Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Exploit Java Agent f ... Redirect...?

Started by Grinnin , Jul 17 2010 06:44 PM

  • Please log in to reply

#1
Grinnin
Posted 17 July 2010 - 06:44 PM

Grinnin

    New Member

  • Member
  • Pip
  • 1 posts
I have wiped my drive, reformated and installed a different drive and reformatted that too and I still cant get rid of this!Kaspersky told me I had the Java Agent f. I cant get Malwarebytes to update ... I keep getting this - MBAM_ERROR_UPDATING(12007,0,WinHttpSend Report. I did the OTL scan and here are the reports from that scan. ... This is after reformatting and the only other thing I have installed was MS updates and Microssoft Essesntials. Malwarebytes wouldnt update so I diddnt run that scan.


OTL logfile created on: 7/17/2010 8:27:02 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Grinnin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 83.00% Memory free
16.00 Gb Paging File | 15.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 209.25 Gb Free Space | 89.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRINNIN-PC
Current User Name: Grinnin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/17 20:24:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Grinnin\Downloads\OTL.exe
PRC - [2010/07/17 19:59:42 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Grinnin\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/28 22:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Grinnin\AppData\Local\Google\Chrome\Application\chrome.exe


========== Modules (SafeList) ==========

MOD - [2010/07/17 20:24:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Grinnin\Downloads\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/07/17 23:23:18 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/07/17 22:27:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/07/17 22:25:19 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/07/17 22:24:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/17 20:14:46 | 000,000,000 | ---D | C] -- C:\Users\Grinnin\AppData\Roaming\Malwarebytes
[2010/07/17 20:14:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/17 20:14:38 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/17 20:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/17 20:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/17 20:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/07/17 20:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/17 20:02:41 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/07/17 20:00:19 | 000,000,000 | ---D | C] -- C:\Users\Grinnin\AppData\Roaming\Macromedia
[2010/07/17 20:00:19 | 000,000,000 | ---D | C] -- C:\Users\Grinnin\AppData\Roaming\Adobe
[2010/07/17 19:59:42 | 000,000,000 | ---D | C] -- C:\Users\Grinnin\AppData\Local\Google
[2010/07/17 19:59:34 | 000,000,000 | ---D | C] -- C:\Users\Grinnin\AppData\Local\Deployment
[2010/07/17 19:59:34 | 000,000,000 | ---D | C] -- C:\Users\Grinnin\AppData\Local\Apps
[2010/07/17 19:58:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/07/17 19:58:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/07/17 19:33:22 | 000,000,000 | R--D | C] -- C:\Users\Grinnin\Searches
[2010/07/17 19:33:22 | 000,000,000 | -H-D | C] -- C:\Users\Grinnin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/07/17 19:33:05 | 000,000,000 | ---D | C] -- C:\Users\Grinnin\AppData\Roaming\Identities
[2010/07/17 19:32:57 | 000,000,000 | R--D | C] -- C:\Users\Grinnin\Contacts
[2010/07/17 19:32:55 | 000,000,000 | ---D | C] -- C:\Users\Grinnin\AppData\Local\VirtualStore
[2010/07/17 19:32:42 | 000,000,000 | --SD | C] -- C:\Users\Grinnin\AppData\Roaming\Microsoft
[2010/07/17 19:32:42 | 000,000,000 | R--D | C] -- C:\Users\Grinnin\Videos
[2010/07/17 19:32:42 | 000,000,000 | R--D | C] -- C:\Users\Grinnin\Saved Games
[2010/07/17 19:32:42 | 000,000,000 | R--D | C] -- C:\Users\Grinnin\Pictures
[2010/07/17 19:32:42 | 000,000,000 | R--D | C] -- C:\Users\Grinnin\Music
[2010/07/17 19:32:42 | 000,000,000 | R--D | C] -- C:\Users\Grinnin\Links
[2010/07/17 19:32:42 | 000,000,000 | R--D | C] -- C:\Users\Grinnin\Favorites
[2010/07/17 19:32:42 | 000,000,000 | R--D | C] -- C:\Users\Grinnin\Downloads
[2010/07/17 19:32:42 | 000,000,000 | R--D | C] -- C:\Users\Grinnin\My Documents
[2010/07/17 19:32:42 | 000,000,000 | R--D | C] -- C:\Users\Grinnin\Desktop
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\AppData\Local\Temporary Internet Files
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\Templates
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\Start Menu
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\SendTo
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\Recent
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\PrintHood
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\NetHood
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\Documents\My Videos
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\Documents\My Pictures
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\Documents\My Music
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\My Documents
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\Local Settings
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\AppData\Local\History
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\Cookies
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\Application Data
[2010/07/17 19:32:42 | 000,000,000 | -HSD | C] -- C:\Users\Grinnin\AppData\Local\Application Data
[2010/07/17 19:32:42 | 000,000,000 | -H-D | C] -- C:\Users\Grinnin\AppData
[2010/07/17 19:32:42 | 000,000,000 | ---D | C] -- C:\Users\Grinnin\AppData\Local\Temp
[2010/07/17 19:32:42 | 000,000,000 | ---D | C] -- C:\Users\Grinnin\AppData\Local\Microsoft
[2010/07/17 19:32:42 | 000,000,000 | ---D | C] -- C:\Users\Grinnin\AppData\Roaming\Media Center Programs
[2010/07/17 19:32:26 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 90 Days ==========

