Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

popups/slow computer/various issues

Started by ShoalBear , Apr 16 2010 08:45 AM

  • Please log in to reply

#16
azarl
Posted 22 April 2010 - 02:54 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Run OTL.scr
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Processes 

:Services

:OTL
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]

[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

» Can we try GMER again please... «

Download GMER Rootkit Scanner. Note the files name and unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

» If that doesn't run , can you try this instead please... «

Please download Rooter.exe from here or here and save to your desktop.
  • Double-click on Rooter.exe to start the tool. If using Vista, right-click and Run as Administrator...
  • Click the Scan button to begin.
  • Once the scan is complete, Notepad will open with a report named Rooter_#.txt (where # is the number assigned to the report).
  • A folder will be created at the %systemdrive% (usually, C:\Rooter$) where the log will be saved.
  • Rooter will automatically close. If it doesn't, just press the Close button.
  • Copy and paste the contents of Rooter_#.txt in your next reply.
Important: Before performing a scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

  • 0

Advertisements

#17
ShoalBear
Posted 23 April 2010 - 04:26 PM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
OTL logfile created on: 4/22/2010 11:25:59 AM - Run 4
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Debbie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 511.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.55 Gb Total Space | 129.89 Gb Free Space | 91.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 111.79 Gb Total Space | 45.62 Gb Free Space | 40.81% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANNYZMOM
Current User Name: Debbie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/21 12:21:15 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie\Desktop\OTL.scr
PRC - [2010/03/18 10:05:08 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/19 14:55:44 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/19 14:55:44 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/19 14:55:44 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/19 14:55:40 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/19 14:55:39 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/04/06 12:43:46 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/02 18:32:50 | 000,073,728 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
PRC - [2009/04/01 18:48:08 | 000,210,232 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2009/03/18 06:49:28 | 000,827,392 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2009/03/06 03:26:38 | 000,479,320 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/10/10 23:17:50 | 000,132,456 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/08/22 10:26:38 | 000,523,320 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2008/07/01 15:03:06 | 000,038,200 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2008/05/21 14:07:00 | 000,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007/04/13 18:16:16 | 000,311,296 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007/04/09 18:07:02 | 000,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2007/01/25 18:49:34 | 000,472,688 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\NetInt\netint.exe
PRC - [2007/01/25 18:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2007/01/25 18:45:42 | 000,468,600 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\Ivpsvmgr.exe
PRC - [2007/01/20 16:57:54 | 000,110,592 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\TaisSoftIcon.exe
PRC - [2005/06/06 10:58:44 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe
PRC - [2005/01/17 16:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/04/21 12:21:15 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie\Desktop\OTL.scr
MOD - [2009/03/13 15:05:14 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/19 14:55:40 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/19 14:55:39 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/03/06 03:26:06 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/10/10 23:17:50 | 000,132,456 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/08/22 10:26:38 | 000,523,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2008/05/21 14:07:00 | 000,111,984 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/01/25 18:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/17 16:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 09:46:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/29 02:27:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 17:03:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/16 13:48:36 | 000,000,000 | ---D | M]

