-03-15 13:35 - 00000266 ____A C:\Windows\Tasks\AutoKMS.job
2013-03-02 05:38 - 2013-03-02 05:46 - 00000000 ____D C:\Windows\AutoKMS
2013-02-13 05:08 - 2013-02-13 05:08 - 00014468 ____A C:\Windows\KB2797052-IE8.log
2013-02-13 05:08 - 2013-02-13 05:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-02-13 05:08 - 2013-02-13 05:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2799494$
2013-02-13 05:08 - 2013-02-13 05:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2778344$
2013-02-13 05:07 - 2013-02-13 05:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-02-13 05:05 - 2013-02-13 05:07 - 00017998 ____A C:\Windows\KB2792100-IE8.log
 
==================== One Month Modified Files and Folders ========
 
2013-03-15 13:40 - 2009-05-08 18:47 - 00032428 ____A C:\Windows\SchedLgU.Txt
2013-03-15 13:40 - 2009-05-08 18:47 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-15 13:40 - 2009-05-08 18:43 - 01710347 ____A C:\Windows\WindowsUpdate.log
2013-03-15 13:40 - 2009-05-08 15:39 - 00000216 ____A C:\Windows\wiadebug.log
2013-03-15 13:39 - 2010-02-13 11:30 - 00000458 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{5AE60789-4F20-4687-AE6A-5ED75A7DD37C}.job
2013-03-15 13:39 - 2009-05-08 18:47 - 00000210 __ASH C:\Documents and Settings\Balbino\ntuser.ini
2013-03-15 13:35 - 2013-03-02 05:38 - 00000266 ____A C:\Windows\Tasks\AutoKMS.job
2013-03-15 13:35 - 2012-09-22 02:58 - 00098111 ____A C:\Windows\setupapi.log
2013-03-15 13:34 - 2012-10-01 14:10 - 00000422 ____A C:\Windows\Tasks\AVG PC Tuneup Integrator Start On Balbino Logon.job
2013-03-15 13:34 - 2012-02-12 08:13 - 00000298 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-261903793-725345543-1003.job
2013-03-15 13:34 - 2011-04-03 10:22 - 00001070 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-15 13:34 - 2009-05-08 18:52 - 00016608 ____A (Windows ® 2000 DDK provider) C:\Windows\gdrv.sys
2013-03-15 13:34 - 2009-05-08 15:39 - 00000049 ____A C:\Windows\wiaservc.log
2013-03-15 13:07 - 2013-03-15 13:07 - 00000017 ____A C:\Windows\System32\shortcut_ex.dat
2013-03-15 12:13 - 2013-03-15 12:13 - 00000000 ____D C:\Windows\CSC
2013-03-15 11:42 - 2012-09-16 11:08 - 00000401 ____A C:\Windows\setupact.log
2013-03-15 11:22 - 2012-11-27 10:45 - 00000902 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-15 11:19 - 2001-10-28 18:07 - 00002262 ____A C:\Windows\System32\wpa.dbl
2013-03-15 10:50 - 2013-03-15 10:50 - 00000000 ____D C:\FRST
2013-03-08 13:56 - 2009-09-18 02:57 - 00001176 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-261903793-725345543-1003UA.job
2013-03-08 13:53 - 2011-04-03 10:22 - 00001074 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-08 12:22 - 2012-09-25 15:17 - 00001026 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796845957-261903793-725345543-1003UA.job
2013-03-08 10:56 - 2009-09-18 02:57 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-261903793-725345543-1003Core.job
2013-03-08 10:34 - 2009-05-08 18:47 - 00000210 __SHC C:\Documents and Settings\LocalService\ntuser.ini
2013-03-08 09:27 - 2009-05-08 18:47 - 00000000 ___HD C:\Documents and Settings\Balbino\Dados de aplicativos
2013-03-08 05:00 - 2013-03-02 06:12 - 00000368 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-HOME-Balbino.job
2013-03-06 07:01 - 2012-02-12 08:13 - 00000306 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-261903793-725345543-1003.job
2013-03-05 00:12 - 2010-08-01 23:55 - 00000300 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-03-03 08:15 - 2011-04-02 12:29 - 00000000 ____D C:\Windows\Microsoft.NET
2013-03-03 07:17 - 2009-05-08 15:37 - 01184694 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-03-03 07:17 - 2001-10-28 18:07 - 00532002 ___AC C:\Windows\System32\perfh016.dat
2013-03-03 07:17 - 2001-10-28 18:07 - 00096150 ___AC C:\Windows\System32\perfc016.dat
2013-03-03 06:03 - 2001-10-28 18:07 - 00000719 ____A C:\Windows\win.ini
2013-03-02 15:05 - 2012-09-16 11:12 - 00019767 ____A C:\Windows\KB2736233.log
2013-03-02 15:04 - 2013-03-02 15:03 - 00006043 ____A C:\Windows\KB2618451.log
2013-03-02 07:15 - 2009-05-08 15:34 - 03659840 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-02 06:36 - 2013-03-02 06:36 - 00000904 ____A C:\Documents and Settings\Balbino\Desktop\Atalho para Photoshop.exe.lnk
2013-03-02 06:02 - 2009-05-08 15:37 - 00000000 ___RD C:\Arquivos de programas
2013-03-02 05:46 - 2013-03-02 05:38 - 00000000 ____D C:\Windows\AutoKMS
2013-03-02 05:40 - 2013-03-02 06:37 - 00002483 ____A C:\Documents and Settings\Balbino\Desktop\Microsoft Excel 2010.lnk
2013-03-02 05:39 - 2013-03-02 06:37 - 00002551 ____A C:\Documents and Settings\Balbino\Desktop\Microsoft Word 2010.lnk
2013-03-02 05:22 - 2009-05-10 04:16 - 00000000 ____D C:\Windows\SHELLNEW
2013-03-02 04:09 - 2009-05-08 15:33 - 00000211 ___SH C:\boot.ini
2013-03-02 04:09 - 2001-10-28 18:07 - 00000246 ____A C:\Windows\system.ini
2013-03-02 03:30 - 2010-02-13 09:48 - 00000000 ____D C:\Windows\pss
2013-03-01 15:22 - 2012-09-25 15:17 - 00001004 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796845957-261903793-725345543-1003Core.job
2013-02-19 13:40 - 2011-08-23 11:09 - 00001725 ____A C:\Documents and Settings\Balbino\Desktop\Windows Live Messenger .lnk
2013-02-13 05:08 - 2013-02-13 05:08 - 00014468 ____A C:\Windows\KB2797052-IE8.log
2013-02-13 05:08 - 2013-02-13 05:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-02-13 05:08 - 2013-02-13 05:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2799494$
2013-02-13 05:08 - 2013-02-13 05:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2778344$
2013-02-13 05:08 - 2013-02-12 23:15 - 00020463 ____A C:\Windows\KB2799494.log
2013-02-13 05:08 - 2013-02-12 23:15 - 00019881 ____A C:\Windows\KB2778344.log
2013-02-13 05:08 - 2013-02-12 23:15 - 00018752 ____A C:\Windows\KB2802968.log
2013-02-13 05:08 - 2012-09-16 11:08 - 00211623 ____A C:\Windows\iis6.log
2013-02-13 05:08 - 2012-09-16 11:08 - 00197851 ____A C:\Windows\FaxSetup.log
2013-02-13 05:08 - 2012-09-16 11:08 - 00094592 ____A C:\Windows\ocgen.log
2013-02-13 05:08 - 2012-09-16 11:08 - 00090272 ____A C:\Windows\tsoc.log
2013-02-13 05:08 - 2012-09-16 11:08 - 00065538 ____A C:\Windows\comsetup.log
2013-02-13 05:08 - 2012-09-16 11:08 - 00061652 ____A C:\Windows\msmqinst.log
2013-02-13 05:08 - 2012-09-16 11:08 - 00039523 ____A C:\Windows\ntdtcsetup.log
2013-02-13 05:08 - 2012-09-16 11:08 - 00034656 ____A C:\Windows\netfxocm.log
2013-02-13 05:08 - 2012-09-16 11:08 - 00013600 ____A C:\Windows\MedCtrOC.log
2013-02-13 05:08 - 2012-09-16 11:08 - 00012352 ____A C:\Windows\ocmsn.log
2013-02-13 05:08 - 2012-09-16 11:08 - 00009952 ____A C:\Windows\tabletoc.log
2013-02-13 05:08 - 2012-09-16 11:08 - 00009888 ____A C:\Windows\msgsocm.log
2013-02-13 05:08 - 2012-09-16 11:08 - 00001374 ____A C:\Windows\imsins.log
2013-02-13 05:08 - 2012-02-17 05:01 - 00001374 ____A C:\Windows\imsins.BAK
2013-02-13 05:08 - 2009-05-23 05:37 - 67823584 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-13 05:08 - 2009-05-10 03:35 - 00000000 ___HD C:\Windows\$hf_mig$
2013-02-13 05:07 - 2013-02-13 05:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-02-13 05:07 - 2013-02-13 05:05 - 00017998 ____A C:\Windows\KB2792100-IE8.log
2013-02-13 05:07 - 2013-02-12 23:15 - 00018807 ____A C:\Windows\KB2780091.log
2013-02-13 05:07 - 2012-09-16 11:08 - 00018658 ____A C:\Windows\updspapi.log
 
 
==================== Known DLLs (Whitelisted) =================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe
[2004-08-04 03:45] - [2008-04-14 02:20] - 1035776 ____A (Microsoft Corporation) 064ec7ff5f58b928c3e119402977fa6d 
 
C:\Windows\System32\winlogon.exe
[2004-08-04 03:45] - [2008-04-14 02:21] - 0509952 ____A (Microsoft Corporation) 71d440f79b711627b12b567fb2eadb42 
 
C:\Windows\System32\svchost.exe
[2004-08-04 03:45] - [2008-04-14 02:21] - 0014336 ____A (Microsoft Corporation) ed2d69cd4b0ebe37efe11d4dc4abc68f 
 
C:\Windows\System32\services.exe
[2004-08-04 03:45] - [2009-02-09 11:25] - 0111104 ____A (Microsoft Corporation) c52deb6d8cd4b096bf1a9ec001f36507 
 
C:\Windows\System32\User32.dll
[2004-08-04 03:45] - [2008-04-14 02:20] - 0579072 ____A (Microsoft Corporation) 54907db28872a7a6d3ee2b4747a23828 
 
C:\Windows\System32\userinit.exe
[2004-08-04 03:45] - [2008-04-14 02:21] - 0026112 ____A (Microsoft Corporation) a7ea40f680163808d96f89b4ff991876 
 
C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 03:37] - [2008-04-14 01:53] - 0053248 ____A (Microsoft Corporation) eb6b1e2c984d84470ff4fe7ef98cd44a 
 
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 19%
Total physical RAM: 2046.49 MB
Available physical RAM: 1639.46 MB
Total Pagefile: 2046.49 MB
Available Pagefile: 1649.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.52 MB
 
==================== Partitions =============================
 
1 Drive c: () (Fixed) (Total:465.75 GB) (Free:88.92 GB) NTFS
2 Drive d: (GRMCULFRER_PT_DVD) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF
7 Drive i: () (Removable) (Total:15.09 GB) (Free:15 GB) NTFS
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
  Disco N§  Estado         Tamanho  Livre    Din  Gpt
  --------  -------------  -------  -------  ---  ---
  Disco 0    Online          465 GB  7168 KB         
  Disco 1    Sem suportes       0 B      0 B         
  Disco 2    Sem suportes       0 B      0 B         
  Disco 3    Sem suportes       0 B      0 B         
  Disco 4    Sem suportes       0 B      0 B         
  Disco 5    Online           15 GB      0 B         
 
Partitions of Disk 0:
===============
 
ID do Disco: 2C4E5248
 
  Parti‡Æo  N§.  Tipo              Tam      Desl
  -------------  ----------------  -------  -------
  Parti‡Æo 1    Principal          465 GB    31 KB
 
=========================================================
 
Disk: 0
Parti‡Æo 1
Tipo  : 07
Oculto: NÆo
Activo: Sim
Deslocamento em Bytes: 32256
 
  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 1     C                NTFS   Parti‡Æo     465 GB  Bom Estad          
 
=========================================================
 
Partitions of Disk 5:
===============
 
ID do Disco: C3072E18
 
  Parti‡Æo  N§.  Tipo              Tam      Desl
  -------------  ----------------  -------  -------
  Parti‡Æo 1    Principal           15 GB   952 KB
 
=========================================================
 
Disk: 5
Parti‡Æo 1
Tipo  : 07
Oculto: NÆo
Activo: Sim
Deslocamento em Bytes: 974848
 
  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 6     I                NTFS   Amov¡vel      15 GB  Bom Estad          
 
=========================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: 2C4E5248
 
Partition 1:
=========
Hex: 8001010007FEFFFF3F000000410D383A
Active: YES
Type: 07 (NTFS)
Size: 466 GB
 
==============================
Partitions of Disk 5:
===============
Disk ID: C3072E18
 
Partition 1:
=========
Hex: 801E0F0007FEFFFF7007000090F8E201
Active: YES
Type: 07 (NTFS)
Size: 15 GB
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:07 PM

Posted 15 March 2013 - 09:56 AM


Hello jhonn

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
 
HKLM\...\Policies\Explorer\Run: [768] C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msnzosirk.exe [1071813 2012-06-02] (Adobe Systems Inc)
HKLM\...\Winlogon: [Shell] Explorer.exe, C:\Documents and Settings\All Users\Dados de aplicativos\t5ggctg [x ] ()
HKU\Balbino\...\Run: [otzy.exe] "C:\Documents and Settings\Balbino\Dados de aplicativos\Vuvi\otzy.exe" [208499 2012-02-29] ()
C:\Documents and Settings\Balbino\Dados de aplicativos\Vuvi\otzy.exe
C:\Documents and Settings\All Users\Dados de aplicativos\t5ggctg
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jhonn

jhonn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 15 March 2013 - 08:15 PM

Got it. Thank you very much Gringo.

Gonna try this now.



#4 jhonn

jhonn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 15 March 2013 - 08:26 PM

OK, everything looks normal now. Not pops up now.

Here is the log 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2013
Ran by SYSTEM at 2013-03-15 22:17:14 Run:1
Running from I:\
 
==============================================
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\768 Value not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored successfully .
HKEY_USERS\Balbino\Software\Microsoft\Windows\CurrentVersion\Run\\otzy.exe Value deleted successfully.
C:\Documents and Settings\Balbino\Dados de aplicativos\Vuvi\otzy.exe moved successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\t5ggctg not found.
 
==== End of Fixlog ====
 
 
 
Man, you saved me, hahaha. Thank you very much.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:07 PM

Posted 15 March 2013 - 08:36 PM


Hello jhonn


These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.


-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 jhonn

jhonn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 16 March 2013 - 04:11 AM

Ok, already did that, and these 2 programs found malicious files and deleted them all.

Everything running fine now.

Thank you very much



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:07 PM

Posted 16 March 2013 - 05:28 AM

can you please send me the reports so I can decide if I need to run more scans
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 jhonn

jhonn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 18 March 2013 - 08:31 PM

Sorry for this late reply, i had conexions troubles theses days.

Everything its fine now, no more problems. I also run spybot and not was found.

Thank you very much!!!



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:07 PM

Posted 18 March 2013 - 09:14 PM

that was only a small part of the fix - but it is your computer



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 jhonn

jhonn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 20 March 2013 - 01:38 AM

Really? Do you thin still have some danger to be occur? 



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:07 PM

Posted 20 March 2013 - 08:35 AM

I have seen it come back when everything was not checked - we still havent addressed how it may have gotten on the computer in the first place

I even go thru and make sure key programs are updated - it is not run one program and we are done, there is allot more to it than that



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:07 PM

Posted 23 March 2013 - 11:20 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users