Jump to content

Trojan.Agent.U on Vista computer - logs attached


tec

Recommended Posts

Hi, I did a search for this trojan and found this thead and have run the DDS tool to get some logs that might be helpful. Any assistance would be greatly appreciated!

The machine with the problem is an HP laptop running Windows Vista.

-----------------------------------

DDS (Ver_10-12-12.02) - NTFSx86

Run by Jacs at 14:41:27.55 on 08/01/2011

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_16

Microsoft

DDS_Attach.txt

Link to post
Share on other sites

Hello tec

Welcome to Malwarebytes.

=====================

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

===================

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

========

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Here is the ComboFix log.

I copied it to a USB stick from the infected computer. After running ComboFix we get this message when trying to eject the USB stick:

"rundll32.exe - Illegal operation attempted on a registry key that has been marked for deletion"

Should we be worried, has ComboFix done something to the registry to cause this message, should we reboot for it to finish?

combofix_log.txt

Link to post
Share on other sites

Reboot and the message will quit.

1. Please open Notepad

  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://forums.malwarebytes.org/index.php?showtopic=72156

Driver::
rurfmsvnl

Collect::
C:\Windows\system32\drivers\rurfmsvnl.sys

3. Save the above as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

4. During this run Combofix will collect and attempt to automatically upload some sample files.

You will see it say Combofix needs to upload some samples.

If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

  • Combofix.txt

===========

Note::

If Combofix fails to upload anything please do the following:

Go to Start > My Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

Link to post
Share on other sites

thank you. :D

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    c:\windows\system32\drivers\rurfmsvnl.sys

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

================================Malwarebytes' Anti-Malware=================================

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

================================Online scan=================================

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Many thanks. Here is the OTL log:

All processes killed

========== FILES ==========

c:\windows\system32\drivers\rurfmsvnl.sys moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Jacs

->Temp folder emptied: 387289 bytes

->Temporary Internet Files folder emptied: 41197568 bytes

->Java cache emptied: 80215150 bytes

->FireFox cache emptied: 85680225 bytes

->Google Chrome cache emptied: 543381338 bytes

->Flash cache emptied: 1869829 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 718.00 mb

OTL by OldTimer - Version 3.2.20.1 log created on 01102011_221658

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

And here is the Malwarebytes log from running it after OTL:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5481

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

11/01/2011 21:13:22

mbam-log-2011-01-11 (21-13-22).txt

Scan type: Full scan (C:\|E:\|F:\|)

Objects scanned: 285335

Time elapsed: 1 hour(s), 7 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\_OTL\movedfiles\01102011_221658\c_windows\system32\drivers\rurfmsvnl.sys (Trojan.Bubnix.Gen) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Are you sure it is safe to go online with the infected computer now and connect to ESET Online Scanner? In that case we will do that too.

I assume we should activate AVG Free (the antivirus software on the computer) before we go online? Will it compete with the ESET scanner?

Link to post
Share on other sites

Done! The log from the ESET scanner is very short - it's pasted below:

---------------------------------

C:\Users\Jacs\Desktop\New Folder\Ad-Aware - 2007 - Professional Edition - v7.0.1.3 + Keygen-Crack\crack\update-cracked.exe probably a variant of Win32/TrojanDropper.Delf.JBFNDPK trojan cleaned by deleting - quarantined

C:\Users\Jacs\Desktop\New Folder\SDFix\apps\Process.exe Win32/PrcView application cleaned by deleting - quarantined

Link to post
Share on other sites

We've run OTL again and I've attached the log here. Thanks a lot for all the help.

The only remaining issues that I can think of is that the computer is still rather slow at times, and with 2 GB I feel it shouldn't be, but this is probably a whole different problem. I did think at some point that all of this slowness was due to malware but it might just be that running Vista on a laptop 3 years old actually feels a bit sluggish at times. :huh:

Log:

------------------------------------

OTL logfile created on: 15/01/2011 19:16:42 - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Jacs\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 66.38 Gb Total Space | 6.49 Gb Free Space | 9.78% Space Free | Partition Type: NTFS

Drive E: | 1.55 Gb Total Space | 0.00 Gb Free Space | 0.18% Space Free | Partition Type: NTFS

Drive F: | 6.59 Gb Total Space | 0.46 Gb Free Space | 7.04% Space Free | Partition Type: NTFS

Computer Name: JACQUI | User Name: Jacs | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/11 21:38:31 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2011/01/11 21:38:29 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2011/01/11 21:38:26 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2011/01/11 21:38:09 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2011/01/11 21:37:41 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2011/01/11 21:37:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2011/01/10 21:29:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jacs\Desktop\OTL.exe

PRC - [2011/01/06 17:51:20 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

PRC - [2010/12/14 14:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe

PRC - [2010/03/21 03:05:23 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009/08/29 06:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Jacs\Local Settings\Apps\F.lux\flux.exe

PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/02/19 02:15:38 | 000,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

PRC - [2008/02/19 02:13:28 | 000,438,272 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

PRC - [2007/10/19 22:49:42 | 000,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2007/03/12 17:49:16 | 000,569,344 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe

PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (SafeList) ==========

MOD - [2011/01/11 21:40:04 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

MOD - [2011/01/10 21:29:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jacs\Desktop\OTL.exe

MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/11 21:37:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2008/02/19 02:15:38 | 000,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)

SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/03/05 17:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2005/05/11 02:09:54 | 000,225,280 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\Windows\System32\oodag.exe -- (O&O Defrag)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\BTWSp50.sys -- (BTWSp50)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2011/01/11 21:40:02 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2011/01/11 21:39:42 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2011/01/11 21:39:40 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010/08/13 19:17:26 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/18 23:59:09 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2010/02/18 23:59:08 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)

DRV - [2009/04/11 04:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2009/04/11 04:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2007/05/16 12:02:54 | 009,602,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2007/05/08 15:06:44 | 001,666,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2007/05/08 15:06:44 | 001,666,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)

DRV - [2007/03/01 13:52:42 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/02/22 03:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)

DRV - [2007/01/12 13:59:02 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2006/12/07 01:05:58 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2006/12/07 01:04:36 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

DRV - [2006/12/07 01:04:26 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2006/11/30 18:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)

DRV - [2006/11/28 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 09:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 09:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2006/11/02 09:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2006/11/02 09:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 08:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 07:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)

DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/11/02 07:30:54 | 001,781,760 | ---- | M] (Intel

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2011/01/06 17:47:43 | 000,000,047 | ---- | C] () -- C:\Windows\ja1Fju
    [2011/01/06 17:47:43 | 000,000,040 | ---- | C] () -- C:\Windows\sMftko7U5
    [2011/01/06 17:47:43 | 000,000,035 | ---- | C] () -- C:\Windows\iHWYueYjP
    [2011/01/06 17:47:43 | 000,000,032 | ---- | C] () -- C:\Windows\pSGex4mkEX
    [2011/01/06 17:47:43 | 000,000,032 | ---- | C] () -- C:\Windows\fPpw1wx
    [2011/01/06 17:47:42 | 000,000,045 | ---- | C] () -- C:\Windows\KgkacKvFkr
    [2011/01/06 17:47:42 | 000,000,039 | ---- | C] () -- C:\Windows\y3c6NQ
    [2011/01/06 17:47:42 | 000,000,034 | ---- | C] () -- C:\Windows\ITSMsSFxG
    [2011/01/06 17:47:42 | 000,000,032 | ---- | C] () -- C:\Windows\ldfkLVWd5
    [2011/01/06 17:47:40 | 000,000,045 | ---- | C] () -- C:\Windows\LIRWAjbJL
    [2011/01/06 17:47:40 | 000,000,035 | ---- | C] () -- C:\Windows\pWlrBpNrd
    [2011/01/06 17:47:40 | 000,000,032 | ---- | C] () -- C:\Windows\cqT73Kkrqg
    [2011/01/06 17:47:40 | 000,000,031 | ---- | C] () -- C:\Windows\WOi3DI
    [2011/01/06 17:47:39 | 000,000,047 | ---- | C] () -- C:\Windows\F3KhQsegnb
    [2011/01/06 17:47:39 | 000,000,040 | ---- | C] () -- C:\Windows\yFIlMW
    [2011/01/06 17:47:39 | 000,000,038 | ---- | C] () -- C:\Windows\k5JNwo
    [2011/01/06 17:47:39 | 000,000,037 | ---- | C] () -- C:\Windows\4jVbl
    [2011/01/06 17:47:38 | 000,000,049 | ---- | C] () -- C:\Windows\VYWnuxO
    [2011/01/06 17:47:38 | 000,000,046 | ---- | C] () -- C:\Windows\yWtCUTMp5
    [2011/01/06 17:47:38 | 000,000,046 | ---- | C] () -- C:\Windows\XfnPNQyC6I
    [2011/01/06 17:47:38 | 000,000,045 | ---- | C] () -- C:\Windows\qakTXKXG
    [2011/01/06 17:47:38 | 000,000,045 | ---- | C] () -- C:\Windows\aO7CsaqTeE
    [2011/01/06 17:47:38 | 000,000,044 | ---- | C] () -- C:\Windows\LobYqvG8
    [2011/01/06 17:47:38 | 000,000,044 | ---- | C] () -- C:\Windows\excf5
    [2011/01/06 17:47:38 | 000,000,044 | ---- | C] () -- C:\Windows\2AxueOjfH
    [2011/01/06 17:47:38 | 000,000,043 | ---- | C] () -- C:\Windows\ClG7wDcCA6
    [2011/01/06 17:47:38 | 000,000,043 | ---- | C] () -- C:\Windows\Bs2m7
    [2011/01/06 17:47:38 | 000,000,042 | ---- | C] () -- C:\Windows\Y4aRDeKi
    [2011/01/06 17:47:38 | 000,000,042 | ---- | C] () -- C:\Windows\GElIqO
    [2011/01/06 17:47:38 | 000,000,042 | ---- | C] () -- C:\Windows\EgtaGlPSn
    [2011/01/06 17:47:38 | 000,000,042 | ---- | C] () -- C:\Windows\d6VqmEED
    [2011/01/06 17:47:38 | 000,000,041 | ---- | C] () -- C:\Windows\uCKsvH
    [2011/01/06 17:47:38 | 000,000,038 | ---- | C] () -- C:\Windows\oFavpHE
    [2011/01/06 17:47:38 | 000,000,038 | ---- | C] () -- C:\Windows\MoUb3
    [2011/01/06 17:47:38 | 000,000,033 | ---- | C] () -- C:\Windows\FIYg17O
    [2011/01/06 17:47:38 | 000,000,032 | ---- | C] () -- C:\Windows\Bvqha
    [2011/01/06 17:47:38 | 000,000,031 | ---- | C] () -- C:\Windows\LH8U36Cr
    [2011/01/06 17:47:38 | 000,000,030 | ---- | C] () -- C:\Windows\JtvaSiB
    [2011/01/06 17:47:38 | 000,000,030 | ---- | C] () -- C:\Windows\h5oDwMa6
    [2011/01/06 17:47:38 | 000,000,030 | ---- | C] () -- C:\Windows\5eOexm
    [2011/01/06 17:47:38 | 000,000,029 | ---- | C] () -- C:\Windows\7QQlj78i
    [2011/01/06 17:47:38 | 000,000,029 | ---- | C] () -- C:\Windows\45e6DK5oRi
    [2011/01/06 17:47:38 | 000,000,028 | ---- | C] () -- C:\Windows\FLYkS
    [2011/01/06 17:47:38 | 000,000,028 | ---- | C] () -- C:\Windows\3XkypbOv2
    [2011/01/06 17:47:38 | 000,000,027 | ---- | C] () -- C:\Windows\calmlS6tS
    [2011/01/06 17:47:37 | 000,000,043 | ---- | C] () -- C:\Windows\XNGUm
    [2011/01/06 17:47:37 | 000,000,037 | ---- | C] () -- C:\Windows\aocJOpGaI
    [2011/01/06 17:47:37 | 000,000,030 | ---- | C] () -- C:\Windows\mLx4Q6M
    [2011/01/06 17:47:37 | 000,000,029 | ---- | C] () -- C:\Windows\uLVAps1Np
    [2011/01/06 17:47:37 | 000,000,029 | ---- | C] () -- C:\Windows\CCgPBY1a
    [2011/01/06 17:47:37 | 000,000,028 | ---- | C] () -- C:\Windows\V4jNEIf1oJ
    [2011/01/06 17:47:37 | 000,000,025 | ---- | C] () -- C:\Windows\EhPUBO
    [2011/01/06 17:47:36 | 000,000,044 | ---- | C] () -- C:\Windows\I6hYicJA3S
    [2011/01/06 17:47:36 | 000,000,043 | ---- | C] () -- C:\Windows\Y2gCA3R
    [2011/01/06 17:47:36 | 000,000,032 | ---- | C] () -- C:\Windows\ehfGHeMqmH
    [2011/01/06 17:47:34 | 000,000,040 | ---- | C] () -- C:\Windows\O14OOtm
    [2011/01/06 17:47:33 | 000,000,040 | ---- | C] () -- C:\Windows\kJnPGuxLa
    [2011/01/06 17:47:32 | 000,000,044 | ---- | C] () -- C:\Windows\Hllw7ED
    [2011/01/06 17:47:30 | 000,000,036 | ---- | C] () -- C:\Windows\5Rtlo
    [2011/01/06 17:47:29 | 000,000,036 | ---- | C] () -- C:\Windows\qTKQjvWAk
    [2011/01/06 17:47:27 | 000,000,037 | ---- | C] () -- C:\Windows\7Ssd7nroKT
    [2011/01/06 17:47:27 | 000,000,028 | ---- | C] () -- C:\Windows\GnOJEOW
    [2011/01/06 17:47:27 | 000,000,026 | ---- | C] () -- C:\Windows\2T8esRwaW
    [2011/01/06 17:47:25 | 000,000,041 | ---- | C] () -- C:\Windows\hdxUaetJ
    [2011/01/06 17:47:25 | 000,000,040 | ---- | C] () -- C:\Windows\2pvNUHB
    [2011/01/06 17:47:25 | 000,000,036 | ---- | C] () -- C:\Windows\w5L3V8d3G4
    [2011/01/06 17:47:25 | 000,000,026 | ---- | C] () -- C:\Windows\LBILmrYc
    [2011/01/06 17:47:24 | 000,000,044 | ---- | C] () -- C:\Windows\TvxkqPyhab
    [2011/01/06 17:47:22 | 000,000,040 | ---- | C] () -- C:\Windows\nMp6T
    [2011/01/06 17:47:20 | 000,000,049 | ---- | C] () -- C:\Windows\jPToXpud
    [2011/01/06 17:47:20 | 000,000,047 | ---- | C] () -- C:\Windows\xia5b
    [2011/01/06 17:47:20 | 000,000,047 | ---- | C] () -- C:\Windows\3LaFX
    [2011/01/06 17:47:20 | 000,000,046 | ---- | C] () -- C:\Windows\8KJLK
    [2011/01/06 17:47:20 | 000,000,044 | ---- | C] () -- C:\Windows\WpfC6U
    [2011/01/06 17:47:20 | 000,000,043 | ---- | C] () -- C:\Windows\WlMfD4
    [2011/01/06 17:47:20 | 000,000,042 | ---- | C] () -- C:\Windows\4kLkF
    [2011/01/06 17:47:20 | 000,000,041 | ---- | C] () -- C:\Windows\lF7dA
    [2011/01/06 17:47:20 | 000,000,040 | ---- | C] () -- C:\Windows\ignc5nJmi
    [2011/01/06 17:47:20 | 000,000,039 | ---- | C] () -- C:\Windows\XguGQgm
    [2011/01/06 17:47:20 | 000,000,039 | ---- | C] () -- C:\Windows\nCGp7Inyy8
    [2011/01/06 17:47:20 | 000,000,039 | ---- | C] () -- C:\Windows\lHaxOG
    [2011/01/06 17:47:20 | 000,000,039 | ---- | C] () -- C:\Windows\3PWAT
    [2011/01/06 17:47:20 | 000,000,038 | ---- | C] () -- C:\Windows\p4tFS73C8
    [2011/01/06 17:47:20 | 000,000,037 | ---- | C] () -- C:\Windows\Vuktdt
    [2011/01/06 17:47:20 | 000,000,036 | ---- | C] () -- C:\Windows\nYb8DqV
    [2011/01/06 17:47:20 | 000,000,035 | ---- | C] () -- C:\Windows\NNJWxceg
    [2011/01/06 17:47:20 | 000,000,034 | ---- | C] () -- C:\Windows\Os8NVKnoek
    [2011/01/06 17:47:20 | 000,000,034 | ---- | C] () -- C:\Windows\iPrdtIX
    [2011/01/06 17:47:20 | 000,000,031 | ---- | C] () -- C:\Windows\gFKAKt1qF
    [2011/01/06 17:47:20 | 000,000,031 | ---- | C] () -- C:\Windows\8biiMRj
    [2011/01/06 17:47:20 | 000,000,030 | ---- | C] () -- C:\Windows\RaNokcC
    [2011/01/06 17:47:20 | 000,000,028 | ---- | C] () -- C:\Windows\IgFj75oRh
    [2011/01/06 17:47:20 | 000,000,028 | ---- | C] () -- C:\Windows\b31Oi1GRP
    [2011/01/06 17:47:19 | 000,000,036 | ---- | C] () -- C:\Windows\31c7Dn5c
    [2011/01/06 17:47:19 | 000,000,033 | ---- | C] () -- C:\Windows\C4ywfGIdA
    [2011/01/06 17:47:19 | 000,000,030 | ---- | C] () -- C:\Windows\4I5WGIT
    [2011/01/06 17:47:19 | 000,000,027 | ---- | C] () -- C:\Windows\DQxjxlU


  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

============

Then click the Run scan button once more and post the new log that opens.

Link to post
Share on other sites

  • 3 weeks later...

Hi, thanks a lot - we finally managed to get back and run this final script. Here is the log now. The scan log is attached as well.

========== OTL ==========

C:\Windows\ja1Fju moved successfully.

C:\Windows\sMftko7U5 moved successfully.

C:\Windows\iHWYueYjP moved successfully.

C:\Windows\pSGex4mkEX moved successfully.

C:\Windows\fPpw1wx moved successfully.

C:\Windows\KgkacKvFkr moved successfully.

C:\Windows\y3c6NQ moved successfully.

C:\Windows\ITSMsSFxG moved successfully.

C:\Windows\ldfkLVWd5 moved successfully.

C:\Windows\LIRWAjbJL moved successfully.

C:\Windows\pWlrBpNrd moved successfully.

C:\Windows\cqT73Kkrqg moved successfully.

C:\Windows\WOi3DI moved successfully.

C:\Windows\F3KhQsegnb moved successfully.

C:\Windows\yFIlMW moved successfully.

C:\Windows\k5JNwo moved successfully.

C:\Windows\4jVbl moved successfully.

C:\Windows\VYWnuxO moved successfully.

C:\Windows\yWtCUTMp5 moved successfully.

C:\Windows\XfnPNQyC6I moved successfully.

C:\Windows\qakTXKXG moved successfully.

C:\Windows\aO7CsaqTeE moved successfully.

C:\Windows\LobYqvG8 moved successfully.

C:\Windows\excf5 moved successfully.

C:\Windows\2AxueOjfH moved successfully.

C:\Windows\ClG7wDcCA6 moved successfully.

C:\Windows\Bs2m7 moved successfully.

C:\Windows\Y4aRDeKi moved successfully.

C:\Windows\GElIqO moved successfully.

C:\Windows\EgtaGlPSn moved successfully.

C:\Windows\d6VqmEED moved successfully.

C:\Windows\uCKsvH moved successfully.

C:\Windows\oFavpHE moved successfully.

C:\Windows\MoUb3 moved successfully.

C:\Windows\FIYg17O moved successfully.

C:\Windows\Bvqha moved successfully.

C:\Windows\LH8U36Cr moved successfully.

C:\Windows\JtvaSiB moved successfully.

C:\Windows\h5oDwMa6 moved successfully.

C:\Windows\5eOexm moved successfully.

C:\Windows\7QQlj78i moved successfully.

C:\Windows\45e6DK5oRi moved successfully.

C:\Windows\FLYkS moved successfully.

C:\Windows\3XkypbOv2 moved successfully.

C:\Windows\calmlS6tS moved successfully.

C:\Windows\XNGUm moved successfully.

C:\Windows\aocJOpGaI moved successfully.

C:\Windows\mLx4Q6M moved successfully.

C:\Windows\uLVAps1Np moved successfully.

C:\Windows\CCgPBY1a moved successfully.

C:\Windows\V4jNEIf1oJ moved successfully.

C:\Windows\EhPUBO moved successfully.

C:\Windows\I6hYicJA3S moved successfully.

C:\Windows\Y2gCA3R moved successfully.

C:\Windows\ehfGHeMqmH moved successfully.

C:\Windows\O14OOtm moved successfully.

C:\Windows\kJnPGuxLa moved successfully.

C:\Windows\Hllw7ED moved successfully.

C:\Windows\5Rtlo moved successfully.

C:\Windows\qTKQjvWAk moved successfully.

C:\Windows\7Ssd7nroKT moved successfully.

C:\Windows\GnOJEOW moved successfully.

C:\Windows\2T8esRwaW moved successfully.

C:\Windows\hdxUaetJ moved successfully.

C:\Windows\2pvNUHB moved successfully.

C:\Windows\w5L3V8d3G4 moved successfully.

C:\Windows\LBILmrYc moved successfully.

C:\Windows\TvxkqPyhab moved successfully.

C:\Windows\nMp6T moved successfully.

C:\Windows\jPToXpud moved successfully.

C:\Windows\xia5b moved successfully.

C:\Windows\3LaFX moved successfully.

C:\Windows\8KJLK moved successfully.

C:\Windows\WpfC6U moved successfully.

C:\Windows\WlMfD4 moved successfully.

C:\Windows\4kLkF moved successfully.

C:\Windows\lF7dA moved successfully.

C:\Windows\ignc5nJmi moved successfully.

C:\Windows\XguGQgm moved successfully.

C:\Windows\nCGp7Inyy8 moved successfully.

C:\Windows\lHaxOG moved successfully.

C:\Windows\3PWAT moved successfully.

C:\Windows\p4tFS73C8 moved successfully.

C:\Windows\Vuktdt moved successfully.

C:\Windows\nYb8DqV moved successfully.

C:\Windows\NNJWxceg moved successfully.

C:\Windows\Os8NVKnoek moved successfully.

C:\Windows\iPrdtIX moved successfully.

C:\Windows\gFKAKt1qF moved successfully.

C:\Windows\8biiMRj moved successfully.

C:\Windows\RaNokcC moved successfully.

C:\Windows\IgFj75oRh moved successfully.

C:\Windows\b31Oi1GRP moved successfully.

C:\Windows\31c7Dn5c moved successfully.

C:\Windows\C4ywfGIdA moved successfully.

C:\Windows\4I5WGIT moved successfully.

C:\Windows\DQxjxlU moved successfully.

OTL by OldTimer - Version 3.2.20.1 log created on 02052011_125021

OTL.Txt

Link to post
Share on other sites

You are welcome.

Please install the latest version of adobe reader.

It can be found here > http://get.adobe.com/reader/

==================================

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.

====

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

How did I get infected in the first place? Also this one by Tony Klein.

If your computer is slow Things you can do if your computer is slow.

PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.