[2010/07/17 22:28:02 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/07/17 22:28:02 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/07/17 20:27:22 | 000,524,288 | -HS- | M] () -- C:\Users\Grinnin\NTUSER.DAT
[2010/07/17 20:14:42 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/17 20:04:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744168132-1579295165-2194665114-1001UA.job
[2010/07/17 20:04:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744168132-1579295165-2194665114-1001Core.job
[2010/07/17 20:02:43 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/07/17 20:00:08 | 000,002,328 | ---- | M] () -- C:\Users\Grinnin\Desktop\Google Chrome.lnk
[2010/07/17 19:58:27 | 000,001,441 | ---- | M] () -- C:\Users\Grinnin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/17 19:58:14 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/17 19:58:14 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/17 19:58:14 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/17 19:55:06 | 000,057,560 | ---- | M] () -- C:\Users\Grinnin\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/17 19:53:15 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/17 19:53:15 | 000,013,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/17 19:53:15 | 000,013,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/17 19:53:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/17 19:53:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/17 19:52:39 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/17 19:51:31 | 000,829,494 | -H-- | M] () -- C:\Users\Grinnin\AppData\Local\IconCache.db
[2010/07/17 19:34:55 | 000,524,288 | -HS- | M] () -- C:\Users\Grinnin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 19:34:55 | 000,524,288 | -HS- | M] () -- C:\Users\Grinnin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 19:34:55 | 000,065,536 | -HS- | M] () -- C:\Users\Grinnin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/17 19:32:42 | 000,000,020 | -HS- | M] () -- C:\Users\Grinnin\ntuser.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/07/17 22:24:35 | 2146,295,807 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/17 20:14:42 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/17 20:02:43 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/07/17 20:00:08 | 000,002,328 | ---- | C] () -- C:\Users\Grinnin\Desktop\Google Chrome.lnk
[2010/07/17 19:59:43 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744168132-1579295165-2194665114-1001UA.job
[2010/07/17 19:59:43 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744168132-1579295165-2194665114-1001Core.job
[2010/07/17 19:58:27 | 000,001,441 | ---- | C] () -- C:\Users\Grinnin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/17 19:32:42 | 000,524,288 | -HS- | C] () -- C:\Users\Grinnin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 19:32:42 | 000,524,288 | -HS- | C] () -- C:\Users\Grinnin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 19:32:42 | 000,262,144 | -HS- | C] () -- C:\Users\Grinnin\ntuser.dat.LOG1
[2010/07/17 19:32:42 | 000,065,536 | -HS- | C] () -- C:\Users\Grinnin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/17 19:32:42 | 000,000,290 | ---- | C] () -- C:\Users\Grinnin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/17 19:32:42 | 000,000,272 | ---- | C] () -- C:\Users\Grinnin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/17 19:32:42 | 000,000,020 | -HS- | C] () -- C:\Users\Grinnin\ntuser.ini
[2010/07/17 19:32:42 | 000,000,000 | -HS- | C] () -- C:\Users\Grinnin\ntuser.dat.LOG2
[2010/07/17 19:32:41 | 000,524,288 | -HS- | C] () -- C:\Users\Grinnin\NTUSER.DAT
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/07/14 01:08:49 | 000,001,366 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/07/17 19:52:39 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/17 19:52:49 | 4293,386,239 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/13 21:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/13 21:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >



OTL Extras logfile created on: 7/17/2010 8:27:02 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Grinnin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 83.00% Memory free
16.00 Gb Paging File | 15.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 209.25 Gb Free Space | 89.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRINNIN-PC
Current User Name: Grinnin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Grinnin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"Microsoft Security Essentials" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 7/17/2010 10:25:57 PM | Computer Name = 37L4247E29-32 | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce Networking Controller : Has encountered an invalid network
address.

Error - 7/17/2010 10:26:01 PM | Computer Name = 37L4247E29-32 | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce Networking Controller #2 : Has encountered an invalid
network address.

Error - 7/17/2010 10:28:53 PM | Computer Name = Grinnin-PC | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce Networking Controller : Has encountered an invalid network
address.

Error - 7/17/2010 10:28:53 PM | Computer Name = Grinnin-PC | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce Networking Controller #2 : Has encountered an invalid
network address.

Error - 7/17/2010 7:35:49 PM | Computer Name = Grinnin-PC | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce Networking Controller : Has encountered an invalid network
address.

Error - 7/17/2010 7:35:49 PM | Computer Name = Grinnin-PC | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce Networking Controller #2 : Has encountered an invalid
network address.

Error - 7/17/2010 7:52:43 PM | Computer Name = Grinnin-PC | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce Networking Controller : Has encountered an invalid network
address.

Error - 7/17/2010 7:52:43 PM | Computer Name = Grinnin-PC | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce Networking Controller #2 : Has encountered an invalid
network address.


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP