Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan virus' found, deleted but laptop still slow


  • This topic is locked This topic is locked
9 replies to this topic

#1 Xerces

Xerces

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 01 May 2011 - 10:41 AM

I found trojan exploits using malwarebytes and AVG. I deleted them(about 9) and now malwarebytes has stopped working and my laptop is slow.I dont know what the exact virus' were. Here are the logs:

.
DDS (Ver_11-03-05.01) - FAT32x86
Run by Laura at 15:00:59.12 on 01/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
\??\C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Laura\My Documents\Downloads\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sky.com
uWindow Title = Internet Explorer Provided By Sky Broadband
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Page_URL = hxxp://www.sky.com
uInternet Settings,ProxyServer = proxy.resnet.uce.ac.uk:80
uInternet Settings,ProxyOverride = *.resnet.uce.ac.uk;<local>
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\program files\mozilla firefox\plugins\NPSWF32_FlashUtil.exe -p
mRun: [SystemTray] SysTray.Exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [MSN Service] amsnmsgrs.exe
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Win32 Classes
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38570.1179050926
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /app:oe /caller:win9x /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /app:wab /caller:win9x /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\laura\applic~1\mozilla\firefox\profiles\0oqhowwy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\laura\application data\mozilla\firefox\profiles\0oqhowwy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\laura\application data\mozilla\firefox\profiles\0oqhowwy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R? AVG Security Toolbar Service;AVG Security Toolbar Service
R? FCPCMCIA;Freecom Cable II PCMCIA Driver
R? WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? Maestro;ESS Maestro2E Audio Driver (WDM)
S? OBOE;Toshiba FIR Port Type-DO
S? trid3d;trid3d
.
=============== Created Last 30 ================
.
2011-05-01 11:53:53 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-05-01 11:53:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-01 02:03:22 -------- d-----w- c:\windows\ie8updates
2011-04-30 22:41:32 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-04-30 21:56:13 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-04-30 21:51:11 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-04-30 21:43:32 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-04-30 21:40:52 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2011-04-30 21:40:49 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2011-04-30 21:40:41 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-04-30 21:40:40 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-04-30 21:40:39 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-04-30 21:40:37 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-04-30 21:40:36 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-04-30 21:40:27 616960 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-04-30 21:40:19 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-04-30 21:36:01 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-04-30 21:26:01 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-04-30 21:26:01 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-04-30 21:25:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-04-30 21:25:48 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-30 21:25:31 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-30 21:25:25 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-04-30 21:24:32 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-04-30 21:23:38 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-04-30 21:17:49 293376 ------w- c:\windows\system32\browserchoice.exe
2011-04-30 21:04:52 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-04-30 21:00:45 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2011-05-01 11:50:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
1998-12-09 10:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 10:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 10:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 10:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 10:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 10:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL
.
============= FINISH: 15:11:02.75 ===============


GMR LOG:

GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-05-01 16:09:02
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IBM-DARA-212000 rev.AR4OA51A
Running: gmer.exe; Driver: C:\DOCUME~1\Laura\LOCALS~1\Temp\fxtdipoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xFC7F5738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xFC7F57DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xFC7F5878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xFC7F5914]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Laura\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2168] USER32.dll!GetWindowInfo 7E41E77C 5 Bytes JMP 104C7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2168] USER32.dll!TrackPopupMenu 7E4650EE 5 Bytes JMP 104C7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

Thanks for looking.

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:33 PM

Posted 09 May 2011 - 12:17 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Xerces

Xerces
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 10 May 2011 - 08:58 AM

Thanks for the reply. Here are the new dds and gmr logs:

.
DDS (Ver_11-03-05.01) - FAT32x86
Run by Laura at 14:34:18.27 on 10/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.127.41 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Laura\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sky.com
uWindow Title = Internet Explorer Provided By Sky Broadband
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Page_URL = hxxp://www.sky.com
uInternet Settings,ProxyServer = proxy.resnet.uce.ac.uk:80
uInternet Settings,ProxyOverride = *.resnet.uce.ac.uk;<local>
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [SystemTray] SysTray.Exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [MSN Service] amsnmsgrs.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\Osa9.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 4.0\distillr\AcroTray.exe
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Win32 Classes
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38570.1179050926
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /app:oe /caller:win9x /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /app:wab /caller:win9x /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\laura\applic~1\mozilla\firefox\profiles\0oqhowwy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\laura\application data\mozilla\firefox\profiles\0oqhowwy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\laura\application data\mozilla\firefox\profiles\0oqhowwy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-05-01 11:53:53 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-05-01 11:53:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-01 02:31:17 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-05-01 02:03:22 -------- d-----w- c:\windows\ie8updates
2011-05-01 00:24:35 19569 ----a-w- c:\windows\005515_.tmp
2011-04-30 22:41:32 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-04-30 21:56:13 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-04-30 21:51:11 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-04-30 21:43:32 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-04-30 21:40:52 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2011-04-30 21:40:49 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2011-04-30 21:40:41 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-04-30 21:40:40 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-04-30 21:40:39 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-04-30 21:40:37 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-04-30 21:40:36 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-04-30 21:40:27 616960 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-04-30 21:40:19 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-04-30 21:36:01 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-04-30 21:26:01 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-04-30 21:26:01 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-04-30 21:25:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-04-30 21:25:48 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-30 21:25:31 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-30 21:25:25 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-04-30 21:24:32 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-04-30 21:23:38 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-04-30 21:17:49 293376 ------w- c:\windows\system32\browserchoice.exe
2011-04-30 21:04:52 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
.
==================== Find3M ====================
.
2011-05-01 11:50:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
1998-12-09 10:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 10:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 10:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 10:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 10:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 10:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL
.
============= FINISH: 14:36:11.96 ========

Thanks again

Attached Files

  • Attached File  ark.txt   3.04KB   3 downloads
  • Attached File  DDS.txt   9.19KB   1 downloads


#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:33 PM

Posted 12 May 2011 - 10:02 AM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#5 Xerces

Xerces
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 13 May 2011 - 05:32 PM

Hi Shannon, here are the otl logs:

OTL logfile created on: 13/05/2011 23:07:41 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Laura\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

127.00 Mb Total Physical Memory | 9.00 Mb Available Physical Memory | 7.00% Memory free
467.00 Mb Paging File | 113.00 Mb Available in Paging File | 24.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11.23 Gb Total Space | 1.17 Gb Free Space | 10.39% Space Free | Partition Type: FAT32

Computer Name: X5C9T8 | User Name: Laura | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/13 22:44:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laura\My Documents\Downloads\OTL.exe
PRC - [2011/04/22 00:50:34 | 004,316,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgmfapx.exe
PRC - [2011/04/14 17:41:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/17 06:22:00 | 003,384,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgui.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2007/10/30 22:37:22 | 001,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
PRC - [2007/06/13 11:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [1999/03/12 08:07:38 | 000,043,520 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2011/05/13 22:44:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laura\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 15:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)


========== Driver Services (SafeList) ==========

DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
DRV - [2004/08/04 06:32:26 | 000,137,088 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\essm2e.sys -- (Maestro) ESS Maestro2E Audio Driver (WDM)
DRV - [2004/08/04 06:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Belkin\F5D7050v3\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/12/17 12:25:58 | 000,015,417 | R--- | M] (Scientific Atlanta) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WebSTAR.sys -- (WebSTARNdis)
DRV - [2001/11/29 13:07:20 | 000,022,784 | ---- | M] (Freecom Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\FCPCMCIA.sys -- (FCPCMCIA)
DRV - [2001/08/17 12:51:16 | 000,222,336 | ---- | M] (Trident Microsystems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\trid3dm.sys -- (trid3d)
DRV - [2001/08/17 12:10:26 | 000,028,232 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Tos4mo.sys -- (OBOE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-220523388-688789844-1708537768-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKU\S-1-5-21-220523388-688789844-1708537768-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-220523388-688789844-1708537768-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-220523388-688789844-1708537768-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
IE - HKU\S-1-5-21-220523388-688789844-1708537768-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-220523388-688789844-1708537768-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.resnet.uce.ac.uk;<local>
IE - HKU\S-1-5-21-220523388-688789844-1708537768-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.resnet.uce.ac.uk:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2009/04/23 22:36:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2009/04/23 23:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007/01/26 18:54:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/01/26 18:54:26 | 000,000,000 | ---D | M]

[2009/04/23 22:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laura\Application Data\Mozilla\Extensions
[2007/01/26 18:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\0oqhowwy.default\extensions
[2007/09/28 22:13:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\0oqhowwy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/01/26 18:54:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/26 18:55:24 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/01 12:54:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2009/04/23 22:36:48 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2009/04/23 23:00:34 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/05/01 12:51:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 17:41:10 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2006/11/09 15:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2011/05/01 12:50:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2001/08/23 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-19\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-20\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-220523388-688789844-1708537768-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [MSN Service] File not found
O4 - HKU\S-1-5-18..\Run: [MSN Service] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-21-220523388-688789844-1708537768-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38570.1179050926 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Win32 Classes Reg Error: Key error. (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Laura\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Laura\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/06 22:46:10 | 000,000,134 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 12:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/05/01 12:53:52 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/01 12:53:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/01 12:53:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/01 12:53:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/01 03:03:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/04/30 23:41:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/04/30 22:56:13 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/04/30 22:51:11 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/04/30 22:40:49 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2011/04/30 22:36:01 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/04/30 22:26:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/04/30 22:26:01 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/04/30 22:25:48 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/04/30 22:25:25 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/04/30 22:24:32 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/04/30 22:23:38 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2011/04/30 22:17:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2011/04/30 22:04:52 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[1998/12/09 11:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/09 11:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/09 11:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/09 11:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/09 11:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/09 11:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[129 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/13 21:58:02 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/13 21:55:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/13 21:55:48 | 133,681,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/10 12:40:24 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/04 19:22:18 | 000,374,808 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/04 19:22:18 | 000,051,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/04 19:00:54 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2011/05/04 18:58:34 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/01 15:25:30 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\Laura\Desktop\Attach.zip
[2011/05/01 15:24:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Laura\Desktop\New WinZip File.zip
[2011/05/01 12:50:44 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/01 12:50:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/01 12:50:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/01 12:50:44 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/01 12:50:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/01 03:50:20 | 000,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/01 00:30:14 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance-Disk cleanup.job
[2011/04/29 12:45:36 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Laura\Desktop\gmer.exe
[129 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/01 15:25:29 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\Laura\Desktop\Attach.zip
[2011/05/01 15:24:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Laura\Desktop\New WinZip File.zip
[2011/05/01 01:22:51 | 001,296,669 | ---- | C] () -- C:\WINDOWS\sp3.cat
[2011/04/29 12:45:36 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Laura\Desktop\gmer.exe
[2009/04/23 20:05:24 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2009/04/23 20:05:23 | 000,005,224 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2007/12/02 18:06:56 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/01/26 18:55:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/04 17:25:39 | 000,004,281 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/10/01 18:23:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/05/23 19:50:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/11/21 20:46:13 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Laura\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/22 09:46:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/22 09:35:35 | 000,000,912 | ---- | C] () -- C:\WINDOWS\LnkStub.dat
[2005/08/22 09:31:31 | 000,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2005/08/22 09:31:31 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2005/08/22 09:31:31 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2005/08/22 09:31:31 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2005/08/22 09:31:31 | 000,000,909 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/22 09:31:31 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2005/08/22 09:31:31 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2005/08/22 09:31:31 | 000,000,333 | ---- | C] () -- C:\WINDOWS\CMOUSECC.INI
[2005/08/22 09:31:31 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2005/08/22 09:31:31 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/08/22 09:31:31 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/08/22 09:31:31 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2005/08/22 09:31:31 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2005/08/22 09:31:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/08/22 09:31:31 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2005/08/22 09:31:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winfile.ini
[2005/08/22 09:31:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2005/08/22 09:31:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2005/08/22 09:31:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2005/08/22 09:23:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/22 09:11:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/22 09:09:11 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 06:44:12 | 000,348,192 | RH-- | C] () -- C:\WINDOWS\HWINFO.DAT
[2005/08/07 00:36:27 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/08/07 00:36:05 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\PdfPorts.dll
[2005/08/06 23:05:03 | 000,006,550 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.DAT
[2005/08/06 05:05:33 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\VIDEOICO.EXE
[2005/08/06 05:05:32 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\TVICON.EXE
[2005/08/06 05:05:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TRIDHK32.DLL
[2005/08/06 05:05:30 | 000,000,860 | ---- | C] () -- C:\WINDOWS\PANNING.SYS
[2005/08/06 05:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2005/08/04 09:36:44 | 000,016,384 | ---- | C] () -- C:\WINDOWS\MSIMGSIZ.DAT
[2005/08/04 09:30:58 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\CRLP3D.EXE
[2005/08/04 09:29:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.exe
[2005/08/04 09:29:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/08/04 09:28:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lthomol.exe
[2005/08/04 09:21:05 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2001/08/23 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 12:00:00 | 000,374,808 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 12:00:00 | 000,051,044 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 12:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2001/08/23 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/23 03:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[1980/01/01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL

< End of report >

EXTRAS:


OTL Extras logfile created on: 13/05/2011 23:07:47 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Laura\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

127.00 Mb Total Physical Memory | 9.00 Mb Available Physical Memory | 7.00% Memory free
467.00 Mb Paging File | 113.00 Mb Available in Paging File | 24.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11.23 Gb Total Space | 1.17 Gb Free Space | 10.39% Space Free | Partition Type: FAT32

Computer Name: X5C9T8 | User Name: Laura | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-220523388-688789844-1708537768-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
"{A64FF1D4-9CBC-467C-8D11-C1AFAA0B8AFF}" = AVG 2011
"{B8E89E40-984E-11D3-A0DC-00004CE35A6C}" = DiskOnKey
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"AVG" = AVG 2011
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MouseWare" = MouseWare
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Rescue" = Rescue Disk
"Q815021" = Windows XP Hotfix (SP1) Q815021
"Q903235" = Internet Explorer Q903235
"WebSTAR Uninstall" = WebSTAR DPX USB Cable Modem Adapter
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/04/2009 18:36:05 | Computer Name = X5C9T8 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 23/04/2009 18:37:33 | Computer Name = X5C9T8 | Source = Application Hang | ID = 1002
Description = Hanging application avgui.exe, version 10.0.0.1302, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 24/04/2009 12:59:02 | Computer Name = X5C9T8 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 24/04/2009 12:59:02 | Computer Name = X5C9T8 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 24/04/2009 12:59:18 | Computer Name = X5C9T8 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 24/04/2009 14:22:19 | Computer Name = X5C9T8 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 24/04/2009 14:22:35 | Computer Name = X5C9T8 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 30/04/2011 16:36:49 | Computer Name = X5C9T8 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 01/05/2011 05:10:26 | Computer Name = X5C9T8 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 01/05/2011 09:20:21 | Computer Name = X5C9T8 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 13/05/2011 16:56:01 | Computer Name = X5C9T8 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 944452467D97 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 13/05/2011 16:56:09 | Computer Name = X5C9T8 | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x4d0), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 13/05/2011 16:56:09 | Computer Name = X5C9T8 | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x4d0), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 13/05/2011 16:57:43 | Computer Name = X5C9T8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to
connect.

Error - 13/05/2011 16:57:43 | Computer Name = X5C9T8 | Source = Service Control Manager | ID = 7000
Description = The AVGIDSAgent service failed to start due to the following error:
%%1053

Error - 13/05/2011 16:57:43 | Computer Name = X5C9T8 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgldx86

Error - 13/05/2011 16:57:56 | Computer Name = X5C9T8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 13/05/2011 16:57:56 | Computer Name = X5C9T8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 13/05/2011 16:57:56 | Computer Name = X5C9T8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 13/05/2011 16:58:24 | Computer Name = X5C9T8 | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 ff2be008, parameter2 00000000, parameter3
fa2d4369, parameter4 00000000.


< End of report >

Thanks for helping

#6 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:33 PM

Posted 13 May 2011 - 08:50 PM

Hi-

Thank you for the OTL logs.

Let's delete Malwarebytes' Anti-Malware (MBAM) -
  • Click on Start.
  • Click on Programs.
  • Highlight Malwarebytes' Anti-Malware.
  • Click on Uninstall Malwarebytes' Anti-Malware
  • Uninstall it.
Next, pull down a fresh copy-

Download Malwarebytes' Anti-Malware (MBAM) from HERE.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report into your reply.

Shannon

#7 Xerces

Xerces
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 14 May 2011 - 08:31 AM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6575

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

14/05/2011 13:42:55
mbam-log-2011-05-14 (13-42-53).txt

Scan type: Full scan (C:\|)
Objects scanned: 219628
Time elapsed: 2 hour(s), 1 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:33 PM

Posted 14 May 2011 - 08:50 PM

Hi-

The MBAM report looks good. Let's do some clean up.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
:OTL
O3 - HKU\.DEFAULT\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-19\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-20\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-220523388-688789844-1708537768-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [MSN Service] File not found
O4 - HKU\S-1-5-18..\Run: [MSN Service] File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Win32 Classes Reg Error: Key error. (Reg Error: Key error.)
:commands
[emptytemp]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If you have to reboot, once back up, open the C:\_OTL\MovedFiles folder and copy the newest log into your next reply.

In your reply, please copy in the OTL Fix report.
Shannon

#9 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:33 PM

Posted 28 May 2011 - 08:56 AM

Hi-

Are you still in need of help?
Shannon

#10 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:33 PM

Posted 31 May 2011 - 08:49 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users