Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

want to be sure im clean


  • Please log in to reply

#1
whoissontop

whoissontop

    Member

  • Member
  • PipPip
  • 69 posts
THANK YOU FOR YOUR HELP!

OTL logfile created on: 1/21/2011 11:36:39 AM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Dell Usert\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 66.00 Mb Available Physical Memory | 26.00% Memory free
618.00 Mb Paging File | 461.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 14.64 Gb Free Space | 78.56% Space Free | Partition Type: NTFS

Computer Name: DELL-JRV10D9FBO | User Name: Dell Usert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/21 11:36:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell Usert\Desktop\OTL.exe
PRC - [2011/01/02 18:23:17 | 000,020,480 | ---- | M] (SmileyCentral) -- C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbrmon.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/01/21 11:36:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell Usert\Desktop\OTL.exe
MOD - [2011/01/02 18:23:17 | 000,024,576 | ---- | M] (SmileyCentral) -- C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbrstub.dll
MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/01/02 18:23:17 | 000,028,766 | ---- | M] (SmileyCentral) [Auto | Stopped] -- C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbarsvc.exe -- (SmileyCentralIE_1wService)


========== Driver Services (SafeList) ==========

DRV - [2007/07/28 03:10:18 | 000,483,968 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2002/08/28 18:00:54 | 000,137,088 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\essm2e.sys -- (Maestro) ESS Maestro2E Audio Driver (WDM)
DRV - [2001/08/17 07:48:56 | 000,289,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atimpab.sys -- (atimpab)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/?ref=hp [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...B9-74789EB76C2D
IE - HKCU\..\URLSearchHook: {339a0dff-d9af-439b-92bc-636220fb3dae} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll (SmileyCentral)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2003/07/16 11:23:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Toolbar BHO) - {55cde9e7-696c-47c4-8e21-7210b8aeb103} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll (SmileyCentral)
O2 - BHO: (Search Assistant BHO) - {5ed22e89-62fa-47ec-bd8d-374d849d436c} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll (SmileyCentral)
O3 - HKLM\..\Toolbar: (SmileyCentral) - {d3ca5551-fc2e-4d09-8ece-263607acf9fc} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll (SmileyCentral)
O3 - HKCU\..\Toolbar\WebBrowser: (SmileyCentral) - {D3CA5551-FC2E-4D09-8ECE-263607ACF9FC} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll (SmileyCentral)
O4 - HKLM..\Run: [SmileyCentralIE_1w Browser Plugin Loader] C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbrmon.exe (SmileyCentral)
O4 - HKCU..\Run: [PIS] C:\Documents and Settings\All Users\Application Data\3146ce\PI314_328.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dell Usert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dell Usert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/16 10:55:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/21 11:36:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dell Usert\Desktop\OTL.exe
[2011/01/21 11:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Usert\Application Data\Malwarebytes
[2011/01/21 11:12:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/21 11:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/21 11:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/21 11:12:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/21 11:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/15 23:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\3146ce
[2011/01/14 23:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Usert\Start Menu\Programs\Absolute Poker
[2011/01/14 23:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Usert\Application Data\Absolute Poker
[2011/01/14 23:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Absolute Poker
[2011/01/14 23:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\_uninstallation_info
[2011/01/14 13:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Usert\Local Settings\Application Data\Identities
[2011/01/04 12:37:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/01/02 18:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\SmileyCentralIE_1w
[2011/01/02 18:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\SmileyCentral_1vEI
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/21 11:36:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell Usert\Desktop\OTL.exe
[2011/01/21 11:28:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/21 11:12:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/18 15:51:33 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Dell Usert\Desktop\Microsoft Office Word 2003.lnk
[2011/01/14 23:39:07 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\Dell Usert\Desktop\Absolute Poker.lnk
[2011/01/14 18:33:50 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Dell Usert\My Documents\sarahs goutes.doc
[2011/01/14 13:38:19 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Dell Usert\My Documents\sarahs poems.doc
[2011/01/06 20:36:23 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\Dell Usert\My Documents\credit roport informaation for sarah.rtf
[2011/01/06 15:40:36 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Dell Usert\My Documents\anatomy 2011 tuesday the 4th.doc
[2011/01/04 15:09:43 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Dell Usert\My Documents\anatomy worksheet.doc
[2011/01/02 16:10:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/21 11:12:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 23:39:07 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\Dell Usert\Desktop\Absolute Poker.lnk
[2011/01/14 18:33:50 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Dell Usert\My Documents\sarahs goutes.doc
[2011/01/14 00:56:45 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Dell Usert\My Documents\sarahs poems.doc
[2011/01/06 19:50:41 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\Dell Usert\My Documents\credit roport informaation for sarah.rtf
[2011/01/04 15:09:43 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Dell Usert\My Documents\anatomy worksheet.doc
[2011/01/04 14:01:43 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Dell Usert\My Documents\anatomy 2011 tuesday the 4th.doc
[2010/11/16 12:02:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/16 05:27:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/07/16 11:37:58 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >



OTL Extras logfile created on: 1/21/2011 11:36:39 AM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Dell Usert\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 66.00 Mb Available Physical Memory | 26.00% Memory free
618.00 Mb Paging File | 461.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 14.64 Gb Free Space | 78.56% Space Free | Partition Type: NTFS

Computer Name: DELL-JRV10D9FBO | User Name: Dell Usert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"SmileyCentralIE_1wbar Uninstall" = SmileyCentral
"Windows XP Service Pack" = Windows XP Service Pack 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2011 2:27:46 AM | Computer Name = DELL-JRV10D9FBO | Source = Application Error | ID = 1001
Description = Fault bucket 1204843333.

Error - 1/9/2011 9:38:51 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/9/2011 9:38:56 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/11/2011 12:08:55 AM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2011 11:14:08 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2011 11:14:08 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2011 11:14:16 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2011 11:14:21 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2011 11:14:24 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2011 10:03:02 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module comctl32.dll, version 6.0.2900.2180, fault address 0x00082cfe.

[ Application Events ]
Error - 1/8/2011 2:27:46 AM | Computer Name = DELL-JRV10D9FBO | Source = Application Error | ID = 1001
Description = Fault bucket 1204843333.

Error - 1/9/2011 9:38:51 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/9/2011 9:38:56 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/11/2011 12:08:55 AM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2011 11:14:08 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2011 11:14:08 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2011 11:14:16 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2011 11:14:21 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2011 11:14:24 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2011 10:03:02 PM | Computer Name = DELL-JRV10D9FBO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module comctl32.dll, version 6.0.2900.2180, fault address 0x00082cfe.

[ System Events ]
Error - 1/5/2011 1:25:36 PM | Computer Name = DELL-JRV10D9FBO | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.27 for the Network Card with network
address 002275007EA7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 1/9/2011 8:45:11 PM | Computer Name = DELL-JRV10D9FBO | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 1/9/2011 8:45:11 PM | Computer Name = DELL-JRV10D9FBO | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/9/2011 8:45:11 PM | Computer Name = DELL-JRV10D9FBO | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 1/9/2011 8:45:11 PM | Computer Name = DELL-JRV10D9FBO | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 1/10/2011 2:05:50 PM | Computer Name = DELL-JRV10D9FBO | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 1/10/2011 11:25:59 PM | Computer Name = DELL-JRV10D9FBO | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 1/14/2011 7:28:13 PM | Computer Name = DELL-JRV10D9FBO | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 1/16/2011 3:03:21 PM | Computer Name = DELL-JRV10D9FBO | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.

Error - 1/21/2011 11:52:59 AM | Computer Name = DELL-JRV10D9FBO | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
  • 0

Advertisements


#2
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, whoissontop! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out ;)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :D


I do see a couple of malware items that are still present, so lets get them removed with OTL, then we'll do some more scans to make sure there are no other bits lurking ;)

Just follow the steps below...


