trz.tmp trojan

View previous topic View next topic Go down

trz.tmp trojan

Post by sahar.84niknam on Tue 08 Feb 2011, 11:48 pm

when i wanted to access my folders it gives me the message that access denied and turned the folders to exe files then my anti-virus Avira gave me the message that some infected files has been found and removed them,
a lot of my files has been removed during this process I can,t see them in my drives but I can,t open and view them through other programs I run the avast anti-virus it showed me the trz.tmp files in all the folders I scanned my pc and I found near 556 trz.tmp files and avast just could delete them now I think these files has removed comletely but I can,t view my folders and files in my windows explorer,can any one help me how to fix it?
thanks

sahar.84niknam

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-02-08
Operating System : windows 7

View user profile

Back to top Go down

Re: trz.tmp trojan

Post by Belahzur on Wed 09 Feb 2011, 12:32 pm

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trz.tmp trojan

Post by sahar.84niknam on Thu 10 Feb 2011, 10:04 pm

EXTRAS.txt



OTL Extras logfile created on: 2/10/2011 2:53:53 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Sahar\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43.71 Gb Total Space | 7.48 Gb Free Space | 17.11% Space Free | Partition Type: NTFS
Drive D: | 17.33 Gb Total Space | 3.61 Gb Free Space | 20.81% Space Free | Partition Type: NTFS
Drive E: | 68.36 Gb Total Space | 50.34 Gb Free Space | 73.64% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 33.73 Gb Free Space | 69.09% Space Free | Partition Type: NTFS
Drive G: | 54.66 Gb Total Space | 39.16 Gb Free Space | 71.65% Space Free | Partition Type: NTFS

Computer Name: SAHAR-PC | User Name: Sahar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "G:\Program Files\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "G:\Program Files\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- G:\PROGRA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033B535A-1AFF-435D-B8D9-B0B83A800569}" = Microsoft SQL Server 2008 Full text search
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0E837AF0-4C92-4077-83F0-D022073F17C0}" = Microsoft Expression Blend 3 SDK
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11F7CDC1-2E99-413E-BF08-CABDA5436448}" = EMS SQL Manager 2010 for MySQL
"{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}" = Microsoft SQL Server 2005
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20023494-704C-4336-902A-B1E7D92DE61B}" = Microsoft ASP.NET MVC 2 - Visual Studio 2008 Tools
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{23F70562-02F4-4805-ACF5-6E52BAD167C2}" = Microsoft SQL Server 2008 Reporting Services
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{275ABBA2-4817-4443-9AB8-ED43CA9AAA17}" = Microsoft SQL Server 2008 BI Development Studio
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{37E9AD9F-3217-4229-B5A5-7A0C82364C6C}" = Microsoft SQL Server 2005 Notification Services
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3EB745BA-194F-4475-9164-B20BB2172395}" = Adobe Photoshop CS5
"{3F526CE7-C3D1-4742-B32C-28CA34081EB6}_is1" = Puff 0.03x
"{40F34A1C-65A2-4163-98CE-A0D0646CABEF}" = Microsoft SQL Server 2008 Integration Services
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{44F7BA74-C11A-49FC-B2FC-1B827C491F74}" = Microsoft Expression Studio 3
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{49E98741-B7A4-4A44-A536-6AFCA23106FE}" = Microsoft SQL Server 2008 Reporting Services
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4D28EFCF-5999-44D2-8D4E-AC643E76C33F}" = Microsoft SQL Server 2008 Client Tools
"{531BC138-F1F7-496B-879C-F039ECEF438D}" = Adobe Photoshop Lightroom 2
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{60D46DEE-5221-47AA-B978-BA25C5D9F560}" = Microsoft SQL Server 2008 Client Tools
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67A339E5-D8AA-4E88-9278-A571B397F798}" = Babylon Toolbar
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{80C06CCD-7D07-3DB6-86CD-B57B3F0614D8}" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ABA2354-20F6-480F-A4C5-63B30DBC6B20}" = EMS SQL Manager 2007 Lite for MySQL
"{8ABF8FEB-ABB0-40DC-9945-85AF36EF30A9}" = Microsoft SQL Server 2005 Analysis Services
"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{A3AE00F6-6F6D-4F5E-83F8-2E098BA38F5D}" = Microsoft SQL Server 2008 Analysis Services
"{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}" = Microsoft Expression Blend 3
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC54DC1F-EDA7-448C-BA4C-218A92F5E985}" = Microsoft SQL Server 2008 BI Development Studio
"{AEB03FAF-90EB-4B4F-BA32-9C4DDE2C9804}" = Microsoft SQL Server 2008 Integration Services
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B7618997-1B89-4680-A39B-342BBEF8E0D6}_is1" = FreeVPN v3.20
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BF06BEBB-2C47-4D9F-AB6F-07C07EB54F09}_is1" = Wondershare PDF to Word (Build 2.0.0)
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C89B00A2-B72A-4935-96FC-38796E9554EC}" = Microsoft Sync Services for ADO.NET v2.0 (x86)
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{CE97E5F6-DA28-5C2E-D7C5-A960DC755899}" = Zoosk Messenger
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{E2A1E774-8D7B-487A-8AF7-0120ED348963}" = EMS SQL Manager 2010 for SQL Server
"{E32893AD-98EF-4E55-9E8B-2A103944AC88}" = Microsoft SQL Server 2008 Analysis Services
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9980014-BE11-4891-A5F4-0F2917B856BC}" = Microsoft Expression Design 3
"{EB3F5C2A-0754-38B8-8722-7B537006BF46}" = Microsoft Visual Studio 2008 Performance Collection Tools - ENU
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}" = Microsoft SQL Server 2005 Integration Services
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F73340A9-8AA9-49C4-937E-E271B837056C}" = Microsoft Expression Encoder 3
"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Babylon" = Babylon
"Blend_3.0.1927.0" = Microsoft Expression Blend 3
"Brothersoft Toolbar" = Brothersoft Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"Design_6.0.1739.0" = Microsoft Expression Design 3
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.8.1 Home Edition
"Easy Watermarker" = Easy Watermarker 2.0
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressionStudio_3.0.1061.0" = Microsoft Expression Studio 3
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Standard)
"Logo Design Studio Trial 3.5.2" = Logo Design Studio Trial
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2000 (SAHAR)" = Microsoft SQL Server 2000 (SAHAR)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio Team System 2008 Team Suite - ENU" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"MRT Windows" = MRT Windows
"SmileyCentralIE_1wbar Uninstall" = SmileyCentral
"The KMPlayer" = The KMPlayer (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Web_3.0.1762.0" = Microsoft Expression Web 3
"Windows Vista (Farsi Fonts -Nastaliq-Keyboard)_is1" = Windows Vista Fonts
"Windows XP Farsi Pack (Armin)_is1" = Windows XP Farsi Pack (Armin)
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Your_Deploy_0" = Your Freedom (JET)
"Your_Deploy_1" = Your Freedom 20100503-02
"Zend Studio - 7.2.0" = Zend Studio - 7.2.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/21/2010 1:58:53 AM | Computer Name = Sahar-PC | Source = Report Server Windows Service (LOCAL) | ID = 107
Description = Report Server Windows Service (LOCAL) cannot connect to the report
server database.

Error - 10/21/2010 10:13:07 AM | Computer Name = Sahar-PC | Source = Report Server Windows Service (LOCAL) | ID = 107
Description = Report Server Windows Service (LOCAL) cannot connect to the report
server database.

Error - 10/21/2010 10:13:08 AM | Computer Name = Sahar-PC | Source = Report Server Windows Service (LOCAL) | ID = 107
Description = Report Server Windows Service (LOCAL) cannot connect to the report
server database.

Error - 10/21/2010 3:19:25 PM | Computer Name = Sahar-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 10/22/2010 6:27:31 AM | Computer Name = Sahar-PC | Source = Report Server Windows Service (LOCAL) | ID = 107
Description = Report Server Windows Service (LOCAL) cannot connect to the report
server database.

Error - 10/22/2010 6:27:31 AM | Computer Name = Sahar-PC | Source = Report Server Windows Service (LOCAL) | ID = 107
Description = Report Server Windows Service (LOCAL) cannot connect to the report
server database.

Error - 10/22/2010 2:58:44 PM | Computer Name = Sahar-PC | Source = Report Server Windows Service (LOCAL) | ID = 107
Description = Report Server Windows Service (LOCAL) cannot connect to the report
server database.

Error - 10/23/2010 9:22:04 AM | Computer Name = Sahar-PC | Source = Report Server Windows Service (LOCAL) | ID = 107
Description = Report Server Windows Service (LOCAL) cannot connect to the report
server database.

Error - 10/23/2010 9:22:04 AM | Computer Name = Sahar-PC | Source = Report Server Windows Service (LOCAL) | ID = 107
Description = Report Server Windows Service (LOCAL) cannot connect to the report
server database.

Error - 10/23/2010 5:16:27 PM | Computer Name = Sahar-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: fb4 Start Time:
01cb72f1c3983b15 Termination Time: 20 Application Path: C:\Users\Sahar\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: ca3d4515-deea-11df-81f3-001eecda6ea7

[ System Events ]
Error - 9/17/2010 2:54:27 PM | Computer Name = Sahar-PC | Source = Schannel | ID = 36882
Description = The certificate received from the remote server was issued by an untrusted
certificate authority. Because of this, none of the data contained in the certificate
can be validated. The SSL connection request has failed. The attached data contains
the server certificate.

Error - 9/17/2010 3:21:34 PM | Computer Name = Sahar-PC | Source = Service Control Manager | ID = 7003
Description = The SQL Server FullText Search (MSSQLSERVER) service depends the following
service: NTLMSSP. This service might not be installed.

Error - 9/18/2010 3:00:39 AM | Computer Name = Sahar-PC | Source = Service Control Manager | ID = 7003
Description = The SQL Server FullText Search (MSSQLSERVER) service depends the following
service: NTLMSSP. This service might not be installed.

Error - 9/18/2010 10:30:27 AM | Computer Name = Sahar-PC | Source = Service Control Manager | ID = 7003
Description = The SQL Server FullText Search (MSSQLSERVER) service depends the following
service: NTLMSSP. This service might not be installed.

Error - 9/18/2010 1:16:36 PM | Computer Name = Sahar-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 9/19/2010 1:00:27 AM | Computer Name = Sahar-PC | Source = Service Control Manager | ID = 7003
Description = The SQL Server FullText Search (MSSQLSERVER) service depends the following
service: NTLMSSP. This service might not be installed.

Error - 9/20/2010 2:12:21 AM | Computer Name = Sahar-PC | Source = Service Control Manager | ID = 7003
Description = The SQL Server FullText Search (MSSQLSERVER) service depends the following
service: NTLMSSP. This service might not be installed.

Error - 9/20/2010 1:28:50 PM | Computer Name = Sahar-PC | Source = Service Control Manager | ID = 7003
Description = The SQL Server FullText Search (MSSQLSERVER) service depends the following
service: NTLMSSP. This service might not be installed.

Error - 9/21/2010 11:23:24 AM | Computer Name = Sahar-PC | Source = Service Control Manager | ID = 7003
Description = The SQL Server FullText Search (MSSQLSERVER) service depends the following
service: NTLMSSP. This service might not be installed.

Error - 9/22/2010 10:01:39 AM | Computer Name = Sahar-PC | Source = Service Control Manager | ID = 7003
Description = The SQL Server FullText Search (MSSQLSERVER) service depends the following
service: NTLMSSP. This service might not be installed.


< End of report >


sahar.84niknam

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-02-08
Operating System : windows 7

View user profile

Back to top Go down

Re: trz.tmp trojan

Post by sahar.84niknam on Thu 10 Feb 2011, 10:05 pm

OTL.txt


OTL logfile created on: 2/10/2011 2:53:40 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Sahar\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43.71 Gb Total Space | 7.48 Gb Free Space | 17.11% Space Free | Partition Type: NTFS
Drive D: | 17.33 Gb Total Space | 3.61 Gb Free Space | 20.81% Space Free | Partition Type: NTFS
Drive E: | 68.36 Gb Total Space | 50.34 Gb Free Space | 73.64% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 33.73 Gb Free Space | 69.09% Space Free | Partition Type: NTFS
Drive G: | 54.66 Gb Total Space | 39.16 Gb Free Space | 71.65% Space Free | Partition Type: NTFS

Computer Name: SAHAR-PC | User Name: Sahar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/10 02:52:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sahar\Desktop\OTL.exe
PRC - [2011/02/10 01:37:40 | 000,094,208 | ---- | M] (MRT [You must be registered and logged in to see this link.] -- C:\Users\Sahar\AppData\Local\Temp\MMBPlayer\Keychng.exe
PRC - [2011/01/19 10:51:41 | 000,142,336 | ---- | M] () -- C:\Program Files\ZooskMessenger\ZooskMessenger.exe
PRC - [2011/01/16 10:40:25 | 000,028,766 | ---- | M] (SmileyCentral) -- C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbarsvc.exe
PRC - [2011/01/16 10:40:25 | 000,020,480 | ---- | M] (SmileyCentral) -- C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbrmon.exe
PRC - [2011/01/13 00:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 00:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/11 07:07:02 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/11 07:07:02 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/11 07:07:02 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/28 18:12:54 | 002,511,872 | ---- | M] (TheFreeVPN) -- C:\Program Files\FreeVPN\FreeVPN.exe
PRC - [2010/01/14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 17:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/02/03 08:17:48 | 000,891,904 | ---- | M] (Babylon Ltd.) -- C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
PRC - [2008/08/29 18:06:21 | 000,634,368 | ---- | M] (Google Inc.) -- C:\Users\Sahar\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2007/01/01 13:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/10/26 23:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Office12\GrooveMonitor.exe
PRC - [2000/08/06 00:50:20 | 007,442,493 | ---- | M] (Microsoft Corporation) -- g:\MSSQL$SAHAR\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2011/02/10 02:52:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sahar\Desktop\OTL.exe
MOD - [2011/01/16 10:40:25 | 000,024,576 | ---- | M] (SmileyCentral) -- C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbrstub.dll
MOD - [2011/01/13 00:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2009/07/13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 17:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 17:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 17:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/02/03 08:17:48 | 000,178,176 | ---- | M] (Babylon Ltd.) -- C:\Program Files\Babylon\Babylon-Pro\captlib.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/16 10:40:25 | 000,028,766 | ---- | M] (SmileyCentral) [Auto | Running] -- C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbarsvc.exe -- (SmileyCentralIE_1wService)
SRV - [2011/01/13 00:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/11 07:07:02 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/11 07:07:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 17:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008/07/29 12:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2006/10/26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Program Files\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2000/08/06 00:50:20 | 007,442,493 | ---- | M] (Microsoft Corporation) [Auto | Running] -- g:\MSSQL$SAHAR\Binn\sqlservr.exe -- (MSSQL$SAHAR)
SRV - [2000/08/06 00:50:18 | 000,303,170 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- g:\MSSQL$SAHAR\Binn\sqlagent.exe -- (SQLAgent$SAHAR)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 00:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 00:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 00:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 00:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 00:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/25 09:42:19 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/11 07:07:02 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/02/23 10:51:14 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 10:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/11/20 14:26:50 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/07/13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 17:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 17:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 17:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 17:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 17:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 17:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 17:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 15:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 15:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 15:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 15:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 14:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 14:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 14:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/10 13:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/07/10 01:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2007/09/04 15:53:34 | 000,055,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys -- (VSPerfDrv90)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 BE 6E B0 32 F5 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {339a0dff-d9af-439b-92bc-636220fb3dae} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll (SmileyCentral)
IE - HKCU\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080



O1 HOSTS File: ([2010/12/02 07:25:16 | 000,001,306 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 f***.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O2 - BHO: (Toolbar BHO) - {55cde9e7-696c-47c4-8e21-7210b8aeb103} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll (SmileyCentral)
O2 - BHO: (Search Assistant BHO) - {5ed22e89-62fa-47ec-bd8d-374d849d436c} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll (SmileyCentral)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - E:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\Zend Studio - 7.2.0\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O3 - HKLM\..\Toolbar: (Babylon) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - File not found
O3 - HKLM\..\Toolbar: (SmileyCentral) - {d3ca5551-fc2e-4d09-8ece-263607acf9fc} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll (SmileyCentral)
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Babylon) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] G:\Program Files\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MRTKBDFA] C:\Windows\KeyChanger.exe (MRT [You must be registered and logged in to see this link.] )
O4 - HKLM..\Run: [SmileyCentralIE_1w Browser Plugin Loader] C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbrmon.exe (SmileyCentral)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [FreeVPN] C:\Program Files\FreeVPN\FreeVPN.exe (TheFreeVPN)
O4 - HKCU..\Run: [Messenger (Yahoo!)] E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Sahar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files\ZooskMessenger\ZooskMessenger.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableQuickReboot = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Zend Studio - Debug current page - C:\Program Files\Zend\Zend Studio - 7.2.0\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O8 - Extra context menu item: Zend Studio - Debug next page - C:\Program Files\Zend\Zend Studio - 7.2.0\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\Zend Studio - 7.2.0\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O9 - Extra 'Tools' menuitem : Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\Program Files\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/10 02:52:42 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Sahar\Desktop\OTL.exe
[2011/02/09 01:35:55 | 000,000,000 | ---D | C] -- C:\Users\Sahar\Desktop\New folder
[2011/02/07 23:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/02/07 23:58:12 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/07 23:58:11 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/07 23:58:09 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/07 23:58:08 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/07 23:58:04 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/07 23:55:45 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/07 23:55:45 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/07 23:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/02/07 23:55:42 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/02/07 23:07:15 | 000,000,000 | ---D | C] -- C:\Users\Sahar\AppData\Roaming\Avira
[2011/02/07 02:19:45 | 000,000,000 | -HSD | C] -- C:\New Folder
[2011/02/07 00:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maryam
[2011/02/06 02:12:21 | 000,000,000 | ---D | C] -- C:\Users\Sahar\Desktop\WEBDESIGN
[2011/01/28 00:42:06 | 000,000,000 | -HSD | C] -- C:\f2
[2011/01/28 00:41:56 | 000,000,000 | -HSD | C] -- C:\f`
[2011/01/26 10:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\MaryamSoft
[2011/01/26 10:59:38 | 000,000,000 | ---D | C] -- C:\Windows\Qalam
[2011/01/20 10:43:35 | 000,000,000 | ---D | C] -- C:\Users\Sahar\Documents\Adobe Scripts
[2011/01/20 07:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/01/20 07:15:09 | 000,000,000 | -HSD | C] -- C:\myAdobe
[2011/01/19 10:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\ZooskMessenger
[2011/01/16 10:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\SmileyCentralIE_1w
[2011/01/16 10:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\SmileyCentral_1vEI
[2011/01/11 04:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk
[2011/01/11 04:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Google

========== Files - Modified Within 30 Days ==========

[2011/02/10 02:52:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sahar\Desktop\OTL.exe
[2011/02/10 02:34:40 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/10 02:34:40 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/10 01:38:03 | 000,001,005 | ---- | M] () -- C:\Users\Sahar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
[2011/02/10 01:31:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/10 01:31:44 | 2360,881,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/09 10:57:09 | 000,054,492 | ---- | M] () -- C:\Users\Sahar\.ems.cfg
[2011/02/09 03:20:43 | 000,002,544 | ---- | M] () -- C:\Users\Sahar\Desktop\UserStyleSheet.css
[2011/02/08 15:52:36 | 007,349,737 | ---- | M] () -- C:\Users\Sahar\Desktop\xpico.rar
[2011/02/08 15:01:12 | 000,001,456 | ---- | M] () -- C:\Users\Sahar\AppData\Local\Adobe Save for Web 12.0 Prefs ME
[2011/02/07 23:58:13 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/07 23:58:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/07 23:52:32 | 058,557,984 | ---- | M] () -- C:\Users\Sahar\Desktop\setup_av_free.exe
[2011/02/07 23:00:28 | 001,005,622 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/07 23:00:28 | 000,269,306 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/29 13:47:10 | 000,000,007 | ---- | M] () -- C:\Windows\System32\kbdhook.dat
[2011/01/28 00:40:48 | 000,008,714 | ---- | M] () -- C:\exs.xlsx
[2011/01/26 10:10:59 | 004,231,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/21 11:29:48 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Lightroom 2.lnk
[2011/01/13 00:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/13 00:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/01/13 00:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/01/13 00:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/01/13 00:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/01/13 00:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/01/13 00:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/02/09 11:48:25 | 000,002,544 | ---- | C] () -- C:\Users\Sahar\Desktop\UserStyleSheet.css
[2011/02/08 15:52:52 | 007,349,737 | ---- | C] () -- C:\Users\Sahar\Desktop\xpico.rar
[2011/02/07 23:58:13 | 000,002,001 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/07 23:33:13 | 058,557,984 | ---- | C] () -- C:\Users\Sahar\Desktop\setup_av_free.exe
[2011/01/29 14:14:34 | 000,001,456 | ---- | C] () -- C:\Users\Sahar\AppData\Local\Adobe Save for Web 12.0 Prefs ME
[2011/01/29 13:47:10 | 000,000,007 | ---- | C] () -- C:\Windows\System32\kbdhook.dat
[2011/01/28 00:40:48 | 000,008,714 | ---- | C] () -- C:\exs.xlsx
[2011/01/20 10:38:52 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011/01/20 10:37:59 | 000,001,083 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/01/20 10:37:32 | 000,001,176 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/01/20 10:35:09 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/01/20 10:34:59 | 000,001,433 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/01/20 10:33:58 | 000,000,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2010/12/30 10:15:26 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/06/13 22:30:38 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/06/13 22:30:38 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/06/13 22:30:38 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/05/07 14:01:06 | 000,160,914 | ---- | C] () -- C:\Users\Sahar\AppData\Local\debuggee.mdmp
[2010/04/06 09:10:06 | 000,000,520 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/06 03:03:40 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/04/06 03:03:40 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/04/06 03:03:38 | 000,162,304 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010/04/06 03:03:32 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

< End of report >


sahar.84niknam

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-02-08
Operating System : windows 7

View user profile

Back to top Go down

Re: trz.tmp trojan

Post by sahar.84niknam on Thu 10 Feb 2011, 10:06 pm

thanks,these are the files that are created by the OTL ,I can,t see my files and some other files has been become hidden too,please tell me what to do?

sahar.84niknam

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-02-08
Operating System : windows 7

View user profile

Back to top Go down

Re: trz.tmp trojan

Post by Belahzur on Fri 11 Feb 2011, 10:55 am

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2011/02/10 01:37:40 | 000,094,208 | ---- | M] (MRT [You must be registered and logged in to see this link.] -- C:\Users\Sahar\AppData\Local\Temp\MMBPlayer\Keychng.exe

    :commands
    [emptytemp]
    [resethosts]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trz.tmp trojan

Post by sahar.84niknam on Fri 11 Feb 2011, 8:23 pm

thanks ,it has returned all of my files but they are hidden and the hidden option in properties is disabled how can I fix it?

sahar.84niknam

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-02-08
Operating System : windows 7

View user profile

Back to top Go down

Re: trz.tmp trojan

Post by Belahzur on Sat 12 Feb 2011, 5:29 am

Hello.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trz.tmp trojan

Post by sahar.84niknam on Sat 19 Feb 2011, 6:29 am

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5801

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/18/2011 11:02:57 AM
mbam-log-2011-02-18 (11-02-57).txt

Scan type: Quick scan
Objects scanned: 168429
Time elapsed: 9 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MRXCLS (Rootkit.TmpHider) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MRXNET (Rootkit.TmpHider) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\inf\mdmcpq3.PNF (Rootkit.TmpHider) -> Quarantined and deleted successfully.
c:\Windows\inf\mdmeric3.PNF (Rootkit.TmpHider) -> Quarantined and deleted successfully.
c:\Windows\inf\oem6C.PNF (Rootkit.TmpHider) -> Quarantined and deleted successfully.
c:\Windows\inf\oem7A.PNF (Rootkit.TmpHider) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.



sahar.84niknam

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-02-08
Operating System : windows 7

View user profile

Back to top Go down

Re: trz.tmp trojan

Post by sahar.84niknam on Sat 19 Feb 2011, 6:30 am

still the folders are hidden

sahar.84niknam

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-02-08
Operating System : windows 7

View user profile

Back to top Go down

Re: trz.tmp trojan

Post by Belahzur on Sat 19 Feb 2011, 12:49 pm

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trz.tmp trojan

Post by Sponsored content Today at 6:18 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum