Ukash Police Virus

C

coolraj003

New Member
Thread author
Oct 14, 2013
5
Can anyone help? See my symptoms as I have tried to utilise the safe mode to get to last restoration point but that did not work and Hitman Kickstarter did not start. Anvisoft and Kaspersky worked to remove a few bits but the issues is still there. As I still cant get in by safemode my options are kinda limited on this one. Any suggestions?

Raj
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi and welcome to MalwareTips! :)

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Please print these instruction out so that you know what you are doing
  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Wait for the CD to detect your hardware and load the operating system
  • Your system should now display a Reatogo desktop
    Note : as you are running from CD it is not exactly speedy
  • Insert the USB with FRST
  • Locate the flash drive with FRST and double click
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
C

coolraj003

New Member
Thread author
Oct 14, 2013
5
Here is the log that FRST created.

Raj

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by SYSTEM on REATOGO on 14-10-2013 19:35:45
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LClock] - C:\Program Files\LClock\LClock.exe [65536 2004-09-19] ()
HKLM\...\Run: [SkyTel] - C:\Windows\SkyTel.EXE [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33718272 2009-12-03] (VIA Technologies, Inc.)
HKLM\...\Run: [ClamWin] - C:\Program Files\ClamWin\bin\ClamTray.exe [86016 2013-04-27] (alch)
HKLM\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [754728 2013-10-05] (Webroot)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [273528 2011-10-10] (RealNetworks, Inc.)
HKLM\...\Run: [SearchSettings] - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [1360192 2013-09-02] (Spigot, Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Anvi Smart Defender] - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe [1635048 2013-08-12] (Anvisoft)
HKLM\...\Run: [Anvi AD Blocker] - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe [1256144 2013-06-14] (Anvisoft)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
HKLM\...\Policies\Explorer: [NoInternetIcon] 0
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0x00000000
HKLM\...\Policies\Explorer: [NoFolderOptions] 0x00000000
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoSetTaskBar] 0
HKLM\...\Policies\Explorer: [NoFileMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [MaxRecentDocs] 0
HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000
HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKLM\...\Policies\Explorer: [NoNetHood] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoWinKey] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKLM\...\Policies\Explorer: [NoControlPanle] 0
HKU\Administrator\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [x]
HKU\Default User\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\Default User\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
HKU\Default User\...\RunOnce: [IE7-10] - rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0
HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0
HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0
HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0
HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0
HKU\XP PRO SP3 User\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [ 2006-09-13] (Nero AG)
HKU\XP PRO SP3 User\...\Run: [DVDXGhost] - [x]
HKU\XP PRO SP3 User\...\Run: [ASRockOCTuner] - [x]
HKU\XP PRO SP3 User\...\Run: [ASRockIES] - [x]
HKU\XP PRO SP3 User\...\Run: [zASRockInstantBoot] - [x]
HKU\XP PRO SP3 User\...\Run: [EPSON Stylus SX200 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S25B.tmp" /EF "HKCU"
HKU\XP PRO SP3 User\...\Run: [Google Update] - C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [ 2011-06-20] (Google Inc.)
HKU\XP PRO SP3 User\...\Run: [Xvid] - C:\Program Files\Xvid\CheckUpdate.exe [ 2011-01-17] ()
HKU\XP PRO SP3 User\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-21] (Skype Technologies S.A.)
HKU\XP PRO SP3 User\...\Run: [Advanced SystemCare 6] - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [ 2013-04-18] (IObit)
HKU\XP PRO SP3 User\...\Run: [AmazonMP3DownloaderHelper] - C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [ 2013-05-22] ()
HKU\XP PRO SP3 User\...\Policies\system: [NoDispAppearancePage] 0
HKU\XP PRO SP3 User\...\Policies\system: [NoDispBackgroundPage] 0
HKU\XP PRO SP3 User\...\Policies\system: [NoDispSettingsPage] 0
HKU\XP PRO SP3 User\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [x]
Startup: C:\Documents and Settings\XP PRO SP3 User\Start Menu\Programs\Startup\bnbjiowl.lnk
ShortcutTarget: bnbjiowl.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\lwoijbnb.plz (Borland Software Corporation)
Startup: C:\Documents and Settings\XP PRO SP3 User\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Documents and Settings\XP PRO SP3 User\Start Menu\Programs\Startup\Styler.lnk
ShortcutTarget: Styler.lnk -> C:\Documents and Settings\XP PRO SP3 User\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()

========================== Services (Whitelisted) =================

S2 AdblockerSrv; C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [314064 2013-06-14] ()
S2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
S2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [807800 2013-09-02] (Spigot, Inc.)
S2 asdsrv; C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [742120 2013-08-12] (Anvisoft)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [765952 2005-11-23] (Diskeeper Corporation)
S2 Giraffic; C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
S2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-04-26] (PC Tools)
S2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\lwoijbnb.plz [176128 2013-10-14] (Borland Software Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [754728 2013-10-05] (Webroot)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 AMBFilt; C:\Windows\System32\drivers\AMBFilt.sys [1656960 2009-06-26] (Creative)
S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S2 asdnet; C:\WINDOWS\system32\DRIVERS\asdnet.sys [15696 2013-06-08] ()
S1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [16208 2012-11-07] (Anvisoft)
S2 asdrs; C:\WINDOWS\system32\DRIVERS\asdrs.sys [22864 2012-11-07] (Anvisoft)
S2 asdws; C:\WINDOWS\system32\DRIVERS\asdws.sys [14160 2012-11-07] ()
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
S1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
S2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [41984 2007-11-09] (Samsung Electronics Co., Ltd.)
S3 monfilt; C:\Windows\System32\drivers\monfilt.sys [1389056 2008-12-02] (Creative Technology Ltd.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S0 nvatabus; C:\Windows\System32\Drivers\nvatabus.sys [100736 2008-06-19] (NVIDIA Corporation)
S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54400 2008-03-24] (NVIDIA Corporation)
S0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [145952 2008-08-18] (NVIDIA Corporation)
S3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-03-24] (NVIDIA Corporation)
S3 QCDonner; C:\Windows\System32\DRIVERS\OVCD.sys [28032 2001-08-17] (Microsoft Corporation)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [14776 2013-05-22] ()
S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1617408 2009-11-25] (VIA Technologies, Inc.)
S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2013-10-05] (Webroot)
S4 IntelIde; No ImagePath
S5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-06-19] (Microsoft Corporation)
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [x]
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-14 19:35 - 2013-10-14 19:35 - 00000000 ____D C:\FRST
2013-10-14 11:08 - 2013-10-14 11:08 - 00000000 ____D C:\Documents and Settings\XP PRO SP3 User\Application Data\Anvisoft
2013-10-14 11:07 - 2013-10-14 11:07 - 00001109 _____ C:\Documents and Settings\All Users\Desktop\Anvi AD Blocker.lnk
2013-10-14 11:07 - 2013-06-08 22:40 - 00015696 _____ C:\Windows\System32\Drivers\asdnet.sys
2013-10-14 11:06 - 2013-10-14 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Anvisoft
2013-10-14 11:06 - 2013-10-14 11:06 - 00000837 _____ C:\Documents and Settings\All Users\Desktop\Anvi Smart Defender.lnk
2013-10-14 11:06 - 2013-10-14 11:06 - 00000000 ____D C:\Program Files\Anvisoft
2013-10-14 11:06 - 2012-11-07 03:16 - 00022864 _____ (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys
2013-10-14 11:06 - 2012-11-07 03:16 - 00016208 _____ (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys
2013-10-14 11:06 - 2012-11-07 03:16 - 00014160 _____ C:\Windows\System32\Drivers\asdws.sys
2013-10-14 10:53 - 2013-10-14 12:50 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-14 08:51 - 2013-10-14 08:51 - 00065536 _____ C:\Windows\Minidump\Mini101413-02.dmp
2013-10-14 08:49 - 2013-10-14 08:49 - 00065536 _____ C:\Windows\Minidump\Mini101413-01.dmp
2013-10-14 08:31 - 2013-10-14 08:33 - 25679064 _____ C:\asdsetup.exe
2013-10-14 08:11 - 2013-10-14 08:11 - 28311552 _____ C:\Windows\System32\config\software.bhv
2013-10-14 08:11 - 2013-10-14 08:11 - 09961472 _____ C:\Windows\System32\config\system.bhv
2013-10-14 08:11 - 2013-10-14 08:11 - 00786432 _____ C:\Windows\System32\config\default.bhv
2013-10-14 08:11 - 2013-10-14 08:11 - 00077824 _____ C:\Windows\System32\config\SECURITY.bhv
2013-10-14 08:11 - 2013-10-14 08:11 - 00028672 _____ C:\Windows\System32\config\SAM.bhv
2013-10-14 07:33 - 2013-10-14 07:33 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-10-14 07:26 - 2013-10-14 08:51 - 131493888 _____ C:\Windows\MEMORY.DMP
2013-10-14 02:02 - 2013-10-14 11:55 - 95025368 ____T C:\Documents and Settings\All Users\Application Data\bnbjiowl.pff
2013-10-14 02:02 - 2013-10-14 11:52 - 00000000 _____ C:\Documents and Settings\All Users\Application Data\bnbjiowl.ctrl
2013-10-14 02:01 - 2013-10-14 02:01 - 00176128 _____ (Borland Software Corporation) C:\Documents and Settings\All Users\Application Data\lwoijbnb.plz
2013-10-09 06:41 - 2013-10-09 06:41 - 00129454 _____ C:\Windows\KB2862335.log
2013-10-09 06:41 - 2013-10-09 06:41 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$
2013-10-09 06:41 - 2013-10-09 06:41 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$
2013-10-09 06:38 - 2013-10-09 06:43 - 00007313 _____ C:\Windows\setupapi.log
2013-10-09 06:38 - 2013-10-09 06:38 - 00009897 _____ C:\Windows\KB2868038.log
2013-10-09 06:38 - 2013-10-09 06:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$
2013-10-09 06:37 - 2013-10-09 06:41 - 00040362 _____ C:\Windows\iis6.log
2013-10-09 06:37 - 2013-10-09 06:41 - 00037098 _____ C:\Windows\FaxSetup.log
2013-10-09 06:37 - 2013-10-09 06:41 - 00034020 _____ C:\Windows\ocgen.log
2013-10-09 06:37 - 2013-10-09 06:41 - 00016930 _____ C:\Windows\tsoc.log
2013-10-09 06:37 - 2013-10-09 06:41 - 00012560 _____ C:\Windows\comsetup.log
2013-10-09 06:37 - 2013-10-09 06:41 - 00011436 _____ C:\Windows\msmqinst.log
2013-10-09 06:37 - 2013-10-09 06:41 - 00007596 _____ C:\Windows\ntdtcsetup.log
2013-10-09 06:37 - 2013-10-09 06:41 - 00006498 _____ C:\Windows\netfxocm.log
2013-10-09 06:37 - 2013-10-09 06:41 - 00003093 _____ C:\Windows\updspapi.log
2013-10-09 06:37 - 2013-10-09 06:41 - 00002550 _____ C:\Windows\MedCtrOC.log
2013-10-09 06:37 - 2013-10-09 06:41 - 00001866 _____ C:\Windows\tabletoc.log
2013-10-09 06:37 - 2013-10-09 06:41 - 00001374 _____ C:\Windows\imsins.log
2013-10-09 06:37 - 2013-10-09 06:41 - 00001374 _____ C:\Windows\imsins.BAK
2013-10-09 06:37 - 2013-10-09 06:37 - 00011573 _____ C:\Windows\KB2879017-IE8.log
2013-10-09 06:37 - 2013-10-09 06:37 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$
2013-10-09 06:37 - 2013-10-09 06:37 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$
2013-10-09 06:37 - 2013-10-09 06:37 - 00000000 _____ C:\Windows\setuperr.log
2013-10-09 06:37 - 2013-10-09 06:37 - 00000000 _____ C:\Windows\setupact.log
2013-10-09 02:02 - 2013-10-09 06:41 - 00132756 _____ C:\Windows\KB2847311.log
2013-10-09 02:02 - 2013-08-08 20:55 - 00144128 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys
2013-10-09 02:02 - 2013-08-08 20:55 - 00144128 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys
2013-10-09 02:02 - 2013-08-08 20:55 - 00032384 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbccgp.sys
2013-10-09 02:02 - 2013-08-08 20:55 - 00032384 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbccgp.sys
2013-10-09 02:02 - 2013-08-08 20:55 - 00005376 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys
2013-10-09 02:02 - 2013-08-08 20:55 - 00005376 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys
2013-10-09 02:02 - 2013-07-16 20:58 - 00060160 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys
2013-10-09 02:02 - 2013-07-16 20:58 - 00060160 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys
2013-10-09 02:02 - 2013-07-16 20:58 - 00046848 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\irbus.sys
2013-10-09 02:02 - 2013-07-16 20:58 - 00046848 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\irbus.sys
2013-10-09 02:02 - 2013-07-02 22:12 - 00025088 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys
2013-10-09 02:02 - 2013-07-02 22:12 - 00025088 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys
2013-10-09 02:02 - 2013-07-02 21:59 - 00014976 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbscan.sys
2013-10-09 02:02 - 2013-07-02 21:59 - 00014976 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbscan.sys
2013-10-09 02:02 - 2009-03-18 07:02 - 00030336 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys
2013-10-09 02:02 - 2009-03-18 07:02 - 00030336 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys
2013-10-08 03:38 - 2013-10-08 10:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-05 03:55 - 2013-10-05 03:55 - 00010498 _____ C:\Documents and Settings\All Users\Application Data\lpm.dat
2013-10-01 04:18 - 2013-10-14 11:52 - 00000159 _____ C:\Windows\wiadebug.log
2013-10-01 04:18 - 2013-10-14 11:52 - 00000050 _____ C:\Windows\wiaservc.log
2013-10-01 04:18 - 2013-10-01 04:18 - 00000000 _____ C:\Windows\Sti_Trace.log
2013-09-28 08:49 - 2013-09-29 14:52 - 00019647 _____ C:\Documents and Settings\XP PRO SP3 User\My Documents\my presentation aga.odp
2013-09-28 08:42 - 2013-09-28 08:42 - 00017116 _____ C:\Documents and Settings\XP PRO SP3 User\My Documents\my presentation.odp
2013-09-28 02:10 - 2013-09-28 02:10 - 00000000 ____D C:\Documents and Settings\XP PRO SP3 User\Application Data\DDMSettings
2013-09-28 02:07 - 2013-09-28 02:07 - 00000000 _____ C:\END
2013-09-18 16:08 - 2013-09-18 16:08 - 00094208 _____ (DivX, Inc.) C:\Windows\System32\dpl100.dll
2013-09-18 15:25 - 2013-09-18 15:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Opera
2013-09-18 15:25 - 2013-09-18 15:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Opera
2013-09-18 15:25 - 2013-09-18 15:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-09-18 15:25 - 2013-09-18 15:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe

==================== One Month Modified Files and Folders =======

2013-10-14 19:35 - 2013-10-14 19:35 - 00000000 ____D C:\FRST
2013-10-14 12:50 - 2013-10-14 10:53 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-14 11:55 - 2013-10-14 02:02 - 95025368 ____T C:\Documents and Settings\All Users\Application Data\bnbjiowl.pff
2013-10-14 11:55 - 2008-04-14 08:00 - 00002206 _____ C:\Windows\System32\wpa.dbl
2013-10-14 11:53 - 2012-09-23 13:44 - 00000000 ____D C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application Data\AskToolbar
2013-10-14 11:53 - 2009-07-21 10:58 - 01901700 _____ C:\Windows\WindowsUpdate.log
2013-10-14 11:52 - 2013-10-14 02:02 - 00000000 _____ C:\Documents and Settings\All Users\Application Data\bnbjiowl.ctrl
2013-10-14 11:52 - 2013-10-01 04:18 - 00000159 _____ C:\Windows\wiadebug.log
2013-10-14 11:52 - 2013-10-01 04:18 - 00000050 _____ C:\Windows\wiaservc.log
2013-10-14 11:52 - 2011-11-06 07:25 - 00000000 ____D C:\Program Files\Registry Mechanic
2013-10-14 11:52 - 2011-06-20 17:34 - 00000000 ____D C:\Program Files\Giraffic
2013-10-14 11:52 - 2011-06-20 17:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Giraffic
2013-10-14 11:24 - 2011-02-03 11:52 - 00000000 ____D C:\Documents and Settings\XP PRO SP3 User\Application Data\Skype
2013-10-14 11:14 - 2012-04-17 09:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2013-10-14 11:13 - 2009-07-21 11:08 - 00000178 ___SH C:\Documents and Settings\XP PRO SP3 User\ntuser.ini
2013-10-14 11:08 - 2013-10-14 11:08 - 00000000 ____D C:\Documents and Settings\XP PRO SP3 User\Application Data\Anvisoft
2013-10-14 11:07 - 2013-10-14 11:07 - 00001109 _____ C:\Documents and Settings\All Users\Desktop\Anvi AD Blocker.lnk
2013-10-14 11:07 - 2013-10-14 11:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Anvisoft
2013-10-14 11:06 - 2013-10-14 11:06 - 00000837 _____ C:\Documents and Settings\All Users\Desktop\Anvi Smart Defender.lnk
2013-10-14 11:06 - 2013-10-14 11:06 - 00000000 ____D C:\Program Files\Anvisoft
2013-10-14 11:05 - 2009-07-21 11:06 - 00032640 _____ C:\Windows\SchedLgU.Txt
2013-10-14 08:51 - 2013-10-14 08:51 - 00065536 _____ C:\Windows\Minidump\Mini101413-02.dmp
2013-10-14 08:51 - 2013-10-14 07:26 - 131493888 _____ C:\Windows\MEMORY.DMP
2013-10-14 08:51 - 2012-01-18 03:41 - 00000000 ____D C:\Windows\Minidump
2013-10-14 08:49 - 2013-10-14 08:49 - 00065536 _____ C:\Windows\Minidump\Mini101413-01.dmp
2013-10-14 08:33 - 2013-10-14 08:31 - 25679064 _____ C:\asdsetup.exe
2013-10-14 08:11 - 2013-10-14 08:11 - 28311552 _____ C:\Windows\System32\config\software.bhv
2013-10-14 08:11 - 2013-10-14 08:11 - 09961472 _____ C:\Windows\System32\config\system.bhv
2013-10-14 08:11 - 2013-10-14 08:11 - 00786432 _____ C:\Windows\System32\config\default.bhv
2013-10-14 08:11 - 2013-10-14 08:11 - 00077824 _____ C:\Windows\System32\config\SECURITY.bhv
2013-10-14 08:11 - 2013-10-14 08:11 - 00028672 _____ C:\Windows\System32\config\SAM.bhv
2013-10-14 08:11 - 2012-09-21 16:47 - 00000000 ___SD C:\pchelpforum
2013-10-14 08:11 - 2012-07-26 13:39 - 00000000 ____D C:\Program Files\DVD Decrypter
2013-10-14 08:11 - 2009-07-21 11:26 - 00000000 ____D C:\Program Files\PCBugDoctor
2013-10-14 07:33 - 2013-10-14 07:33 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-10-14 02:01 - 2013-10-14 02:01 - 00176128 _____ (Borland Software Corporation) C:\Documents and Settings\All Users\Application Data\lwoijbnb.plz
2013-10-12 14:02 - 2012-06-21 14:00 - 00000386 _____ C:\Windows\System32\AppLog.log
2013-10-09 13:33 - 2013-01-26 09:52 - 00000000 ____D C:\Documents and Settings\XP PRO SP3 User\Desktop\Agas stuff
2013-10-09 12:16 - 2009-07-21 11:00 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-09 12:05 - 2012-11-12 04:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 12:05 - 2009-07-21 11:51 - 00124520 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-09 06:43 - 2013-10-09 06:38 - 00007313 _____ C:\Windows\setupapi.log
2013-10-09 06:43 - 2009-07-21 11:53 - 00502006 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-09 06:41 - 2013-10-09 06:41 - 00129454 _____ C:\Windows\KB2862335.log
2013-10-09 06:41 - 2013-10-09 06:41 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$
2013-10-09 06:41 - 2013-10-09 06:41 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$
2013-10-09 06:41 - 2013-10-09 06:37 - 00040362 _____ C:\Windows\iis6.log
2013-10-09 06:41 - 2013-10-09 06:37 - 00037098 _____ C:\Windows\FaxSetup.log
2013-10-09 06:41 - 2013-10-09 06:37 - 00034020 _____ C:\Windows\ocgen.log
2013-10-09 06:41 - 2013-10-09 06:37 - 00016930 _____ C:\Windows\tsoc.log
2013-10-09 06:41 - 2013-10-09 06:37 - 00012560 _____ C:\Windows\comsetup.log
2013-10-09 06:41 - 2013-10-09 06:37 - 00011436 _____ C:\Windows\msmqinst.log
2013-10-09 06:41 - 2013-10-09 06:37 - 00007596 _____ C:\Windows\ntdtcsetup.log
2013-10-09 06:41 - 2013-10-09 06:37 - 00006498 _____ C:\Windows\netfxocm.log
2013-10-09 06:41 - 2013-10-09 06:37 - 00003093 _____ C:\Windows\updspapi.log
2013-10-09 06:41 - 2013-10-09 06:37 - 00002550 _____ C:\Windows\MedCtrOC.log
2013-10-09 06:41 - 2013-10-09 06:37 - 00001866 _____ C:\Windows\tabletoc.log
2013-10-09 06:41 - 2013-10-09 06:37 - 00001374 _____ C:\Windows\imsins.log
2013-10-09 06:41 - 2013-10-09 06:37 - 00001374 _____ C:\Windows\imsins.BAK
2013-10-09 06:41 - 2013-10-09 02:02 - 00132756 _____ C:\Windows\KB2847311.log
2013-10-09 06:41 - 2013-08-14 15:13 - 00000000 ____D C:\Windows\System32\MRT
2013-10-09 06:39 - 2012-03-06 04:35 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-09 06:38 - 2013-10-09 06:38 - 00009897 _____ C:\Windows\KB2868038.log
2013-10-09 06:38 - 2013-10-09 06:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$
2013-10-09 06:37 - 2013-10-09 06:37 - 00011573 _____ C:\Windows\KB2879017-IE8.log
2013-10-09 06:37 - 2013-10-09 06:37 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$
2013-10-09 06:37 - 2013-10-09 06:37 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$
2013-10-09 06:37 - 2013-10-09 06:37 - 00000000 _____ C:\Windows\setuperr.log
2013-10-09 06:37 - 2013-10-09 06:37 - 00000000 _____ C:\Windows\setupact.log
2013-10-09 06:37 - 2012-03-07 15:46 - 00000000 ____D C:\Windows\ie8updates
2013-10-08 10:53 - 2013-10-08 03:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-08 10:52 - 2012-05-04 01:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-07 02:40 - 2011-08-24 04:38 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-10-06 04:33 - 2011-06-20 14:28 - 00002358 _____ C:\Documents and Settings\XP PRO SP3 User\Desktop\Google Chrome.lnk
2013-10-05 04:16 - 2013-03-30 04:20 - 00000000 ____D C:\Documents and Settings\XP PRO SP3 User\Desktop\Malgosia
2013-10-05 04:04 - 2011-02-02 16:47 - 00047616 _____ C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-05 03:56 - 2011-02-02 15:44 - 00000000 ____D C:\Documents and Settings\XP PRO SP3 User\Application Data\Winamp
2013-10-05 03:55 - 2013-10-05 03:55 - 00010498 _____ C:\Documents and Settings\All Users\Application Data\lpm.dat
2013-10-05 03:47 - 2012-04-17 09:41 - 00154248 _____ (Webroot) C:\Windows\System32\WRusr.dll
2013-10-05 03:47 - 2012-04-17 09:41 - 00117728 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2013-10-01 04:18 - 2013-10-01 04:18 - 00000000 _____ C:\Windows\Sti_Trace.log
2013-10-01 02:46 - 2013-07-20 08:17 - 00000000 ____D C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application Data\BearShare
2013-09-30 15:25 - 2013-09-13 15:25 - 00000063 _____ C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2013-09-30 10:58 - 2013-09-02 12:22 - 00000000 ____D C:\Documents and Settings\XP PRO SP3 User\Desktop\Magna Carta Holy Grail
2013-09-29 14:52 - 2013-09-28 08:49 - 00019647 _____ C:\Documents and Settings\XP PRO SP3 User\My Documents\my presentation aga.odp
2013-09-29 11:54 - 2013-06-10 09:55 - 00000000 ____D C:\Documents and Settings\XP PRO SP3 User\Desktop\print me
2013-09-28 08:42 - 2013-09-28 08:42 - 00017116 _____ C:\Documents and Settings\XP PRO SP3 User\My Documents\my presentation.odp
2013-09-28 02:10 - 2013-09-28 02:10 - 00000000 ____D C:\Documents and Settings\XP PRO SP3 User\Application Data\DDMSettings
2013-09-28 02:09 - 2011-11-06 04:26 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-28 02:09 - 2011-11-06 04:25 - 00000000 ____D C:\Program Files\DivX
2013-09-28 02:09 - 2011-11-06 04:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DivX
2013-09-28 02:07 - 2013-09-28 02:07 - 00000000 _____ C:\END
2013-09-23 18:36 - 2011-02-17 07:43 - 00174592 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
2013-09-23 18:36 - 2011-02-17 07:43 - 00174592 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
2013-09-23 18:36 - 2008-06-19 16:42 - 00174592 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-23 14:33 - 2012-06-13 04:58 - 00522240 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll
2013-09-23 14:33 - 2012-06-13 04:58 - 00522240 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll
2013-09-23 14:33 - 2012-03-07 15:46 - 00743424 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2013-09-23 14:33 - 2012-03-07 15:46 - 00743424 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2013-09-23 14:33 - 2012-03-07 15:46 - 00247808 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2013-09-23 14:33 - 2012-03-07 15:46 - 00247808 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2013-09-23 14:33 - 2012-03-07 15:46 - 00012800 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2013-09-23 14:33 - 2012-03-07 15:46 - 00012800 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2013-09-23 14:33 - 2011-06-16 05:22 - 00759296 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\vgx.dll
2013-09-23 14:33 - 2011-06-16 05:22 - 00759296 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\vgx.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 11113472 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 11113472 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 06017536 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 06017536 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 02006016 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 02006016 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 01469440 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
2013-09-23 14:33 - 2011-02-17 15:00 - 01469440 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
2013-09-23 14:33 - 2011-02-17 15:00 - 01215488 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 01215488 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00920064 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00920064 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00630272 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00630272 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00611840 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00611840 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00387584 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00387584 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00206848 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00206848 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00184320 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00184320 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00105984 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00105984 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00067072 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00067072 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00055296 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00055296 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00025600 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00025600 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\corpol.dll
2013-09-23 14:33 - 2011-02-17 15:00 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\corpol.dll
2013-09-23 14:33 - 2009-07-21 10:57 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-09-23 14:33 - 2009-03-08 00:34 - 00043520 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
2013-09-23 14:33 - 2009-03-08 00:34 - 00043520 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
2013-09-23 14:33 - 2008-06-19 16:42 - 11113472 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-23 14:33 - 2008-06-19 16:42 - 02006016 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-23 14:33 - 2008-06-19 16:42 - 01215488 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-23 14:33 - 2008-06-19 16:42 - 00920064 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-23 14:33 - 2008-06-19 16:42 - 00630272 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-23 14:33 - 2008-06-19 16:42 - 00611840 ____N (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-09-23 14:33 - 2008-06-19 16:42 - 00387584 ____N (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-09-23 14:33 - 2008-06-19 16:42 - 00206848 ____N (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-09-23 14:33 - 2008-06-19 16:42 - 00184320 ____N (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-09-23 14:33 - 2008-06-19 16:42 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-09-23 14:33 - 2008-06-19 16:42 - 00067072 ____N (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-09-23 14:33 - 2008-06-19 16:42 - 00043520 ____N (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-09-23 14:33 - 2008-06-19 16:42 - 00025600 ____N (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-23 14:33 - 2008-06-19 16:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\corpol.dll
2013-09-23 14:33 - 2008-04-14 08:00 - 06017536 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-23 14:33 - 2008-04-14 08:00 - 01469440 ____N (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-09-23 14:06 - 2008-06-19 16:42 - 00385024 ____N (Microsoft Corporation) C:\Windows\System32\html.iec
2013-09-20 04:50 - 2009-07-21 10:59 - 00002577 _____ C:\Windows\System32\CONFIG.NT
2013-09-18 16:08 - 2013-09-18 16:08 - 00094208 _____ (DivX, Inc.) C:\Windows\System32\dpl100.dll
2013-09-18 15:25 - 2013-09-18 15:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Opera
2013-09-18 15:25 - 2013-09-18 15:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Opera
2013-09-18 15:25 - 2013-09-18 15:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-09-18 15:25 - 2013-09-18 15:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\XP PRO SP3 User\Local Settings\Temp\DWPUpgradeInstaller.exe
C:\Documents and Settings\XP PRO SP3 User\Local Settings\Temp\~tmf524035950276485903.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-10-14 07:00 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP833

RP: -> 2013-10-12 13:32 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP832

RP: -> 2013-10-11 11:31 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP831

RP: -> 2013-10-10 11:10 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP830

RP: -> 2013-10-09 06:36 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP829

RP: -> 2013-10-08 11:58 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP828

RP: -> 2013-10-07 03:57 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP827

RP: -> 2013-10-05 15:29 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP826

RP: -> 2013-10-04 14:41 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP825

RP: -> 2013-10-03 02:26 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP824

RP: -> 2013-10-02 01:36 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP823

RP: -> 2013-09-30 15:01 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP822

RP: -> 2013-09-29 13:41 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP821

RP: -> 2013-09-28 12:57 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP820

RP: -> 2013-09-27 12:23 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP819

RP: -> 2013-09-26 05:30 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP818

RP: -> 2013-09-25 04:56 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP817

RP: -> 2013-09-24 04:24 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP816

RP: -> 2013-09-23 01:40 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP815

RP: -> 2013-09-21 16:31 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP814

RP: -> 2013-09-20 14:18 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP813

RP: -> 2013-09-19 04:32 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP812

RP: -> 2013-09-17 16:51 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP811

RP: -> 2013-09-16 11:07 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP810

RP: -> 2013-09-15 08:01 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP809

RP: -> 2013-09-13 16:24 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP808

RP: -> 2013-09-13 05:31 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP807

RP: -> 2013-09-12 03:21 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP806

RP: -> 2013-09-10 14:15 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP805

RP: -> 2013-09-08 07:10 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP804

RP: -> 2013-10-07 13:30 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP803

RP: -> 2013-09-06 12:00 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP802

RP: -> 2013-09-05 11:58 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP801

RP: -> 2013-09-04 11:20 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP800

RP: -> 2013-09-03 10:32 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP799

RP: -> 2013-09-02 07:55 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP798

RP: -> 2013-09-01 07:06 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP797

RP: -> 2013-08-31 06:43 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP796

RP: -> 2013-08-28 06:05 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP795

RP: -> 2013-08-26 10:52 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP794

RP: -> 2013-08-25 09:45 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP793

RP: -> 2013-08-21 03:19 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP792

RP: -> 2013-08-19 04:54 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP791

RP: -> 2013-08-17 15:19 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP790

RP: -> 2013-08-16 14:34 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP789

RP: -> 2013-08-14 15:10 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP788

RP: -> 2013-08-14 05:35 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP787

RP: -> 2013-08-12 16:04 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP786

RP: -> 2013-08-11 15:51 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP785

RP: -> 2013-08-10 15:46 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP784

RP: -> 2013-08-10 15:31 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP783

RP: -> 2013-08-10 14:49 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP782

RP: -> 2013-08-10 05:11 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP781

RP: -> 2013-08-09 04:44 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP780

RP: -> 2013-08-07 15:54 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP779

RP: -> 2013-08-06 15:13 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP778

RP: -> 2013-08-05 14:56 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP777

RP: -> 2013-08-04 11:39 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP776

RP: -> 2013-08-02 15:00 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP775

RP: -> 2013-08-01 14:41 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP774

RP: -> 2013-07-31 13:41 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP773

RP: -> 2013-07-30 13:27 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP772

RP: -> 2013-07-29 13:07 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP771

RP: -> 2013-07-28 12:54 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP770

RP: -> 2013-07-27 08:26 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP769

RP: -> 2013-07-26 04:31 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP768

RP: -> 2013-07-25 04:02 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP767

RP: -> 2013-07-24 01:37 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP766

RP: -> 2013-07-22 06:49 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP765

RP: -> 2013-07-20 14:48 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP764

RP: -> 2013-07-19 13:02 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP763

RP: -> 2013-07-18 12:34 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP762

RP: -> 2013-07-17 10:56 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP761

RP: -> 2013-07-16 10:52 - 028672 _restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP760


==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 3327.23 MB
Available physical RAM: 3056.94 MB
Total Pagefile: 3150.4 MB
Available Pagefile: 3082.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1988.92 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:465.76 GB) (Free:354.71 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HITMANPRO) (Removable) (Total:29.76 GB) (Free:29.75 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 8A248A24)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 46A19EFE)
Partition 1: (Active) - (Size=30 GB) - (Type=0B)

==================== End Of Log ============================
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
On your clean PC, download the following file by right-clicking it and select save as

[attachment=5919]

and save it onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Try to boot normally (remove OTLPE CD). If successful,

Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)


Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select Run as Administrator to start
  • Wait until Prescan has finished, then click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click delete and wait until it saids deleting finished
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller+
 

Attachments

  • fixlist.txt
    836 bytes · Views: 130
C

coolraj003

New Member
Thread author
Oct 14, 2013
5
Here is the fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by SYSTEM at 2013-10-14 20:53:44 Run:1
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Startup: C:\Documents and Settings\XP PRO SP3 User\Start Menu\Programs\Startup\bnbjiowl.lnk
ShortcutTarget: bnbjiowl.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\lwoijbnb.plz (Borland Software Corporation)
C:\Documents and Settings\XP PRO SP3 User\Start Menu\Programs\Startup\bnbjiowl.lnk
C:\DOCUME~1\ALLUSE~1\APPLIC~1\lwoijbnb.plz
2013-10-14 02:02 - 2013-10-14 11:55 - 95025368 ____T C:\Documents and Settings\All Users\Application Data\bnbjiowl.pff
2013-10-14 02:02 - 2013-10-14 11:52 - 00000000 _____ C:\Documents and Settings\All Users\Application Data\bnbjiowl.ctrl
2013-10-14 02:01 - 2013-10-14 02:01 - 00176128 _____ (Borland Software Corporation) C:\Documents and Settings\All Users\Application Data\lwoijbnb.plz
C:\Windows\Tasks\At1.job
C:\Documents and Settings\XP PRO SP3 User\Local Settings\Temp\~tmf524035950276485903.dll

*****************

C:\Documents and Settings\XP PRO SP3 User\Start Menu\Programs\Startup\bnbjiowl.lnk => Moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\lwoijbnb.plz => Moved successfully.
"C:\Documents and Settings\XP PRO SP3 User\Start Menu\Programs\Startup\bnbjiowl.lnk" => File/Directory not found.
"C:\DOCUME~1\ALLUSE~1\APPLIC~1\lwoijbnb.plz" => File/Directory not found.
C:\Documents and Settings\All Users\Application Data\bnbjiowl.pff => Moved successfully.
C:\Documents and Settings\All Users\Application Data\bnbjiowl.ctrl => Moved successfully.
"C:\Documents and Settings\All Users\Application Data\lwoijbnb.plz" => File/Directory not found.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Documents and Settings\XP PRO SP3 User\Local Settings\Temp\~tmf524035950276485903.dll => Moved successfully.

==== End of Fixlog ====
 
C

coolraj003

New Member
Thread author
Oct 14, 2013
5
Here are the requested logs.

Raj
 

Attachments

  • mbar-log-2013-10-14 (21-37-55).txt
    2 KB · Views: 73
  • RKreport[0]_D_10142013_220507.txt
    4.7 KB · Views: 106
  • system-log.txt
    34.1 KB · Views: 144
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Please update Malwarebytes antimalware and do a quick scan. Afterwards, please give me an update of your PC.

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
  • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
 

Similar threads

RogueResearch
  • Locked
Random Cloaked virus spreader in memory without knowing (Python , impossible to remove )
Replies
7
Views
763
Windows Malware Removal Help & Support
nasdaq
nasdaq
Shadowkitt10
  • Locked
Browser Keeps Changing to Bing or Yahoo Despite Default Browser Being Different
Replies
5
Views
1,247
Windows Malware Removal Help & Support
nasdaq
nasdaq
pithlyx
    • Like
Advice Request Do I Need an Anti-Malware?
Replies
20
Views
2,372
General Security Discussions
JordanMason8
J

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top