1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...B9-74789EB76C2D
    O4 - HKCU..\Run: [PIS] C:\Documents and Settings\All Users\Application Data\3146ce\PI314_328.exe ()
    [2011/01/15 23:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\3146ce
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.




2)
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.




3)
AVP Virus Scan by Kaspersky
Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says AutoScan.
  • Under AutoScan make sure these are checked.

    Note - System Memory option is not available on 64 bit Operating Systems

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • If the Report or Save button is not visible you should be able to view AVP's log of detections/deletions and then Select All and copy and paste this information into your next reply
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.






In your next reply
Please post the contents of...
OTL log
TDSSKiller log
AVP log

  • 0

#3
whoissontop

whoissontop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I will post any other reports in a new thread..here is t he otl report...

OTL logfile created on: 1/24/2011 8:33:12 PM - Run 2
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Dell Usert\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 117.00 Mb Available Physical Memory | 46.00% Memory free
618.00 Mb Paging File | 506.00 Mb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 14.56 Gb Free Space | 78.14% Space Free | Partition Type: NTFS

Computer Name: DELL-JRV10D9FBO | User Name: Dell Usert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/21 11:36:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell Usert\Desktop\OTL.exe
PRC - [2011/01/02 18:23:17 | 000,020,480 | ---- | M] (SmileyCentral) -- C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbrmon.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/01/21 11:36:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell Usert\Desktop\OTL.exe
MOD - [2011/01/02 18:23:17 | 000,024,576 | ---- | M] (SmileyCentral) -- C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbrstub.dll
MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/01/02 18:23:17 | 000,028,766 | ---- | M] (SmileyCentral) [Auto | Stopped] -- C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbarsvc.exe -- (SmileyCentralIE_1wService)


========== Driver Services (SafeList) ==========

DRV - [2007/07/28 03:10:18 | 000,483,968 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2002/08/28 18:00:54 | 000,137,088 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\essm2e.sys -- (Maestro) ESS Maestro2E Audio Driver (WDM)
DRV - [2001/08/17 07:48:56 | 000,289,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atimpab.sys -- (atimpab)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/?ref=hp [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {339a0dff-d9af-439b-92bc-636220fb3dae} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll (SmileyCentral)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "facebook.com"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/21 19:09:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/21 19:08:52 | 000,000,000 | ---D | M]

[2011/01/21 19:09:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dell Usert\Application Data\Mozilla\Extensions
[2011/01/21 19:09:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dell Usert\Application Data\Mozilla\Firefox\Profiles\py3li9st.default\extensions
[2011/01/21 19:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/01/24 20:26:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Toolbar BHO) - {55cde9e7-696c-47c4-8e21-7210b8aeb103} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll (SmileyCentral)
O2 - BHO: (Search Assistant BHO) - {5ed22e89-62fa-47ec-bd8d-374d849d436c} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll (SmileyCentral)
O3 - HKLM\..\Toolbar: (SmileyCentral) - {d3ca5551-fc2e-4d09-8ece-263607acf9fc} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll (SmileyCentral)
O3 - HKCU\..\Toolbar\WebBrowser: (SmileyCentral) - {D3CA5551-FC2E-4D09-8ECE-263607ACF9FC} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll (SmileyCentral)
O4 - HKLM..\Run: [SmileyCentralIE_1w Browser Plugin Loader] C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbrmon.exe (SmileyCentral)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dell Usert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dell Usert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/16 10:55:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/24 20:25:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/24 19:13:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/01/24 19:12:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/01/24 19:12:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/01/23 21:48:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/01/22 04:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Usert\My Documents\Downloads
[2011/01/21 19:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Usert\Local Settings\Application Data\Mozilla
[2011/01/21 19:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Usert\Application Data\Mozilla
[2011/01/21 19:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/01/21 19:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/21 11:36:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dell Usert\Desktop\OTL.exe
[2011/01/21 11:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Usert\Application Data\Malwarebytes
[2011/01/21 11:12:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/21 11:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/21 11:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/21 11:12:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/21 11:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/14 23:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Usert\Start Menu\Programs\Absolute Poker
[2011/01/14 23:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Usert\Application Data\Absolute Poker
[2011/01/14 23:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Absolute Poker
[2011/01/14 23:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\_uninstallation_info
[2011/01/14 13:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Usert\Local Settings\Application Data\Identities
[2011/01/04 12:37:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/01/02 18:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\SmileyCentralIE_1w
[2011/01/02 18:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\SmileyCentral_1vEI

