Inactive AVG picks up Trojan Horse Crypt.AQLW
- Thread starter Marshy23
- Start date
- Status
Broni
Posts: 56,041 +516
I suggest you reinstall touchpad drivers.
Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.
Follow all prompts.
Then....
For x86 bit systems please download GrantPerms.zip and save it to your desktop.
For x64 bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:
Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.
Then...
Run OTL
Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.
Follow all prompts.
Then....
For x86 bit systems please download GrantPerms.zip and save it to your desktop.
For x64 bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:
Code:
C:\Windows\$NtUninstallKB30357$Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.
Then...
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\vnxservice.dll -- (wcontrol) SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\scdemu.dll -- (W700mgmt) SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\rvsinst.dll -- (TeamViewer) SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\W700obex.dll -- (ser2pl) SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\wm.dll -- (rxmssync) SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\SE2Dmdfl.dll -- (ovt519) SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\streamloadservice.dll -- (DSI_SiUSBXp_3_1) SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\zebrmdfl.dll -- (ctxcpubal) SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\TPECioCtl.dll -- (CT20XUT.DLL) SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\ScFBPNT3.dll -- (cdvp) SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\U81xobex.dll -- (beatjammusicstreamingserver) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=YzulfBvfy-qnZVnyYp3tNpzpqQs?q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=" [2012/02/06 16:13:46 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O33 - MountPoints2\{07310174-fc51-11de-ae81-001d72edfacb}\Shell - "" = AutoRun O33 - MountPoints2\{07310174-fc51-11de-ae81-001d72edfacb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{a0a596d8-2315-11df-a017-001d72edfacb}\Shell - "" = AutoRun O33 - MountPoints2\{a0a596d8-2315-11df-a017-001d72edfacb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{e8c3efd6-c321-11df-8421-001d72edfacb}\Shell - "" = AutoRun O33 - MountPoints2\{e8c3efd6-c321-11df-8421-001d72edfacb}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a [2012/03/05 18:29:24 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd [2011/05/02 00:10:39 | 000,000,000 | ---- | C] () -- C:\Users\Chloe\AppData\Local\{E9555008-C231-4DDA-BD1C-FA0E1EB64060} :Services :Reg :Files C:\Windows\tasks\At*.job :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
- Re-run OTL "Quick scan" and post new log.
The computer crashes after OTL starts running.
Starting to annoy me now. I'll need my computer for work real soon, any idea how much longer this might take at a guess?
Here's the grantperms log:
GrantPerms by Farbar
Ran by Chloe (administrator) at 2012-03-08 21:45:04
===============================================
\\?\C:\Windows\$NtUninstallKB30357$
Owner: BUILTIN\Administrators
DACL(P)(AI):
NT SERVICE\TrustedInstaller FULL ALLOW container_inherit
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Administrators FULL ALLOW (CI)(OI)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)
STUDENT00060804\Chloe READ/EXECUTE ALLOW (CI)(OI)
Starting to annoy me now. I'll need my computer for work real soon, any idea how much longer this might take at a guess?
Here's the grantperms log:
GrantPerms by Farbar
Ran by Chloe (administrator) at 2012-03-08 21:45:04
===============================================
\\?\C:\Windows\$NtUninstallKB30357$
Owner: BUILTIN\Administrators
DACL(P)(AI):
NT SERVICE\TrustedInstaller FULL ALLOW container_inherit
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Administrators FULL ALLOW (CI)(OI)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)
STUDENT00060804\Chloe READ/EXECUTE ALLOW (CI)(OI)
Broni
Posts: 56,041 +516
I can't tell.
Run OTL fix from safe mode.
Since when you don't have internet connection?
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
Got OTL working however the comp will now not start in normal mode, it just goes to a white screen and freezes.
Logs:
All processes killed
========== OTL ==========
Error: No service named wcontrol was found to stop!
Service\Driver key wcontrol not found.
File C:\Windows\System32\vnxservice.dll not found.
Error: No service named W700mgmt was found to stop!
Service\Driver key W700mgmt not found.
File C:\Windows\System32\scdemu.dll not found.
Error: No service named TeamViewer was found to stop!
Service\Driver key TeamViewer not found.
File C:\Windows\System32\rvsinst.dll not found.
Error: No service named ser2pl was found to stop!
Service\Driver key ser2pl not found.
File C:\Windows\System32\W700obex.dll not found.
Error: No service named rxmssync was found to stop!
Service\Driver key rxmssync not found.
File C:\Windows\System32\wm.dll not found.
Error: No service named ovt519 was found to stop!
Service\Driver key ovt519 not found.
File C:\Windows\System32\SE2Dmdfl.dll not found.
Error: No service named DSI_SiUSBXp_3_1 was found to stop!
Service\Driver key DSI_SiUSBXp_3_1 not found.
File C:\Windows\System32\streamloadservice.dll not found.
Error: No service named ctxcpubal was found to stop!
Service\Driver key ctxcpubal not found.
File C:\Windows\System32\zebrmdfl.dll not found.
Error: No service named CT20XUT.DLL was found to stop!
Service\Driver key CT20XUT.DLL not found.
File C:\Windows\System32\TPECioCtl.dll not found.
Error: No service named cdvp was found to stop!
Service\Driver key cdvp not found.
File C:\Windows\System32\ScFBPNT3.dll not found.
Error: No service named beatjammusicstreamingserver was found to stop!
Service\Driver key beatjammusicstreamingserver not found.
File C:\Windows\System32\U81xobex.dll not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=" removed from keyword.URL
File C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07310174-fc51-11de-ae81-001d72edfacb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07310174-fc51-11de-ae81-001d72edfacb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07310174-fc51-11de-ae81-001d72edfacb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07310174-fc51-11de-ae81-001d72edfacb}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0a596d8-2315-11df-a017-001d72edfacb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0a596d8-2315-11df-a017-001d72edfacb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0a596d8-2315-11df-a017-001d72edfacb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0a596d8-2315-11df-a017-001d72edfacb}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8c3efd6-c321-11df-8421-001d72edfacb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8c3efd6-c321-11df-8421-001d72edfacb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8c3efd6-c321-11df-8421-001d72edfacb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8c3efd6-c321-11df-8421-001d72edfacb}\ not found.
File F:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
File C:\Windows\System32\dds_trash_log.cmd not found.
File C:\Users\Chloe\AppData\Local\{E9555008-C231-4DDA-BD1C-FA0E1EB64060} not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Windows\tasks\At*.job not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Chloe
->Temp folder emptied: 652808286 bytes
->Temporary Internet Files folder emptied: 3174521 bytes
->Java cache emptied: 51302 bytes
->FireFox cache emptied: 43194178 bytes
->Google Chrome cache emptied: 24220246 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2100 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 75 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Tom
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36397825 bytes
RecycleBin emptied: 96934209 bytes
Total Files Cleaned = 817.00 mb
[EMPTYJAVA]
User: All Users
User: Chloe
->Java cache emptied: 0 bytes
User: Default
User: Default User
User: Public
User: Tom
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Chloe
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: Tom
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.35.1 log created on 03082012_225451
===================================================
Farbar Service Scanner Version: 01-03-2012
Ran by Chloe (administrator) on 08-03-2012 at 22:53:17
Running from "C:\Users\Chloe\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
tdx Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open tdx registry key. The service key does not exist.
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-01-21 02:33] - [2008-01-21 02:33] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D
C:\Windows\system32\Drivers\afd.sys
[2011-06-17 18:44] - [2011-04-21 13:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-14 17:08] - [2010-06-16 15:55] - 0902032 ____A (Microsoft Corporation) 6216A954ED7045B62880A92D6C9B9FC7
C:\Windows\system32\dnsrslvr.dll
[2011-04-12 23:02] - [2011-03-02 14:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D
C:\Windows\system32\mpssvc.dll
[2008-01-21 02:34] - [2008-01-21 02:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B
C:\Windows\system32\bfe.dll
[2010-08-14 17:08] - [2010-06-16 15:09] - 0328704 ____A (Microsoft Corporation) D3E6D78285529962349A7F1617035938
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-21 02:33] - [2008-01-21 02:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23
C:\Windows\system32\wscsvc.dll
[2008-01-21 02:33] - [2008-01-21 02:33] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C
C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-21 02:34] - [2008-01-21 02:34] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-21 02:34] - [2008-01-21 02:34] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D
C:\Windows\system32\es.dll
[2008-12-21 02:42] - [2008-12-21 02:42] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465
C:\Windows\system32\cryptsvc.dll
[2008-01-21 02:34] - [2008-01-21 02:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-16 19:11] - [2009-03-03 04:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830
**** End of log ****
Logs:
All processes killed
========== OTL ==========
Error: No service named wcontrol was found to stop!
Service\Driver key wcontrol not found.
File C:\Windows\System32\vnxservice.dll not found.
Error: No service named W700mgmt was found to stop!
Service\Driver key W700mgmt not found.
File C:\Windows\System32\scdemu.dll not found.
Error: No service named TeamViewer was found to stop!
Service\Driver key TeamViewer not found.
File C:\Windows\System32\rvsinst.dll not found.
Error: No service named ser2pl was found to stop!
Service\Driver key ser2pl not found.
File C:\Windows\System32\W700obex.dll not found.
Error: No service named rxmssync was found to stop!
Service\Driver key rxmssync not found.
File C:\Windows\System32\wm.dll not found.
Error: No service named ovt519 was found to stop!
Service\Driver key ovt519 not found.
File C:\Windows\System32\SE2Dmdfl.dll not found.
Error: No service named DSI_SiUSBXp_3_1 was found to stop!
Service\Driver key DSI_SiUSBXp_3_1 not found.
File C:\Windows\System32\streamloadservice.dll not found.
Error: No service named ctxcpubal was found to stop!
Service\Driver key ctxcpubal not found.
File C:\Windows\System32\zebrmdfl.dll not found.
Error: No service named CT20XUT.DLL was found to stop!
Service\Driver key CT20XUT.DLL not found.
File C:\Windows\System32\TPECioCtl.dll not found.
Error: No service named cdvp was found to stop!
Service\Driver key cdvp not found.
File C:\Windows\System32\ScFBPNT3.dll not found.
Error: No service named beatjammusicstreamingserver was found to stop!
Service\Driver key beatjammusicstreamingserver not found.
File C:\Windows\System32\U81xobex.dll not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=" removed from keyword.URL
File C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07310174-fc51-11de-ae81-001d72edfacb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07310174-fc51-11de-ae81-001d72edfacb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07310174-fc51-11de-ae81-001d72edfacb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07310174-fc51-11de-ae81-001d72edfacb}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0a596d8-2315-11df-a017-001d72edfacb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0a596d8-2315-11df-a017-001d72edfacb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0a596d8-2315-11df-a017-001d72edfacb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0a596d8-2315-11df-a017-001d72edfacb}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8c3efd6-c321-11df-8421-001d72edfacb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8c3efd6-c321-11df-8421-001d72edfacb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8c3efd6-c321-11df-8421-001d72edfacb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8c3efd6-c321-11df-8421-001d72edfacb}\ not found.
File F:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
File C:\Windows\System32\dds_trash_log.cmd not found.
File C:\Users\Chloe\AppData\Local\{E9555008-C231-4DDA-BD1C-FA0E1EB64060} not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Windows\tasks\At*.job not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Chloe
->Temp folder emptied: 652808286 bytes
->Temporary Internet Files folder emptied: 3174521 bytes
->Java cache emptied: 51302 bytes
->FireFox cache emptied: 43194178 bytes
->Google Chrome cache emptied: 24220246 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2100 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 75 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Tom
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36397825 bytes
RecycleBin emptied: 96934209 bytes
Total Files Cleaned = 817.00 mb
[EMPTYJAVA]
User: All Users
User: Chloe
->Java cache emptied: 0 bytes
User: Default
User: Default User
User: Public
User: Tom
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Chloe
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: Tom
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.35.1 log created on 03082012_225451
===================================================
Farbar Service Scanner Version: 01-03-2012
Ran by Chloe (administrator) on 08-03-2012 at 22:53:17
Running from "C:\Users\Chloe\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
tdx Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open tdx registry key. The service key does not exist.
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-01-21 02:33] - [2008-01-21 02:33] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D
C:\Windows\system32\Drivers\afd.sys
[2011-06-17 18:44] - [2011-04-21 13:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-14 17:08] - [2010-06-16 15:55] - 0902032 ____A (Microsoft Corporation) 6216A954ED7045B62880A92D6C9B9FC7
C:\Windows\system32\dnsrslvr.dll
[2011-04-12 23:02] - [2011-03-02 14:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D
C:\Windows\system32\mpssvc.dll
[2008-01-21 02:34] - [2008-01-21 02:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B
C:\Windows\system32\bfe.dll
[2010-08-14 17:08] - [2010-06-16 15:09] - 0328704 ____A (Microsoft Corporation) D3E6D78285529962349A7F1617035938
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-21 02:33] - [2008-01-21 02:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23
C:\Windows\system32\wscsvc.dll
[2008-01-21 02:33] - [2008-01-21 02:33] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C
C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-21 02:34] - [2008-01-21 02:34] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-21 02:34] - [2008-01-21 02:34] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D
C:\Windows\system32\es.dll
[2008-12-21 02:42] - [2008-12-21 02:42] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465
C:\Windows\system32\cryptsvc.dll
[2008-01-21 02:34] - [2008-01-21 02:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-16 19:11] - [2009-03-03 04:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830
**** End of log ****
Broni
Posts: 56,041 +516
Re-run OTL one more time.
Use the following settings:
Use the following settings:
- Click the NONE button
- Under Custom Scans/Fixes paste:
Code:
/md5start
dfsc.sys
tdx.sys
consrv.dll
winsrv.dll
dnsapi.dll
dnsrslvr.dll
ipsec.sys
/md5stop- Finally hit Run Scan and wait for the log to open.
- Please post the content of the log into your next reply.
- Status
Similar threads
Latest posts
-
What should i do?- bruno167573 replied
-
Ryzen 7 5800X3D vs. Ryzen 7 7800X3D, Ryzen 9 7900X3D and 7950X3D- Lew Zealand replied
-
AMD Radeon RX 5700 XT Revisit: How Does It Compare Against the 7700 XT?- i like foxes replied
