[RESOLVED] Is my PC clean?

**Tw@in28** · October 20th, 2013, 09:03 AM

(OTL log continues)

Code:

File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\qs_scan_log.html scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\qs_scan_log.xml scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\qs_scan_log.xsl scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\qs_scan_log.xsl.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\servers.xml scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\servers.xml.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\setuplauncher.exe scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\setuplauncher.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\ThreatScanner.exe scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\ThreatScanner.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\trufos.dll scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\trufos.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\trufos.sys scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\trufos.sys.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\unrar64.dll scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\unrar64.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\update.xml scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\update.xml.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\update_config.xml scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\update_config.xml.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\UserGuide.pdf scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\UserGuide.pdf.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\WPFKickstarter.exe scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\WPFKickstarter.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\WPFKickstarter4.exe scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\WPFKickstarter4.exe.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\wslib.dll scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\wslib.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\wspack.dll scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\wspack.dll.md5 scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\wsutils.dll scheduled to be moved on reboot.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\RarSFX0\wsutils.dll.md5 scheduled to be moved on reboot.
C:\Users\Tw@in 28\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Tw@in 28\AppData\Local\Temp\gziface1.log scheduled to be moved on reboot.
C:\Users\Tw@in 28\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I ran SecurityCheck, and here's the log:

Code:

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Bitdefender Antivirus Free Edition   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 Spybot - Search & Destroy 
 HijackThis 2.0.2    
 Java(TM) 6 Update 29  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.8.800.168  
 Mozilla Firefox (24.0) 
 Mozilla Thunderbird (24.0.) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Bitdefender Antivirus Free Edition gzserv.exe  
 Bitdefender Antivirus Free Edition gziface.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````

I ran Farbar Service Scanner with the provided options, and got this log:

Code:

Farbar Service Scanner Version: 13-09-2013
Ran by Tw@in 28 (administrator) on 20-10-2013 at 11:28:24
Running from "C:\Users\Tw@in 28\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-12 10:20] - [2013-09-14 03:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-12 10:20] - [2013-09-08 04:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

I ran Temp File Cleaner, and got this log:

Code:

Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Tw@in 28
->Temp folder emptied: 51163253 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1015466 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 291 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 0 bytes
Process complete!
 
Total Files Cleaned = 50.00 mb

Lastly, I ran ESET Online Scanner, and deleted the two infections found.
I'm not really sure they were actual threats...as far as I can see, the deleted files were copies of an application I used several years ago, to pack and certify my homebrewed applications in .sis format, for my symbian phone...in any case, I quarantined and deleted both files.
Here's the log:

Code:

D:\Miscuglio\Apps & Drivers\Mobile\newhack\PCSignSis\pcsignsis.exe	Win32/Packed.ASProtect.AAB trojan	cleaned by deleting - quarantined
D:\Miscuglio\Cellulare\PCSignSis\pcsignsis.exe	Win32/Packed.ASProtect.AAB trojan	cleaned by deleting - quarantined

...anything else I need to do?

Thread: [RESOLVED] Is my PC clean?

Thread Tools

Search Thread

Display

Threaded View

Thread Information

Users Browsing this Thread

Posting Permissions