========== Files - Modified Within 30 Days ==========

[2011/01/24 20:28:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/24 20:26:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/01/24 19:12:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/22 04:25:41 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Dell Usert\Desktop\Microsoft Office Word 2003.lnk
[2011/01/21 19:09:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/01/21 19:08:58 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Dell Usert\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/21 19:08:58 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/21 11:36:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell Usert\Desktop\OTL.exe
[2011/01/21 11:12:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 23:39:07 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\Dell Usert\Desktop\Absolute Poker.lnk
[2011/01/14 18:33:50 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Dell Usert\My Documents\sarahs goutes.doc
[2011/01/14 13:38:19 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Dell Usert\My Documents\sarahs poems.doc
[2011/01/06 20:36:23 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\Dell Usert\My Documents\credit roport informaation for sarah.rtf
[2011/01/06 15:40:36 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Dell Usert\My Documents\anatomy 2011 tuesday the 4th.doc
[2011/01/04 15:09:43 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Dell Usert\My Documents\anatomy worksheet.doc
[2011/01/02 16:10:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011/01/21 19:09:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/21 19:08:58 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Dell Usert\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/21 19:08:58 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/21 11:12:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 23:39:07 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\Dell Usert\Desktop\Absolute Poker.lnk
[2011/01/14 18:33:50 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Dell Usert\My Documents\sarahs goutes.doc
[2011/01/14 00:56:45 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Dell Usert\My Documents\sarahs poems.doc
[2011/01/06 19:50:41 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\Dell Usert\My Documents\credit roport informaation for sarah.rtf
[2011/01/04 15:09:43 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Dell Usert\My Documents\anatomy worksheet.doc
[2011/01/04 14:01:43 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Dell Usert\My Documents\anatomy 2011 tuesday the 4th.doc
[2010/11/16 12:02:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/16 05:27:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/07/16 11:37:58 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========


========== Purity Check ==========



< End of report >
  • 0

#4
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Okey Dokey, yep just post the other two logs when you have them :D
  • 0

#5
whoissontop

whoissontop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
the other 2 programs you asked me to run...

#2 said it was clean
#3 i can not see in safe mode the only programs that show on my desktop are firefox and malwarebytes. should i be running the program normally to install it on my desktop in the normal mode and then see if it shows in safe mode?

i am unsure but this computer is still having issues when i turn it on sometimes the desktop will not load at all and i will need to press the power button to shut down the computer and then turn it on again for t he desktop to come up. also ontop of that it seems like possibly the original wireless connection this computer was going by is being blocked or something as it is connected and everything and everything looks fine but the internet wont work...if i use the connection from my house then it works...which makes no sense to me because the other wireless is connected. i think the computer is still infected =\ i posted the otl log that had come up when i ran the program im unsure if you see anything there. i a m also sorry if it takes time for me to respond but t his is my friends computer and she keeps it at her house and i get on when i hop over, lol thanks again for ur help.
  • 0

#6
whoissontop

whoissontop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
2011/01/25 20:31:40.0345 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/25 20:31:40.0345 ================================================================================
2011/01/25 20:31:40.0345 SystemInfo:
2011/01/25 20:31:40.0345
2011/01/25 20:31:40.0345 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/25 20:31:40.0345 Product type: Workstation
2011/01/25 20:31:40.0345 ComputerName: DELL-JRV10D9FBO
2011/01/25 20:31:40.0345 UserName: Dell Usert
2011/01/25 20:31:40.0345 Windows directory: C:\WINDOWS
2011/01/25 20:31:40.0345 System windows directory: C:\WINDOWS
2011/01/25 20:31:40.0345 Processor architecture: Intel x86
2011/01/25 20:31:40.0345 Number of processors: 1
2011/01/25 20:31:40.0345 Page size: 0x1000
2011/01/25 20:31:40.0345 Boot type: Normal boot
2011/01/25 20:31:40.0345 ================================================================================
2011/01/25 20:31:40.0876 Initialize success
2011/01/25 20:31:43.0009 ================================================================================
2011/01/25 20:31:43.0009 Scan started
2011/01/25 20:31:43.0009 Mode: Manual;
2011/01/25 20:31:43.0009 ================================================================================
2011/01/25 20:31:44.0792 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/25 20:31:44.0962 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/25 20:31:45.0152 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/01/25 20:31:45.0302 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/01/25 20:31:45.0432 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/25 20:31:46.0494 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/25 20:31:46.0564 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/25 20:31:46.0834 atimpab (8d70c26425fde49ddce5bb2cf25b8df2) C:\WINDOWS\system32\DRIVERS\atimpab.sys
2011/01/25 20:31:47.0025 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/25 20:31:47.0215 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/25 20:31:47.0365 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/25 20:31:47.0555 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/25 20:31:47.0756 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/25 20:31:47.0916 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/25 20:31:48.0016 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/25 20:31:48.0226 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/25 20:31:48.0427 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/25 20:31:48.0978 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/25 20:31:49.0258 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/25 20:31:49.0508 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/25 20:31:49.0648 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/25 20:31:49.0799 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/25 20:31:50.0029 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/25 20:31:50.0219 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/25 20:31:50.0400 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/25 20:31:50.0580 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/25 20:31:50.0670 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/25 20:31:50.0810 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/25 20:31:50.0940 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/25 20:31:51.0051 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/25 20:31:51.0161 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/25 20:31:51.0421 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/25 20:31:51.0752 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/25 20:31:51.0832 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/25 20:31:52.0102 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/25 20:31:52.0202 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/25 20:31:52.0332 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/25 20:31:52.0443 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/25 20:31:52.0523 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/25 20:31:52.0633 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/25 20:31:52.0743 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/25 20:31:52.0893 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/25 20:31:53.0033 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/25 20:31:53.0184 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/25 20:31:53.0314 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/25 20:31:53.0654 Maestro (65fef13327d25bc33af78178365c1412) C:\WINDOWS\system32\drivers\essm2e.sys
2011/01/25 20:31:53.0875 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/25 20:31:54.0025 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/25 20:31:54.0115 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/25 20:31:54.0245 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/25 20:31:54.0445 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/25 20:31:54.0616 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/25 20:31:54.0856 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/25 20:31:55.0036 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/25 20:31:55.0156 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/25 20:31:55.0237 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/25 20:31:55.0377 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/25 20:31:55.0467 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/25 20:31:55.0557 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/25 20:31:55.0687 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/25 20:31:55.0757 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/25 20:31:55.0837 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/25 20:31:55.0948 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/25 20:31:56.0028 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/25 20:31:56.0138 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/25 20:31:56.0318 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/25 20:31:56.0478 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/25 20:31:56.0729 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/25 20:31:56.0829 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/25 20:31:56.0999 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/25 20:31:57.0159 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/01/25 20:31:57.0289 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/25 20:31:57.0360 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/25 20:31:57.0500 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/25 20:31:57.0610 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/25 20:31:57.0880 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/25 20:31:58.0661 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/25 20:31:58.0762 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/25 20:31:58.0842 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/25 20:31:59.0352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/25 20:31:59.0433 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/25 20:31:59.0543 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/25 20:31:59.0623 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/25 20:31:59.0723 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/25 20:31:59.0803 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/25 20:31:59.0953 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/25 20:32:00.0174 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/25 20:32:00.0374 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/25 20:32:00.0654 RT61 (ef64988c8e699e2481d1fd45bf472ef0) C:\WINDOWS\system32\DRIVERS\RT61.sys
2011/01/25 20:32:00.0905 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/25 20:32:01.0025 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/25 20:32:01.0115 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/25 20:32:01.0245 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/25 20:32:01.0566 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/25 20:32:01.0686 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/25 20:32:01.0906 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/25 20:32:02.0126 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/25 20:32:02.0237 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/25 20:32:02.0727 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/25 20:32:02.0888 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/25 20:32:03.0028 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/25 20:32:03.0138 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/25 20:32:03.0248 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/25 20:32:03.0538 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/25 20:32:03.0779 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/25 20:32:03.0949 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/25 20:32:04.0069 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/25 20:32:04.0209 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/25 20:32:04.0310 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/25 20:32:04.0520 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/25 20:32:04.0690 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/25 20:32:04.0850 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/25 20:32:05.0531 ================================================================================
2011/01/25 20:32:05.0531 Scan finished
2011/01/25 20:32:05.0531 ================================================================================
  • 0

#7
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Okey Dokey, we'll come back to those problems with the Wireless and the booting up, once we have ruled out the malware side of things. Your OTL log looked clean, but we could do with running some more scans. With the AVP by Kaspersky, can you try installing and running it in Normal Mode then, as it is not appearing in Safe Mode. If you could then do a fresh scan with MBAM, then a Chkdsk please. Just follow the steps below on how to run these.


1)
Follow the AVP instructions as before, but run it in Normal Mode, not Safe Mode.




2)
Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply




3)
Run a Chkdsk on the Hard Drive
  • Click Start, and then Run.
  • Type cmd into the run diaogue box and then press ENTER.
  • In the black box that appears, type chkdsk c: /r then press ENTER
  • You will probably receive the following message:
    Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
  • Type Y, and then press ENTER to schedule the disk check, and then restart your computer to start the disk check.
  • After the Chkdsk has completed Windows will just boot onto your Desktop as usual

Note - Chkdsk's can vary in time depending on the size of the Hard Drive, but typically run for approx 30-90mins. Always let it complete fully, do not cancel it whilst it is running.




In your next reply
Please post the contents of...
AVP log
MBAM log

  • 0

#8
whoissontop

whoissontop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Autoscan: completed 8 minutes ago (events: 4, objects: 122815, time: 02:07:45)
1/28/2011 2:29:18 PM Task started
1/28/2011 3:10:45 PM Detected: not-a-virus:AdWare.Win32.FunWeb.gq C:\System Volume Information\_restore{17CA1648-39C1-48A2-B16D-EF1163076F82}\RP7\A0009479.dll
1/28/2011 4:24:39 PM Untreated: not-a-virus:AdWare.Win32.FunWeb.gq C:\System Volume Information\_restore{17CA1648-39C1-48A2-B16D-EF1163076F82}\RP7\A0009479.dll Skipped by user
1/28/2011 4:37:04 PM Task completed


will do step 2 now.
  • 0

#9
whoissontop

whoissontop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5632

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/28/2011 6:52:21 PM
mbam-log-2011-01-28 (18-52-21).txt

Scan type: Quick scan
Objects scanned: 137981
Time elapsed: 7 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey, thanks for the logs. No need to worry about the infection AVP found, as that is just stored in a restore point which we will clear at the end once everything is sorted :D

Have you ran the Chkdsk yet, if not, give it a run and let me know if the bootup and wireless problems still remain. If one or both of these problems still remain after running the Chkdsk, could you run the following program for me please.




Download ComboFix from one of these locations:

Link 1
Link 2


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP