Jump to content

Possible Tdl3 Rootkit Infection !


eusebios
 Share

Recommended Posts

Hi. :)

 

I try to remove AVAST! but it gave me an error as well as SAC.

OK lets proceed as follows shall we...

 

Please download the Avast Removal Tool to your desktop.

 

Next:

 

Now I will be asking you to boot into Safe Mode for the next part of the fix. It may prove beneficial if you print of the following instructions or save them to notepad as you will not have Internet access whilst in the aforementioned safe mode.

 

How to boot into Safe Mode:

 

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode, do so.

 

If any problems refer to this tutorial.

 

In safe mode carry out the following:

 

Double-click on aswclear.exe and select your Anti-Virus version from the drop down menu then click on Uninstall.

 

Close the application and reboot(restart) your machine back into Normal Mode manually if not prompted to do so.

 

Next:

 

Proceed with the prior OTL instructions.

Link to comment
Share on other sites

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Hi Dakeyras,

 

Cool, the remover completed fine, thanks!

 

Here are the OTL logs:

 

 

OTL logfile created on: 8/15/2011 4:36:19 PM - Run 1

OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\Tamtum\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.49 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 65.37% Memory free

6.08 Gb Paging File | 4.88 Gb Available in Paging File | 80.36% Paging File free

Paging file location(s): C:\pagefile.sys 3826 4096 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.24 Gb Total Space | 5.43 Gb Free Space | 14.58% Space Free | Partition Type: NTFS

Drive E: | 111.79 Gb Total Space | 27.58 Gb Free Space | 24.67% Space Free | Partition Type: NTFS

 

Computer Name: CHICHITOS | User Name: Tamtum | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Tamtum\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe (Nitro PDF Software)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\SRWare Iron\iron.exe (SRWare)

PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\Sound Control\sc.exe ()

PRC - C:\WINDOWS\vmsnap3.exe (ZSMCSNAP)

PRC - C:\WINDOWS\Domino.exe (Vimicro)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

PRC - C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe (Hewlett-Packard)

PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files\SRWare Iron\locales\en-US.dll ()

MOD - C:\Program Files\SRWare Iron\avcodec-52.dll ()

MOD - C:\Program Files\SRWare Iron\avformat-52.dll ()

MOD - C:\Program Files\SRWare Iron\avutil-50.dll ()

MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\WINDOWS\system32\Primomonnt.dll ()

MOD - C:\Program Files\Sound Control\sc.exe ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe (Nitro PDF Software)

SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (MpKsl15571960) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8958A6C1-4D3B-476B-8A17-861A984FAE97}\MpKsl15571960.sys (Microsoft Corporation)

DRV - (HWiNFO32) -- C:\Program Files\HWiNFO32\HWiNFO32.SYS (REALiX)

DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)

DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)

DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (vvftav303) -- C:\WINDOWS\system32\drivers\vvftav303.sys (Vimicro Corporation)

DRV - (ZSMC0303) -- C:\WINDOWS\system32\drivers\usbVM303.sys (Vimicro Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.refdesk.com/"

FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2

FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0

FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76

FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19

FF - prefs.js..extensions.enabledItems: autoproxy@autoproxy.org:0.4b2.2011041023

FF - prefs.js..extensions.enabledItems: amin.eft_PhProxy@gmail.com:4.0.1B

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94

FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76

FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - prefs.js..network.proxy.http: "localhost"

FF - prefs.js..network.proxy.http_port: 9666

FF - prefs.js..network.proxy.socks: "localhost"

FF - prefs.js..network.proxy.socks_port: 9050

FF - prefs.js..network.proxy.socks_remote_dns: true

FF - prefs.js..network.proxy.ssl: "localhost"

FF - prefs.js..network.proxy.ssl_port: 9666

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Documents and Settings\Tamtum\My Documents\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Documents and Settings\Tamtum\My Documents\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Documents and Settings\Tamtum\My Documents\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll ( )

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/20 13:49:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/26 00:28:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/26 00:28:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 09:21:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 08:03:17 | 000,000,000 | ---D | M]

 

[2009/11/23 21:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tamtum\Application Data\Mozilla\Extensions

[2011/08/08 15:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tamtum\Application Data\Mozilla\Firefox\Profiles\635rnjf1.default\extensions

[2010/07/08 06:56:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tamtum\Application Data\Mozilla\Firefox\Profiles\635rnjf1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/07/08 07:00:14 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Tamtum\Application Data\Mozilla\Firefox\Profiles\635rnjf1.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

[2010/07/08 06:44:03 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Documents and Settings\Tamtum\Application Data\Mozilla\Firefox\Profiles\635rnjf1.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}

[2011/06/28 09:23:38 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Tamtum\Application Data\Mozilla\Firefox\Profiles\635rnjf1.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

[2010/07/08 06:56:49 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Tamtum\Application Data\Mozilla\Firefox\Profiles\635rnjf1.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}

[2010/07/13 16:54:21 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Documents and Settings\Tamtum\Application Data\Mozilla\Firefox\Profiles\635rnjf1.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}

[2009/11/24 00:34:50 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Tamtum\Application Data\Mozilla\Firefox\Profiles\635rnjf1.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}

[2011/06/28 09:06:35 | 000,000,000 | ---D | M] (PhZilla) -- C:\Documents and Settings\Tamtum\Application Data\Mozilla\Firefox\Profiles\635rnjf1.default\extensions\amin.eft_PhProxy@gmail.com

[2011/04/26 09:14:14 | 000,000,000 | ---D | M] (AutoProxy) -- C:\Documents and Settings\Tamtum\Application Data\Mozilla\Firefox\Profiles\635rnjf1.default\extensions\autoproxy@autoproxy.org

[2010/07/08 06:56:47 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Documents and Settings\Tamtum\Application Data\Mozilla\Firefox\Profiles\635rnjf1.default\extensions\noia2_option@kk.noia

[2011/08/08 15:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tamtum\Application Data\Mozilla\Firefox\Profiles\635rnjf1.default\extensions\staged

[2011/07/24 02:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/04/11 00:05:12 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/06/28 18:33:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/06 19:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/12/04 20:45:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/16 15:53:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/03/01 07:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/07/24 02:44:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

File not found (No name found) --

[2010/06/28 18:32:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/06/28 09:21:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

 

O1 HOSTS File: ([2011/08/08 14:41:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (ViewerHelper Class) - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.exe (Vimicro)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

O4 - HKLM..\Run: [iTunesHelper] File not found

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [setRefresh] c:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe ()

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\vmsnap3.exe (ZSMCSNAP)

O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sound Control.lnk = C:\Program Files\Sound Control\sc.exe ()

O4 - Startup: C:\Documents and Settings\Tamtum\Start Menu\Programs\Startup\FreeRapid 0.85u1.lnk = C:\Documents and Settings\Tamtum\My Documents\Downloads\FreeRapid-0.85u1\frd.exe (Vity)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetAllUrl.htm ()

O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetAllUrl.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 63.245.32.5 24.138.234.252 63.245.32.11

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\rmh {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\application/msword {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/vnd.ms-excel {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/vnd.ms-powerpoint {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/vnd-viewer {CD4527E8-4FC7-48DB-9806-10537B501237} - C:\Program Files\Microsoft\Rights Management Add-on\rmadoc.exe (Microsoft Corporation)

O18 - Protocol\Filter\application/x-microsoft-rpmsg-message {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Tamtum\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tamtum\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/11/23 19:01:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/08/15 15:40:01 | 000,306,736 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Tamtum\Desktop\aswclear.exe

[2011/08/15 13:16:41 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tamtum\Desktop\OTL.exe

[2011/08/15 12:24:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tamtum\Recent

[2011/08/11 20:12:38 | 000,000,000 | ---D | C] -- C:\_OTM

[2011/08/11 20:06:04 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tamtum\Desktop\OTM.exe

[2011/08/09 23:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/08/09 00:39:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/08/09 00:04:05 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Tamtum\Desktop\ATF-Cleaner.exe

[2011/08/07 17:58:13 | 000,017,712 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalui2.dll

[2011/08/07 17:58:12 | 000,026,416 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalmon2.dll

[2011/08/07 17:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF

[2011/08/07 17:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamtum\Application Data\Downloaded Installations

[2011/08/07 14:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP

[2011/08/07 14:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamtum\Application Data\HpUpdate

[2011/08/07 14:45:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard

[2011/08/06 18:39:11 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/08/06 18:26:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/08/06 18:26:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/08/06 18:26:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/08/06 18:26:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/08/06 18:26:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/08/06 18:22:37 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/08/06 18:14:26 | 004,165,920 | R--- | C] (Swearware) -- C:\Documents and Settings\Tamtum\Desktop\ComboFix.exe

[2011/08/04 21:07:34 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tamtum\Desktop\TDSSKiller.exe

[2011/08/03 19:20:01 | 000,607,017 | ---- | C] (Swearware) -- C:\Documents and Settings\Tamtum\Desktop\dds.com

[2011/08/03 19:19:49 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Tamtum\Desktop\dds.scr

[2011/08/03 18:34:39 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Tamtum\Desktop\aswMBR.exe

[2011/08/02 17:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN

[2011/08/02 16:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamtum\SecurityScans

[2011/08/01 15:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UAB

[2011/08/01 15:36:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamtum\Local Settings\Application Data\PC_Drivers_Headquarters

[2011/08/01 15:36:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2011/08/01 15:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Detective

[2011/08/01 15:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters

[2011/08/01 14:32:49 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2011/08/01 11:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamtum\Start Menu\Programs\HiJackThis

[2011/08/01 11:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/08/01 09:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamtum\Start Menu\Programs\Event Log Explorer

[2011/08/01 09:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Event Log Explorer

[2011/08/01 08:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamtum\Local Settings\Application Data\jsisoft.com

[2011/08/01 08:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HeavyLoad

[2011/07/31 10:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HWiNFO32

[2011/07/31 10:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO32

[2011/07/24 02:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/07/24 02:44:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/07/24 02:44:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/07/24 02:44:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[1 C:\Documents and Settings\Tamtum\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Tamtum\Local Settings\Application Data\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/08/15 16:33:39 | 000,000,357 | ---- | M] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Desktop.lnk

[2011/08/15 16:28:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/08/15 16:21:08 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/08/15 16:16:32 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1326574676-1606980848-1003.job

[2011/08/15 16:16:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/08/15 16:16:11 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-1326574676-1606980848-1003.job

[2011/08/15 16:15:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/08/15 16:13:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/08/15 16:11:09 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2011/08/15 15:39:49 | 000,306,736 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Tamtum\Desktop\aswclear.exe

[2011/08/15 15:17:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/08/15 15:17:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C811EDAD-BA87-4726-801F-37239CB52CBD}.job

[2011/08/15 13:29:57 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Event Viewer (2).lnk

[2011/08/15 13:16:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tamtum\Desktop\OTL.exe

[2011/08/15 13:16:06 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\Tamtum\Desktop\SecurityCheck.exe

[2011/08/15 10:04:53 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Sign In.lnk

[2011/08/14 21:01:08 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Welcome to Facebook - Log In_ Sign Up or Learn More.lnk

[2011/08/13 21:23:02 | 000,001,979 | ---- | M] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Farmtown Gift Links - Hot Dog Sausage (1).lnk

[2011/08/11 20:28:41 | 000,000,321 | ---- | M] () -- C:\Documents and Settings\Tamtum\Desktop\Shortcut to Desktop.lnk

[2011/08/11 20:12:40 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Anti-Malware.job

[2011/08/11 20:06:09 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tamtum\Desktop\OTM.exe

[2011/08/10 17:30:37 | 000,433,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/08/10 17:30:37 | 000,068,082 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/08/09 23:43:23 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2011/08/09 23:10:09 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/08/09 10:02:17 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Tamtum\Local Settings\Application Data\PUTTY.RND

[2011/08/09 00:20:14 | 000,029,362 | ---- | M] () -- C:\Documents and Settings\Tamtum\Desktop\Rootkit_Unhooker

[2011/08/09 00:04:08 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Tamtum\Desktop\ATF-Cleaner.exe

[2011/08/09 00:02:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Tamtum\Desktop\MBRCheck.exe

[2011/08/09 00:01:57 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Tamtum\Desktop\RKUnhookerLE.EXE

[2011/08/08 14:41:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/08/08 12:19:34 | 002,514,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/08/07 17:58:02 | 000,001,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nitro PDF Reader.lnk

[2011/08/06 18:15:39 | 004,165,920 | R--- | M] (Swearware) -- C:\Documents and Settings\Tamtum\Desktop\ComboFix.exe

[2011/08/04 23:09:52 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\Tamtum\Desktop\Gadwin PrintScreen.lnk

[2011/08/04 18:03:25 | 001,388,094 | ---- | M] () -- C:\Documents and Settings\Tamtum\Desktop\tdsskiller.zip

[2011/08/04 18:02:30 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\Tamtum\Desktop\CKScanner.exe

[2011/08/04 10:42:45 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk

[2011/08/04 06:59:22 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2011/08/04 05:44:55 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Tamtum\Desktop\MBR.dat

[2011/08/03 19:40:15 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Tamtum\Desktop\dds.scr

[2011/08/03 19:20:24 | 000,607,017 | ---- | M] (Swearware) -- C:\Documents and Settings\Tamtum\Desktop\dds.com

[2011/08/03 18:56:03 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Tamtum\Desktop\gmer.exe

[2011/08/03 18:54:59 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Tamtum\Desktop\gmer.zip

[2011/08/03 18:36:22 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Tamtum\Desktop\aswMBR.exe

[2011/08/03 15:44:53 | 000,003,852 | ---- | M] () -- C:\Documents and Settings\Tamtum\My Documents\cc_20110803_154447.reg

[2011/08/02 19:17:51 | 000,083,624 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/08/02 18:11:07 | 000,003,564 | ---- | M] () -- C:\Documents and Settings\Tamtum\My Documents\cc_20110802_181101.reg

[2011/08/02 17:19:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/08/02 17:18:00 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

[2011/08/01 23:09:10 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2011/08/01 15:35:13 | 000,002,248 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk

[2011/08/01 14:32:48 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2011/08/01 11:23:39 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Tamtum\Desktop\HiJackThis.lnk

[2011/08/01 09:44:53 | 000,343,394 | ---- | M] () -- C:\Documents and Settings\Tamtum\My Documents\cc_20110801_094403.reg

[2011/08/01 09:17:53 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Event Log Explorer.lnk

[2011/07/29 17:26:08 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tamtum\Desktop\TDSSKiller.exe

[2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2011/07/21 21:36:47 | 000,074,318 | ---- | M] () -- C:\Documents and Settings\Tamtum\My Documents\HP USB SERIAL CONVERTER.pdf

[2011/07/21 21:10:05 | 000,002,113 | ---- | M] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Track Tropical Storm Cindy_ Track Tropical Storm Bret _ Stormpulse _ Hurricanes_ severe weather_ tracking_ mapping.lnk

[2011/07/21 05:48:15 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk

[2011/07/16 23:44:14 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[1 C:\Documents and Settings\Tamtum\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Tamtum\Local Settings\Application Data\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/08/15 15:17:28 | 000,001,851 | ---- | C] () -- C:\Documents and Settings\Tamtum\Start Menu\Programs\Startup\FreeRapid 0.85u1.lnk

[2011/08/15 13:29:57 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Event Viewer (2).lnk

[2011/08/15 13:16:27 | 000,879,225 | ---- | C] () -- C:\Documents and Settings\Tamtum\Desktop\SecurityCheck.exe

[2011/08/13 21:23:02 | 000,001,979 | ---- | C] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Farmtown Gift Links - Hot Dog Sausage (1).lnk

[2011/08/09 10:02:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Tamtum\Local Settings\Application Data\PUTTY.RND

[2011/08/09 09:29:55 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/08/09 00:20:14 | 000,029,362 | ---- | C] () -- C:\Documents and Settings\Tamtum\Desktop\Rootkit_Unhooker

[2011/08/09 00:02:56 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Tamtum\Desktop\MBRCheck.exe

[2011/08/09 00:01:59 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Tamtum\Desktop\RKUnhookerLE.EXE

[2011/08/07 17:58:01 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Nitro PDF Reader 2.lnk

[2011/08/07 17:58:01 | 000,001,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nitro PDF Reader.lnk

[2011/08/07 08:46:40 | 000,000,357 | ---- | C] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Desktop.lnk

[2011/08/07 08:41:20 | 000,000,321 | ---- | C] () -- C:\Documents and Settings\Tamtum\Desktop\Shortcut to Desktop.lnk

[2011/08/06 18:39:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/08/06 18:39:21 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/08/06 18:26:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/08/06 18:26:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/08/06 18:26:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/08/06 18:26:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/08/06 18:26:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/08/04 23:09:51 | 000,000,919 | ---- | C] () -- C:\Documents and Settings\Tamtum\Desktop\Gadwin PrintScreen.lnk

[2011/08/04 18:03:11 | 001,388,094 | ---- | C] () -- C:\Documents and Settings\Tamtum\Desktop\tdsskiller.zip

[2011/08/04 18:02:46 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\Tamtum\Desktop\CKScanner.exe

[2011/08/04 05:44:55 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Tamtum\Desktop\MBR.dat

[2011/08/03 18:55:52 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Tamtum\Desktop\gmer.exe

[2011/08/03 18:55:03 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Tamtum\Desktop\gmer.zip

[2011/08/03 15:44:49 | 000,003,852 | ---- | C] () -- C:\Documents and Settings\Tamtum\My Documents\cc_20110803_154447.reg

[2011/08/02 18:11:04 | 000,003,564 | ---- | C] () -- C:\Documents and Settings\Tamtum\My Documents\cc_20110802_181101.reg

[2011/08/02 17:18:00 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

[2011/08/01 23:59:30 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1326574676-1606980848-1003.job

[2011/08/01 15:35:13 | 000,002,248 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk

[2011/08/01 11:23:39 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\Tamtum\Desktop\HiJackThis.lnk

[2011/08/01 09:44:05 | 000,343,394 | ---- | C] () -- C:\Documents and Settings\Tamtum\My Documents\cc_20110801_094403.reg

[2011/08/01 09:17:53 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Event Log Explorer.lnk

[2011/07/21 21:36:47 | 000,074,318 | ---- | C] () -- C:\Documents and Settings\Tamtum\My Documents\HP USB SERIAL CONVERTER.pdf

[2011/07/21 21:10:04 | 000,002,113 | ---- | C] () -- C:\Documents and Settings\Tamtum\Application Data\Microsoft\Internet Explorer\Quick Launch\Track Tropical Storm Cindy_ Track Tropical Storm Bret _ Stormpulse _ Hurricanes_ severe weather_ tracking_ mapping.lnk

[2011/06/29 16:16:35 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Tamtum\Local Settings\Application Data\keyfile3.drm

[2011/06/23 13:45:22 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011/06/23 13:45:21 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011/06/20 01:21:33 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2011/06/01 01:44:25 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winchat.ini

[2011/04/11 00:06:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011/04/10 22:36:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\setupfilter.exe

[2011/04/10 22:32:49 | 000,172,032 | ---- | C] () -- C:\WINDOWS\JAPI2.DLL

[2011/04/10 22:32:47 | 000,106,496 | ---- | C] () -- C:\WINDOWS\JAPI.DLL

[2011/04/10 22:23:51 | 000,122,880 | ---- | C] () -- C:\WINDOWS\rm303b.exe

[2011/04/07 12:43:15 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Tamtum\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

[2010/11/09 16:04:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/07/01 07:39:20 | 000,083,624 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2010/03/21 10:04:40 | 000,002,888 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat

[2010/03/16 20:01:20 | 004,033,824 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2010/03/16 20:01:20 | 000,168,480 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2009/11/30 11:51:24 | 000,010,292 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini

[2009/11/24 09:34:40 | 000,017,885 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat

[2009/11/24 00:20:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI

[2009/11/23 23:14:59 | 000,001,293 | ---- | C] () -- C:\WINDOWS\ACT_CFG.INI

[2009/11/23 22:00:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll

[2009/11/23 21:39:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/11/23 19:03:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/11/23 18:58:04 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/11/23 14:50:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/11/23 14:49:01 | 002,514,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006/02/28 08:00:00 | 000,433,110 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006/02/28 08:00:00 | 000,068,082 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2002/05/28 14:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2002/05/28 14:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2002/03/19 17:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe

 

< End of report >

 

 

 

OTL Extras logfile created on: 8/15/2011 4:36:19 PM - Run 1

OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\Tamtum\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.49 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 65.37% Memory free

6.08 Gb Paging File | 4.88 Gb Available in Paging File | 80.36% Paging File free

Paging file location(s): C:\pagefile.sys 3826 4096 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.24 Gb Total Space | 5.43 Gb Free Space | 14.58% Space Free | Partition Type: NTFS

Drive E: | 111.79 Gb Total Space | 27.58 Gb Free Space | 24.67% Space Free | Partition Type: NTFS

 

Computer Name: CHICHITOS | User Name: Tamtum | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromiumHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"$INSTDIR\FlvDetector.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe" = C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Documents and Settings\Tamtum\Application Data\FlashgetSetup\fgmini.exe" = C:\Documents and Settings\Tamtum\Application Data\FlashgetSetup\fgmini.exe:*:Enabled:Flashget(??) ?????? -- (Flashget)

"C:\

Link to comment
Share on other sites

Hi. :)

 

Cool, the remover completed fine, thanks!

Good.

 

Next:

 

Do you have a copy of the XP Installation CD-ROM? As we may require to make use of this at some point.

Please answer this prior question of mine, thank you.

 

Hard-Drive Free Space Advice:

 

Drive C: | 37.24 Gb Total Space | 5.43 Gb Free Space | 14.58% Space Free | Partition Type: NTFS

This is considered borderline. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my opinion.

 

I advise you choose to uninstall some software you do not need and or move any documents/files/pictures etc to a form of removable media. This is just my advice as the lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic.

 

Next:

 

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

 

Java™ 6 Update 26 <-- We will update this in due course.

Windows Defender <-- Not particularly effective plus active in system memory.

 

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

 

Backup the Registry:

 

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

 

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double-click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

 

FixPolicies:

 

Please download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here.

 

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box should briefly appear and then close.
  • Leave FixPolicies on your desktop please until I otherwise advise, thank you.
Reset SP3 Firewall:

 

Click on Start >> Run... and cut/paste in the following and click on OK

 

firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

 

Now click on the General tab >> select On(recommended) >> OK.

 

Next:

 

Let myself know when completed the above, answer my XP CD-ROM query and we will go from there, thank you.

Link to comment
Share on other sites

Hi Dakeyras,

 

My excuses I forget to mention that the Windows XP CD is ready in the CD-ROM .

 

All the processes mentioned on your las replay has been done, no logs generated.

 

The system is performing good but still is crashing.

 

 

Regards,

Link to comment
Share on other sites

Hi. :)

 

Lets proceed as follows shall we...

 

Repair MBR:

 

We will need to use the XP CD-ROM you have for this procedure.

 

  • Restart your computer with the Windows XP Setup disk in the CDROM drive.
  • If you are prompted to press a key to start the computer from CDROM, do so quickly. Otherwise it may try to boot from the hard drive.
  • A blue screen will appear and begin loading Windows XP Setup from the CD.
  • You will be prompted to "press F6 to install any third party SCSI or RAID drivers". Ignore this.
  • Depress the keyboard R key to enter the Recovery Console.
Next:

 

At the C:\Windows> prompt

 

  • Type in the following exactly fixmbr and hit enter.
  • Then at the next prompt type in Exit and hit enter.
  • Windows should continue to load as normally and you can remove the XP CD-ROM from the optical drive.
Custom OTL Script:

 

  • Double-click OTL.exe to start the program.
  • Copy the lines from the quote-box(do not copy the wrod quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590

FF - prefs.js..network.proxy.http_port: 9666

FF - prefs.js..network.proxy.socks_port: 9050

FF - prefs.js..network.proxy.ssl_port: 9666

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

O4 - HKLM..\Run: [iTunesHelper] File not found

O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetAllUrl.htm ()

O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: ????3?? - C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: ????3?????? - C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetAllUrl.htm ()

[1 C:\Documents and Settings\Tamtum\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Tamtum\Local Settings\Application Data\*.tmp -> ]

 

:Files

ipconfig /flushdns /c

%systemroot%\prefetch\*.*

 

:Commands

[Purity]

[ResetHosts]

[EmptyFlash]

[EmptyTemp]

[CreateRestorePoint]

[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

 

Malwarebytes Anti-Malware:

 

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

Check Hard Disk For Errors:

 

Click on Start >> Run..., then copy/paste the following command into the box and press OK:

 

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

 

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

 

When completed the above, please post back the following in the order asked for:

 

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
  • checkhd.txt.
Edited by Dakeyras
Copied fixes.
Link to comment
Share on other sites

Hi Dakeyras,

 

Sorry for the delay. I tried to run the FIXMBR command and got this error below. I want to check with you before go ahead. Please advice to proceed. Thank You.

 

**caution**

This computer appears to have a non-standard or invalid master boot record.

FIXMBR may damage your partition tables if you proceed.

This could cause all the partitions on the current hard disk to become

inaccesible.

If you are not having problems accessing your drive to not continue.

Are you sure you want to write a new MBR?

Link to comment
Share on other sites

Hi. :)

 

Sorry for the delay. I tried to run the FIXMBR command and got this error below. I want to check with you before go ahead. Please advice to proceed. Thank You.

Not a problem and you're welcome!

 

OK as far as I can tell your machine does not have some form of Recovery Partition. Can you confirm this for me please and is your machine a HP modal? If so please provide the exact type. Also carry out the instructions below so I in turn can analyse the MBR before we proceed any further, thank you.

 

After you ran aswMBR there should have been a file called mbr.dat created and placed on the desktop, please send this to a zip file then attach it in your next reply.

Link to comment
Share on other sites

Hi ,

 

My computer is a HP Compaq dc7100 Small Form Factor PC the full description is on the following link.

Hewlett-Packard System Model:HP Compaq dc7100 SFF(PC922A)BIOS Version:Hewlett-Packard 786C1 v02.15

Intel® Pentium® 4 CPU 3.00GHz Version:x86 Family 15 Model 4 Stepping 1 Speed:2992 MHz

 

http://h20000.www2.hp.com/bizsupport/TechSupport/Home.jsp?lang=en&cc=us&prodTypeId=12454&prodSeriesId=410112

 

Sorry, but the aswMBR aborted with an error. See below,

 

 

Event Type: Error

Event Source: Application Error

Event Category: None

Event ID: 1000

Date: 8/20/2011

Time: 11:48:49 PM

User: N/A

Computer: CHICHITOS

Description:

Faulting application aswmbr.exe, version 0.9.8.978, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000120e.

 

Data:

0000: 41 70 70 6c 69 63 61 74 Applicat

0008: 69 6f 6e 20 46 61 69 6c ion Fail

0010: 75 72 65 20 20 61 73 77 ure asw

0018: 6d 62 72 2e 65 78 65 20 mbr.exe

0020: 30 2e 39 2e 38 2e 39 37 0.9.8.97

0028: 38 20 69 6e 20 6e 74 64 8 in ntd

0030: 6c 6c 2e 64 6c 6c 20 35 ll.dll 5

0038: 2e 31 2e 32 36 30 30 2e .1.2600.

0040: 36 30 35 35 20 61 74 20 6055 at

0048: 6f 66 66 73 65 74 20 30 offset 0

0050: 30 30 30 31 32 30 65 0d 000120e.

0058: 0a

 

 

This is the only log generated.

 

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software

Run date: 2011-08-20 23:46:55

-----------------------------

23:46:55.187 OS Version: Windows 5.1.2600 Service Pack 3

23:46:55.187 Number of processors: 2 586 0x401

23:46:55.187 ComputerName: CHICHITOS UserName: Tamtum

23:47:00.625 Initialize success

23:47:21.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

23:47:21.078 Disk 0 Vendor: WDC_WD400JD-75HKA1 14.03G14 Size: 38146MB BusType: 3

23:47:21.078 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19

23:47:21.078 Disk 1 Vendor: ST3120026AS 3.43 Size: 114473MB BusType: 3

23:47:21.109 Disk 0 MBR read successfully

23:47:21.125 Disk 0 MBR scan

23:47:21.125 Disk 0 Windows XP default MBR code

23:47:21.140 Disk 0 scanning sectors +78108030

23:49:15.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tamtum\Desktop\MBR.dat"

23:49:15.625 The log file has been saved successfully to "C:\Documents and Settings\Tamtum\Desktop\aswMBR 8.20.2011.txt"

 

Advice what follows.

 

Thank You

.

Link to comment
Share on other sites

Hi. :)

 

Sorry, but the aswMBR aborted with an error. See below,

Actually I did not ask for you to run the application merely attach the MBR.dat as a zip file. OK not a problem however as I will merely explain another way as follows...

 

Locate the MBR.dat file, it is currently residing here on the desktop:-

 

C:\Documents and Settings\Tamtum\Desktop\MBR.dat

 

Next:

 

Now right-click on MBR.dat >> Send To > >> Compressed (zipped) Folder >> there should now be a zip file on the desktop named MBR.

 

Please attach this zip file in your next reply, thank you.

 

How to attach a zip file:-

 

Click on Add Reply >> under Attachments click on the Browse... button >> navigate to MBR.dat

 

Then click on the Attach This File Button >> Addy Reply

Link to comment
Share on other sites

Hi. :)

 

Sorry but, I did not find the Attachment nor the Browse button under Add Reply.

OK when you initially click on Add Reply scroll down a wee bit until you see the below:-

 

Posted Image

 

Now under Attachments click on the Browse... button >> navigate to MBR.dat(will be actually MBR.zip now)

 

Then click on the Attach This File Button >> Addy Reply

Edited by Dakeyras
Ammendment.
Link to comment
Share on other sites

Hi. :)

 

 

OK when you initially click on Add Reply scroll down a wee bit until you see the below:-

 

Posted Image

 

Now under Attachments click on the Browse... button >> navigate to MBR.dat(will be actually MBR.zip now)

 

Then click on the Attach This File Button >> Addy Reply

 

Link to comment
Share on other sites

Hi Posted Image Gentleman.

 

I clearly understood your instructions but I did not find the attachment section yet.

 

May be Irene's hurricane, that pass through here last Monday, pick it up leaving me in the dark.

 

Question: What is yours recommended best browser to use with PC Pit-stop?

Best Regards.Posted Image

Link to comment
Share on other sites

Hi Dakeyras,

Would you please check with the administrator seems that the attachment section does not work in this forum as the Help section indicates?.

By the way, I had have checked up and down and it did not shown.

This is the help for attachment:

Attachments

Depending on where in the community you are posting your message at, you may be able to upload attachments to your message. There are two types of uploaders available: the default uploader and the flash uploader.

 

Default Uploader

The default uploader allows you to upload attachments one at a time. To begin, press the button. A box will appear for you to select the file on your computer that you want to attach. Select the file you want to upload.

 

If you change your mind, you can press the button and then choose a different file.

 

Once you have selected the file you want, press Attach the file.

If there are any errors uploading the file, you will receive an error message, otherwise, you will see the attachment appear.

 

Flash Uploader

You can enable the flash uploader from your settings menu. When enabled, you will be able to easily upload more than one file at a time.

 

To start, press Click to Attach Files. A box will appear for you to select the file or files on your computer that you want to attach. Select the file or files you want to upload. You can select more than one file at a time by holding Ctrl (on Windows) or Command (on Mac) and click on the files.

 

Once you have selected your files and clicked "Open", they will begin uploading. If there are any errors uploading the files, you will receive an error message, otherwise, you will see the attachments appear.

Regards,

Link to comment
Share on other sites

Hi. :)

 

I am going to ask you upload the MBR.dat file another way so we can move along with the Malware Removal process...

 

Next:

 

Please go to my file submission channel here.

 

Next to the box:- Link to topic where this file was requested: Add in the below:-

 

http://forums.pcpitstop.com/index.php?/topic/196286-possible-tdl3-rootkit-infection/
Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

 

C:\Documents and Settings\Tamtum\Desktop\MBR.dat

 

Then click on the Send File tab. I will be notified when the file has been uploaded.

Link to comment
Share on other sites

Hi. :)

 

I am going to ask you upload the MBR.dat file another way so we can move along with the Malware Removal process...

 

Next:

 

Please go to my file submission channel here.

 

Next to the box:- Link to topic where this file was requested: Add in the below:-

 

http://forums.pcpitstop.com/index.php?/topic/196286-possible-tdl3-rootkit-infection/
Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

 

C:\Documents and Settings\Tamtum\Desktop\MBR.dat

 

Then click on the Send File tab. I will be notified when the file has been uploaded.

 

 

 

Hi Dakeyras,

 

Some magic tricks has been made here. The attachment section is working now. I just attached the file requested in both locations.

 

As indicated in the above post, I waiting your next move.

 

Once again excuse me my delay, the hurricane Irene lets me without internet access.

 

MBR.zip

Link to comment
Share on other sites

Hi. :)

 

Some magic tricks has been made here. The attachment section is working now. I just attached the file requested in both locations.

Aye we have the forum admins to thank for that. Anyway it appears the MBR is not infected/compromised.

 

Once again excuse me my delay, the hurricane Irene lets me without internet access.

Not a problem I assure you and I hope all is well your end etc.

 

Custom OTL Script:

 

  • Double-click OTL.exe to start the program.
  • Copy the lines from the quote-box(do not copy the wrod quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590

FF - prefs.js..network.proxy.http_port: 9666

FF - prefs.js..network.proxy.socks_port: 9050

FF - prefs.js..network.proxy.ssl_port: 9666

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

O4 - HKLM..\Run: [iTunesHelper] File not found

O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetAllUrl.htm ()

O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: ????3?? - C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: ????3?????? - C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetAllUrl.htm ()

[1 C:\Documents and Settings\Tamtum\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Tamtum\Local Settings\Application Data\*.tmp -> ]

 

:Files

ipconfig /flushdns /c

%systemroot%\prefetch\*.*

 

:Commands

[Purity]

[ResetHosts]

[EmptyFlash]

[EmptyTemp]

[CreateRestorePoint]

[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

 

Malwarebytes Anti-Malware:

 

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

Check Hard Disk For Errors:

 

Click on Start >> Run..., then copy/paste the following command into the box and press OK:

 

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

 

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

 

When completed the above, please post back the following in the order asked for:

 

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
  • checkhd.txt.
Link to comment
Share on other sites

HI,

The system crashed yesterday afternoon. It is working more faster that before but once in a while it crashed or restarted itself without registering a log event.

Below are the logs requested.

Thank You for your continue help!

Custom OTL Script:

 

All processes killed

========== OTL ==========

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Prefs.js: toolbar@ask.com:3.11.3.15590 removed from extensions.enabledItems

Prefs.js: 9666 removed from network.proxy.http_port

Prefs.js: 9050 removed from network.proxy.socks_port

Prefs.js: 9666 removed from network.proxy.ssl_port

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all by FlashGet3\ deleted successfully.

C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetAllUrl.htm moved successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download by FlashGet3\ deleted successfully.

C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetUrl.htm moved successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\????3??\ not found.

File C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetUrl.htm not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\????3??????\ not found.

File C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetAllUrl.htm not found.

C:\Documents and Settings\Tamtum\Local Settings\Application Data\BIT25.tmp deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Tamtum\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Tamtum\Desktop\cmd.txt deleted successfully.

C:\WINDOWS\prefetch\ACRORD32.EXE-19C3D96E.pf moved successfully.

C:\WINDOWS\prefetch\ADOBEARM.EXE-2D1B11BF.pf moved successfully.

C:\WINDOWS\prefetch\AGCP.EXE-0984FB89.pf moved successfully.

C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf moved successfully.

C:\WINDOWS\prefetch\AM_DELTA.EXE-2F7A6F0C.pf moved successfully.

C:\WINDOWS\prefetch\AM_DELTA_PATCH2.EXE-1B96EA75.pf moved successfully.

C:\WINDOWS\prefetch\AM_DELTA_PATCH3.EXE-3367F33D.pf moved successfully.

C:\WINDOWS\prefetch\AUTOUPDATE-WINDOWS.EXE-28A1274A.pf moved successfully.

C:\WINDOWS\prefetch\BBSETUP.EXE-09B49247.pf moved successfully.

C:\WINDOWS\prefetch\BBSVC.EXE-0ED35239.pf moved successfully.

C:\WINDOWS\prefetch\BINGAPP.EXE-0CF7B602.pf moved successfully.

C:\WINDOWS\prefetch\BINGBAR.EXE-299C1FD7.pf moved successfully.

C:\WINDOWS\prefetch\BINGBARSETUP-PARTNER.EXE-15F05D1B.pf moved successfully.

C:\WINDOWS\prefetch\CALC.EXE-02CD573A.pf moved successfully.

C:\WINDOWS\prefetch\CHECKUPDATE.EXE-2CEA7976.pf moved successfully.

C:\WINDOWS\prefetch\CHROME_UPDATER.EXE-04FF6C3E.pf moved successfully.

C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf moved successfully.

C:\WINDOWS\prefetch\CTFMON.EXE-0E17969B.pf moved successfully.

C:\WINDOWS\prefetch\DEFRAG.EXE-273F131E.pf moved successfully.

C:\WINDOWS\prefetch\DFRGNTFS.EXE-269967DF.pf moved successfully.

C:\WINDOWS\prefetch\DIVXUPDATE.EXE-24EAF9C6.pf moved successfully.

C:\WINDOWS\prefetch\DLLHOST.EXE-205D880D.pf moved successfully.

C:\WINDOWS\prefetch\DLLHOST.EXE-42807EE4.pf moved successfully.

C:\WINDOWS\prefetch\DOMINO.EXE-04EEC00C.pf moved successfully.

C:\WINDOWS\prefetch\DUMPREP.EXE-1B46F901.pf moved successfully.

C:\WINDOWS\prefetch\DW20.EXE-22C39A55.pf moved successfully.

C:\WINDOWS\prefetch\DWWIN.EXE-30875ADC.pf moved successfully.

C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf moved successfully.

C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf moved successfully.

C:\WINDOWS\prefetch\FLASHUTIL10T_PLUGIN.EXE-09CCFBC0.pf moved successfully.

C:\WINDOWS\prefetch\FRD.EXE-155AEE28.pf moved successfully.

C:\WINDOWS\prefetch\FREECELL.EXE-0CC25C3B.pf moved successfully.

C:\WINDOWS\prefetch\GOOGLE HACKS.EXE-01F9B4C1.pf moved successfully.

C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-1E5CAADA.pf moved successfully.

C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-1E123D86.pf moved successfully.

C:\WINDOWS\prefetch\GROOVEMONITOR.EXE-2606717A.pf moved successfully.

C:\WINDOWS\prefetch\HELPSVC.EXE-2878DDA2.pf moved successfully.

C:\WINDOWS\prefetch\HKCMD.EXE-1D05234B.pf moved successfully.

C:\WINDOWS\prefetch\HPCMPMGR.EXE-0D8BF169.pf moved successfully.

C:\WINDOWS\prefetch\HPOSM.EXE-0770134B.pf moved successfully.

C:\WINDOWS\prefetch\HPTSKMGR.EXE-32EF71D7.pf moved successfully.

C:\WINDOWS\prefetch\HPWUSCHD.EXE-1AC4276F.pf moved successfully.

C:\WINDOWS\prefetch\HPZTSB09.EXE-17B97A12.pf moved successfully.

C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf moved successfully.

C:\WINDOWS\prefetch\IGFXPERS.EXE-2C07C174.pf moved successfully.

C:\WINDOWS\prefetch\IGFXSRVC.EXE-2FB63FE8.pf moved successfully.

C:\WINDOWS\prefetch\IGFXTRAY.EXE-3391579A.pf moved successfully.

C:\WINDOWS\prefetch\IPCONFIG.EXE-2395F30B.pf moved successfully.

C:\WINDOWS\prefetch\IRON.EXE-29B10913.pf moved successfully.

C:\WINDOWS\prefetch\IRON.EXE-29B10916.pf moved successfully.

C:\WINDOWS\prefetch\IRON.EXE-29B10917.pf moved successfully.

C:\WINDOWS\prefetch\IRON.EXE-29B1091A.pf moved successfully.

C:\WINDOWS\prefetch\layout.ini moved successfully.

C:\WINDOWS\prefetch\LOGON.SCR-151EFAEA.pf moved successfully.

C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf moved successfully.

C:\WINDOWS\prefetch\MBAM.EXE-2269EC8A.pf moved successfully.

C:\WINDOWS\prefetch\MPCMDRUN.EXE-1F94F686.pf moved successfully.

C:\WINDOWS\prefetch\MPSIGSTUB.EXE-1D30D19B.pf moved successfully.

C:\WINDOWS\prefetch\MSFEEDSSYNC.EXE-25E13438.pf moved successfully.

C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf moved successfully.

C:\WINDOWS\prefetch\MSNMSGR.EXE-030AB647.pf moved successfully.

C:\WINDOWS\prefetch\MSSECES.EXE-14257906.pf moved successfully.

C:\WINDOWS\prefetch\NITROP~4.EXE-1F00CA38.pf moved successfully.

C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.

C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.

C:\WINDOWS\prefetch\OFFICELIVESIGNIN.EXE-042374FE.pf moved successfully.

C:\WINDOWS\prefetch\OPERA.EXE-12085680.pf moved successfully.

C:\WINDOWS\prefetch\OPHCRACK-WIN32-INSTALLER-3.3.-1A37618D.pf moved successfully.

C:\WINDOWS\prefetch\OSE.EXE-108AC98F.pf moved successfully.

C:\WINDOWS\prefetch\OTL.EXE-07FE4AC3.pf moved successfully.

C:\WINDOWS\prefetch\PING.EXE-31216D26.pf moved successfully.

C:\WINDOWS\prefetch\PLUGIN-CONTAINER.EXE-15EDC9DD.pf moved successfully.

C:\WINDOWS\prefetch\PROCEXP.EXE-07350703.pf moved successfully.

C:\WINDOWS\prefetch\QTTASK.EXE-342507FB.pf moved successfully.

C:\WINDOWS\prefetch\READER_SL.EXE-3329220B.pf moved successfully.

C:\WINDOWS\prefetch\REALSCHED.EXE-3282FD31.pf moved successfully.

C:\WINDOWS\prefetch\REALUPGRADE.EXE-38293202.pf moved successfully.

C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf moved successfully.

C:\WINDOWS\prefetch\RMAROUTER.EXE-0B14904A.pf moved successfully.

C:\WINDOWS\prefetch\RUNDLL32.EXE-169A1B2E.pf moved successfully.

C:\WINDOWS\prefetch\RUNDLL32.EXE-1769DDDF.pf moved successfully.

C:\WINDOWS\prefetch\RUNDLL32.EXE-188DF14E.pf moved successfully.

C:\WINDOWS\prefetch\RUNDLL32.EXE-1BC69D2D.pf moved successfully.

C:\WINDOWS\prefetch\RUNDLL32.EXE-1EE35C64.pf moved successfully.

C:\WINDOWS\prefetch\RUNDLL32.EXE-1F0FC8FF.pf moved successfully.

C:\WINDOWS\prefetch\RUNDLL32.EXE-2AAEDE52.pf moved successfully.

C:\WINDOWS\prefetch\RUNDLL32.EXE-2CCE4810.pf moved successfully.

C:\WINDOWS\prefetch\RUNDLL32.EXE-33113202.pf moved successfully.

C:\WINDOWS\prefetch\RUNDLL32.EXE-3F0F8E13.pf moved successfully.

C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf moved successfully.

C:\WINDOWS\prefetch\RUNDLL32.EXE-494FC364.pf moved successfully.

C:\WINDOWS\prefetch\RUNDLL32.EXE-4C6737DA.pf moved successfully.

C:\WINDOWS\prefetch\SC.EXE-218F68EB.pf moved successfully.

C:\WINDOWS\prefetch\SEAPORT.EXE-075D55DA.pf moved successfully.

C:\WINDOWS\prefetch\SETREFRESH.EXE-0C1D851C.pf moved successfully.

C:\WINDOWS\prefetch\SETUP.EXE-099CAF30.pf moved successfully.

C:\WINDOWS\prefetch\SETUP.EXE-35F2AE88.pf moved successfully.

C:\WINDOWS\prefetch\SETUP.EXE-3A5A54DC.pf moved successfully.

C:\WINDOWS\prefetch\SNDVOL32.EXE-383480B7.pf moved successfully.

C:\WINDOWS\prefetch\SOFTWAREUPDATE.EXE-1415D1B8.pf moved successfully.

C:\WINDOWS\prefetch\SRWARE_IRON.EXE-03F1371B.pf moved successfully.

C:\WINDOWS\prefetch\SRWARE_IRON.TMP-34AE0FB9.pf moved successfully.

C:\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf moved successfully.

C:\WINDOWS\prefetch\TASKMGR.EXE-20256C55.pf moved successfully.

C:\WINDOWS\prefetch\TCPVIEW.EXE-06FCFCD1.pf moved successfully.

C:\WINDOWS\prefetch\TERACOPY.EXE-0FC60D98.pf moved successfully.

C:\WINDOWS\prefetch\UPDATE.EXE-3B2EAA7B.pf moved successfully.

C:\WINDOWS\prefetch\USERINIT.EXE-30B18140.pf moved successfully.

C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf moved successfully.

C:\WINDOWS\prefetch\VMSNAP3.EXE-03375E73.pf moved successfully.

C:\WINDOWS\prefetch\WGATRAY.EXE-0ED38BED.pf moved successfully.

C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf moved successfully.

C:\WINDOWS\prefetch\WINWORD.EXE-07381162.pf moved successfully.

C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.

C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYFLASH]

 

User: All Users

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: LocalService

 

User: NetworkService

 

User: Tamtum

->Flash cache emptied: 470 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 121388 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Tamtum

->Temp folder emptied: 9627552 bytes

->Temporary Internet Files folder emptied: 5850556 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 17994104 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Opera cache emptied: 240 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1268201 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1314401 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 888485159 bytes

 

Total Files Cleaned = 882.00 mb

 

Restore point Set: OTL Restore Point (0)

 

OTL by OldTimer - Version 3.2.26.4 log created on 08292011_134727

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

Malwarebytes Anti-Malware:

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Database version: 7606

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

8/29/2011 2:21:02 PM

mbam-log-2011-08-29 (14-21-02).txt

 

Scan type: Quick scan

Objects scanned: 157798

Time elapsed: 11 minute(s), 42 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

Check Hard Disk For Errors:

 

The type of the file system is NTFS.

Volume label is System.

 

WARNING! F parameter not specified.

Running CHKDSK in read-only mode.

 

CHKDSK is verifying files (stage 1 of 3)...

CHKDSK is verifying indexes (stage 2 of 3)...

CHKDSK is recovering lost files.

CHKDSK is verifying security descriptors (stage 3 of 3)...

CHKDSK is verifying Usn Journal...

Usn Journal verification completed.

Correcting errors in the master file table's (MFT) BITMAP attribute.

Correcting errors in the Volume Bitmap.

Windows found problems with the file system.

Run CHKDSK with the /F (fix) option to correct these.

 

39053983 KB total disk space.

34671720 KB in 61250 files.

24360 KB in 8360 indexes.

0 KB in bad sectors.

141639 KB in use by the system.

65536 KB occupied by the log file.

4216264 KB available on disk.

 

4096 bytes in each allocation unit.

9763495 total allocation units on disk.

1054066 allocation units available on disk.

Link to comment
Share on other sites

Hi. :)

 

The system crashed yesterday afternoon. It is working more faster that before but once in a while it crashed or restarted itself without registering a log event.

OK and thanks for the update...

 

Hard-Drive Maintenance/Repair:

 

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

 

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process

Would you like to schedule this volume to be checked next time the system

restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

 

You should see a screen like this just after the Post(power on self test) screen:

 

Posted Image

 

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

 

System File Check:

 

Close all open applications/windows etc.

 

  • Click on Start >> Run...
  • Type in SFC /Scannow <--- Make sure to leave a space between SFC and the forward slash.
  • Click on OK
  • System File Checker will now scan all protected files to verify their versions.
Note: This will take some time. Also you may be prompted to place your XP installation CD-ROM in the CD-Drive if required.

 

Next:

 

Let myself know when completed the above and we will go from there, thank you.

Link to comment
Share on other sites

Hi. :)

 

All the step above has been completed without reporting any error from them.

Good.

 

The system crashed on august 30 again.

 

what's follows?

 

Thank You!

We will see if we can pinpoint the cause of the System Crash as so far it no longer appears to be Malware related...saying that we will run one more scan to err on the side of caution and you are most welcome!

 

Next:

 

Please download MiniToolBox to the desktop and run it.

 

Place(click) a check-mark against the following:

 

  • List last 10 Event Viewer Errors
  • List Users, Partitions and Memory size
  • List Minidump Files
Click on Go and post the result (Result.txt). It should be on the desktop.

 

ESET Online Scanner:

 

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

  • Please go here to run the scan...Click on Scan Now

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

 

When completed the above, please post back the following in the order asked for:

 

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Result.txt.
  • Eset Log.
Link to comment
Share on other sites

Hi Dakeyras,

 

The computer is fast but, still is crasing on its will.

 

Below are the logs files requested.

 

Hope you find something

 

Thank you very much for you help.

 

 

 

 

MiniToolBox by Farbar

Ran by Tamtum (administrator) on 04-09-2011 at 10:31:06

Microsoft Windows XP Service Pack 3 (X86)

 

***************************************************************************

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (09/01/2011 08:00:17 PM) (Source: Application Error) (User: )

Description: Fault bucket -1729436779.

The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

 

Error: (09/01/2011 08:00:12 PM) (Source: Application Error) (User: )

Description: Faulting application mbam.exe, version 1.51.1.1076, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000120e.

Processing media-specific event for [mbam.exe!ws!]

 

Error: (08/31/2011 11:14:56 PM) (Source: Application Hang) (User: )

Description: Hanging application elex.exe, version 3.3.1.801, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (08/29/2011 02:07:46 PM) (Source: Application Error) (User: )

Description: Faulting application mbam.exe, version 1.51.1.1076, faulting module unknown, version 0.0.0.0, fault address 0x4c4b4a49.

Processing media-specific event for [mbam.exe!ws!]

 

Error: (08/25/2011 01:22:27 PM) (Source: Application Error) (User: )

Description: Faulting application nitrop~4.exe, version 2.0.0.29, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000120e.

Processing media-specific event for [nitrop~4.exe!ws!]

 

Error: (08/25/2011 09:20:55 AM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

 

Error: (08/25/2011 09:20:55 AM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

 

Error: (08/25/2011 09:18:17 AM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

 

Error: (08/25/2011 09:18:17 AM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

 

Error: (08/25/2011 09:18:15 AM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

 

 

System errors:

=============

Error: (09/01/2011 09:53:11 PM) (Source: System Error) (User: )

Description: Error code 00000050, parameter1 f05c371c, parameter2 00000000, parameter3 804e8dc4, parameter4 00000002.

 

Error: (08/30/2011 09:12:52 PM) (Source: System Error) (User: )

Description: Error code 1000007f, parameter1 00000008, parameter2 f7717d70, parameter3 00000000, parameter4 00000000.

 

Error: (08/29/2011 01:47:29 PM) (Source: Service Control Manager) (User: )

Description: The SoundMAX Agent Service service terminated unexpectedly. It has done this 1 time(s).

 

Error: (08/29/2011 01:47:28 PM) (Source: Service Control Manager) (User: )

Description: The NitroPDFReaderDriverCreatorReadSpool2 service terminated unexpectedly. It has done this 1 time(s).

 

Error: (08/29/2011 01:47:28 PM) (Source: Service Control Manager) (User: )

Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

 

Error: (08/29/2011 01:47:28 PM) (Source: Service Control Manager) (User: )

Description: The BBUpdate service terminated unexpectedly. It has done this 1 time(s).

 

Error: (08/29/2011 01:47:28 PM) (Source: Service Control Manager) (User: )

Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

 

Error: (08/29/2011 01:00:35 PM) (Source: 0) (User: )

Description: \Device\LanmanDatagramReceiverPLATONetBT_Tcpip_{EF28B60C-7976-4AB4-B1A

 

Error: (08/29/2011 00:00:11 PM) (Source: 0) (User: )

Description: \Device\LanmanDatagramReceiverPLATONetBT_Tcpip_{EF28B60C-7976-4AB4-B1A

 

Error: (08/29/2011 10:35:52 AM) (Source: 0) (User: )

Description: \Device\LanmanDatagramReceiverPLATONetBT_Tcpip_{EF28B60C-7976-4AB4-B1A

 

 

Microsoft Office Sessions:

=========================

 

========================= Memory info: ===================================

 

Percentage of memory in use: 53%

Total physical RAM: 2551.43 MB

Available physical RAM: 1179.18 MB

Total Pagefile: 6224.55 MB

Available Pagefile: 4177.52 MB

Total Virtual: 2047.88 MB

Available Virtual: 1958.36 MB

 

========================= Partitions: =====================================

 

1 Drive c: (System) (Fixed) (Total:37.24 GB) (Free:3.73 GB) NTFS

2 Drive d: (HP_OS_RESTORE) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS

3 Drive e: (Data) (Fixed) (Total:111.79 GB) (Free:26.66 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\CHICHITOS

 

Administrator Guest HelpAssistant

SUPPORT_388945a0 Tamtum

 

========================= Minidump Files ==================================

 

C:\WINDOWS\Minidump\Mini090111-01.dmp

 

**** End of log ****

 

ESET Online Scanner:

 

 

C:\Documents and Settings\Tamtum\My Documents\Downloads\EvID4226Patch223d-en.zip Win32/Tool.EvID4226 application

C:\Documents and Settings\Tamtum\My Documents\Downloads\InternationalPrimoPDF.exe Win32/OpenCandy application

C:\Documents and Settings\Tamtum\My Documents\Downloads\Internet_Download_Manager_5.18_Build_8_Retail.rar Win32/HackTool.Patcher.A application

C:\Qoobox\Quarantine\C\SolSuite Solitaire 2010 v10.1 With Latest Graphics Packs by Laila\keygen.exe.vir a variant of Win32/HackTool.Patcher.I application

C:\Qoobox\Quarantine\C\SolSuite Solitaire 2010 v10.1 With Latest Graphics Packs by Laila\keygen.rar.vir a variant of Win32/HackTool.Patcher.I application

E:\Downloads\ophcrack-win32-installer-3.3.1.exe multiple threats

E:\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application

E:\Downloads\ultrasurf997.zip Win32/UltraReach application

E:\Downloads\software\Cryptload_1.1.8.rar Win32/RemoteAdmin.NetCat application

E:\My Download\ProdKey\produkey.zip Win32/PSWTool.ProductKey application

E:\My Download\Sniff\smsniff.exe a variant of Win32/Sniffer.SniffPass.B application

E:\My Download\Sniff\smsniff.zip a variant of Win32/Sniffer.SniffPass.B application

E:\_OTM\MovedFiles\08112011_201238\E_My Download\Adobe Acrobat Professional\ADOBE.ACROBAT-V9.0.PRO.EXTENDED.Keygen.Only-EDGE.rar probably a variant of Win32/Agent.DQPHVKD trojan

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...