[2009/07/19 18:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Extensions
[2010/04/15 20:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\jfsxdpzl.default\extensions
[2009/08/10 23:56:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\jfsxdpzl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/11 00:37:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\jfsxdpzl.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
[2009/11/02 01:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\jfsxdpzl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/01/20 02:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\jfsxdpzl.default\extensions\[email protected]
[2010/04/21 20:12:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 13:48:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/04/21 07:05:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe ()
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Debbie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Debbie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/06 11:11:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/22 11:16:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/21 12:33:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/21 12:21:15 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Debbie\Desktop\OTL.scr
[2010/04/21 07:06:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/21 06:52:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/21 06:51:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/21 06:51:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/21 06:51:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/21 06:51:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/20 14:57:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/16 13:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/16 13:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/16 00:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Malwarebytes
[2010/04/16 00:12:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/16 00:12:53 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/16 00:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/16 00:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/16 00:09:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/16 00:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/15 23:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Desktop\GTG
[2009/08/19 14:52:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/08/19 14:52:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/08/19 14:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/08/19 14:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/04/22 11:25:27 | 000,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver
[2010/04/22 11:19:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/22 11:19:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/22 11:19:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/22 11:19:05 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/22 11:17:06 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Debbie\NTUSER.DAT
[2010/04/22 11:17:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Debbie\ntuser.ini
[2010/04/22 08:28:00 | 059,133,905 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/21 13:46:44 | 004,834,792 | -H-- | M] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\IconCache.db
[2010/04/21 12:21:15 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie\Desktop\OTL.scr
[2010/04/21 10:39:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/21 10:14:46 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Debbie\Desktop\ComboFix.exe
[2010/04/21 07:05:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/21 06:52:51 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/19 12:52:31 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\dds.scr
[2010/04/16 00:07:54 | 000,000,623 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\NTREGOPT.lnk
[2010/04/16 00:07:54 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\ERUNT.lnk
[2010/04/15 19:19:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\Skype.lnk
[2010/04/15 17:00:41 | 000,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/15 16:30:10 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/14 06:20:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/11 12:44:12 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\Adobe Reader 9.lnk
[2010/04/10 17:02:42 | 000,033,816 | ---- | M] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2010/04/21 10:12:30 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Debbie\Desktop\ComboFix.exe
[2010/04/21 06:52:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/21 06:52:46 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/21 06:51:40 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/21 06:51:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/21 06:51:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/21 06:51:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/21 06:51:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/19 12:52:30 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\dds.scr
[2010/04/16 00:07:54 | 000,000,623 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\NTREGOPT.lnk
[2010/04/16 00:07:54 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\ERUNT.lnk
[2010/04/15 16:30:10 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/11 12:46:38 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\Skype.lnk
[2010/04/11 12:46:38 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\Bing Maps 3D.lnk
[2010/04/11 12:46:38 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\Voice & Video Calls.lnk
[2010/04/11 12:46:38 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\Adobe Reader 9.lnk
[2010/04/11 12:46:38 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\fa.lnk
[2010/04/11 12:46:38 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\AVG Free 8.5.lnk
[2010/04/11 12:46:38 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\Toshiba Resources.lnk
[2010/04/11 12:46:38 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\Norton Security Scan.lnk
[2010/04/11 12:46:38 | 000,000,957 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\Recovery Disc Creator.lnk
[2010/04/11 12:46:38 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\Shop at Amazon.com.lnk
[2010/04/11 12:46:38 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\Opera.lnk
[2009/12/04 03:57:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Debbie\net_rim_plazmic_flint_dispatcherservice0.0.log.lck
[2009/12/04 03:57:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Debbie\net_rim_plazmic_flint_dispatcherservice0.0.log
[2009/11/30 01:32:24 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\net_rim_plazmic_flint_dialog.dll
[2009/08/13 23:24:04 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Debbie\Application Data\wklnhst.dat
[2009/07/19 17:27:00 | 000,000,013 | RHS- | C] () -- C:\WINDOWS\System32\drivers\fbd.sys
[2009/07/19 17:26:51 | 000,000,004 | RHS- | C] () -- C:\WINDOWS\System32\drivers\taishop.sys
[2009/07/19 17:26:19 | 003,670,016 | -H-- | C] () -- C:\Documents and Settings\Debbie\NTUSER.DAT
[2009/07/19 17:26:19 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Debbie\NTUSER.DAT.LOG
[2009/07/19 17:26:19 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Debbie\ntuser.ini
[2009/07/19 17:26:02 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/07/19 17:26:02 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2009/07/04 03:30:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/04 03:22:33 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2009/04/06 12:54:02 | 000,000,348 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/06 12:33:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2009/04/06 12:23:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2009/04/06 12:03:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/04/06 11:09:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/04/02 11:54:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2009/04/02 10:35:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2009/03/31 11:13:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2009/03/13 15:05:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll

========== LOP Check ==========

[2009/08/19 16:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/04/06 12:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista32
[2009/04/06 12:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64
[2009/04/06 12:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP
[2009/12/04 03:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Composer
[2009/07/24 19:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Opera
[2009/11/30 01:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Research In Motion
[2009/08/13 23:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Template
[2009/04/06 12:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\toshiba
[2009/04/06 11:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\WinBatch

========== Purity Check ==========


< End of report >
[2010/04/22 11:25:27 | 000,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver
[2010/04/22 11:19:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/22 11:19:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/22 11:19:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/22 11:17:06 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Debbie\NTUSER.DAT
[2010/04/22 11:17:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Debbie\ntuser.ini
[2010/04/21 13:46:44 | 004,834,792 | -H-- | M] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\IconCache.db
[2010/04/21 12:21:15 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie\Desktop\OTL.scr
[2010/04/21 10:39:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/21 10:14:46 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Debbie\Desktop\ComboFix.exe
[2010/04/19 12:52:31 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\dds.scr
[2010/04/16 00:07:54 | 000,000,623 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\NTREGOPT.lnk
[2010/04/16 00:07:54 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\ERUNT.lnk
[2010/04/15 19:19:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\Skype.lnk
[2010/04/15 17:00:41 | 000,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/15 16:30:10 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/14 06:20:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/11 12:44:12 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\Adobe Reader 9.lnk
[2010/04/10 17:02:42 | 000,033,816 | ---- | M] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== LOP Check ==========

[2009/08/19 16:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/04/06 12:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista32
[2009/04/06 12:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64
[2009/04/06 12:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP
[2009/12/04 03:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Composer
[2009/07/24 19:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Opera
[2009/11/30 01:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Research In Motion
[2009/08/13 23:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Template
[2009/04/06 12:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\toshiba
[2009/04/06 11:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\WinBatch

========== Purity Check ==========



< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-23 15:12:33
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Debbie\LOCALS~1\Temp\fwtdipow.sys


---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A8AC2D20

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#18
azarl
Posted 24 April 2010 - 02:36 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Kaspersky WebScanner
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA technology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest vision.

Upgrading Java
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 18.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u18-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586-p.exe and select "Run as an Administrator.")
Running Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Diallers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • 0

#19
ShoalBear
Posted 25 April 2010 - 10:26 AM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4032

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/24/2010 11:10:44 AM
mbam-log-2010-04-24 (11-10-44).txt

Scan type: Quick scan
Objects scanned: 110444
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, April 25, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, April 24, 2010 21:57:30
Records in database: 3978325
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
E:\

Scan statistics:
Objects scanned: 172368
Threats found: 13
Infected objects found: 67
Suspicious objects found: 115
Scan duration: 07:17:08


File name / Threat / Threats count
C:\System Volume Information\_restore{1E452A8B-FF85-46AC-BB2A-069DD62D4A2E}\RP111\A0137800.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.fl 1
E:\KL gateway\Documents and Settings\Kari-Lyn\My Documents\WebMail Logs\EMail Parser23-12-2009.txt Suspicious: Trojan-Spy.HTML.Fraud.gen 2
E:\KL gateway\Documents and Settings\Kari-Lyn\My Documents\WebMail Logs\EMail Parser24-12-2009.txt Suspicious: Trojan-Spy.HTML.Fraud.gen 2
E:\KL gateway\Documents and Settings\Kari-Lyn\My Documents\WebMail Logs\SMTPConnectionlog24-12-2009.txt Suspicious: Trojan-Spy.HTML.Fraud.gen 1
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk Infected: Backdoor.Win32.Bredolab.bln 1
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk Infected: Packed.Win32.Krap.x 1
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk Suspicious: Trojan-Spy.HTML.Fraud.gen 8
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk Infected: Packed.Win32.Krap.aj 4
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Suspicious: Trojan-Spy.HTML.Fraud.gen 10
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Backdoor.Win32.Bredolab.aue 4
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Backdoor.Win32.Bredolab.atr 1
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Trojan.Win32.Sasfis.tub 6
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Email-Worm.Win32.Iksmas.frg 2
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Trojan.Win32.Buzus.clys 3
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Packed.Win32.Krap.aj 4
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Packed.Win32.Krap.x 1
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Backdoor.Win32.Bredolab.bln 1
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Trojan-Downloader.Win32.Agent.dadz 1
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Trojan.Win32.Refroso.amdh 1
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 7
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Trash Infected: Packed.Win32.Krap.x 1
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Trash Infected: Backdoor.Win32.Bredolab.bln 1
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\localhost\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 7
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\localhost\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 12
E:\Thunderbird\Profiles\12rxr6gk.default\Mail\pop.mail.yahoo.com\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 11
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk Infected: Backdoor.Win32.Bredolab.bln 1
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk Infected: Packed.Win32.Krap.x 1
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk Suspicious: Trojan-Spy.HTML.Fraud.gen 8
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk Infected: Packed.Win32.Krap.aj 4
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk Infected: Backdoor.Win32.EggDrop.afz 1
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk Infected: Trojan.Win32.Refroso.amdh 1
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Suspicious: Trojan-Spy.HTML.Fraud.gen 10
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Backdoor.Win32.Bredolab.aue 4
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Backdoor.Win32.Bredolab.atr 1
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Trojan.Win32.Sasfis.tub 6
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Email-Worm.Win32.Iksmas.frg 2
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Trojan.Win32.Buzus.clys 3
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Packed.Win32.Krap.aj 4
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Packed.Win32.Krap.x 1
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Backdoor.Win32.Bredolab.bln 1
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Trojan-Downloader.Win32.Agent.dadz 1
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 7
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Trash Infected: Packed.Win32.Krap.x 1
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Trash Infected: Backdoor.Win32.Bredolab.bln 1
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Trash Infected: Trojan.Win32.Refroso.amdh 1
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\localhost\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 7
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\localhost\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 12
E:\Thunderbird Current\Thunderbird\Profiles\12rxr6gk.default\Mail\pop.mail.yahoo.com\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 11

Selected area has been scanned.
  • 0

#20
azarl
Posted 25 April 2010 - 01:55 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
You've got a serious amount of nasty stuff in your eMail client (THunderbird). I suggest you delete all your junk email, run "File->Compact Folders" and then run the scan again. If you've got the time, it may be a good idea to go through your mail boxes and delete everything you don't need to keep.

Other than that, your logs are now clean - you are clear or seem to be. Please advise me if you still have any problems.

We'll move on to the cleanup now. There's quite A bit to do here, just take your time

Updates
Before we begin the actual cleanup, I'll just say a few words on the importance of updates. From time to time, software vendors introduce updates for their products. Sometimes these are to enhance the product, but often they are to repair an exploitable vulnerability. You may like to consider installing Secunia PSI. This is a free application (for home users) that sits in the system tray and alerts you when security updates are available, and where from. Secunia PSI can be downloaded from HERE

Follow these steps to uninstall ComboFix and tools used in the removal of malware
  • Click START then RUN
  • Now type ComboFix /Uninstall in the run box and click OK. Note the space between the ComboFix and the /U, it needs to be there.
    Posted Image
OTL Cleanup
A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Preventing re-infection
Now that your system is clear, there are a number of steps you can take to prevent re-infection

It is critical that you have both a firewall and anti virus to protect your system and to keep them updated.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Winpatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found Here
SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
MVPS Hosts File - Blocks known bad sites by adding them to your Hosts file thereby preventing you from accessing them
TFC (Temp File Cleaner)- Cleans an enormous amount of junk held in temporary files and disposes of any malware lurking there.
Anti Spyware Program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware

Browsers
Consider using FIREFOX or OPERA, both are free to use and are more secure than IE. If you are using Firefox you can stay more secure by adding NoScript and WOT (Web Of Trust). NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.


Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • Run Internet Explorer
  • Click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • 0

#21
ShoalBear
Posted 26 April 2010 - 04:06 PM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Thanks so much Azarl! I appreciate your help so much!!

Still noticing that the computer seems real slow when I type, like this response, I have typed this whole sentence and it still hasn't shown the typing yet..I had to stop and wait a good 3 mins before it showed up...any idea what would cause such a thing?
  • 0

#22
azarl
Posted 27 April 2010 - 02:15 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
That's a driver or resource issue. Put a post in the XP forum here, tell them we've removed malware, and post a link back to this thread
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP