Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System tools infection?

Started by Trixsteruk , Mar 19 2011 07:55 AM

  • Please log in to reply

#16
Trixsteruk
Posted 20 March 2011 - 09:03 AM

Trixsteruk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OTL logfile created on: 20/03/2011 14:57:57 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\nhvh\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.45 Gb Total Space | 197.14 Gb Free Space | 69.31% Space Free | Partition Type: NTFS
Drive D: | 13.54 Gb Total Space | 2.40 Gb Free Space | 17.74% Space Free | Partition Type: NTFS
Drive E: | 19.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 981.02 Mb Total Space | 2.79 Mb Free Space | 0.28% Space Free | Partition Type: FAT32

Computer Name: NHVH-PC | User Name: nhvh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/19 13:29:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.exe
PRC - [2011/01/05 09:09:52 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/08 07:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1296293777\ee\aolsoftware.exe
PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/08/15 12:10:33 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/08/05 12:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/14 01:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/05/26 08:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/06/08 15:41:18 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe


========== Modules (SafeList) ==========

MOD - [2011/03/19 13:29:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.exe
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/19 13:49:01 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/15 12:10:33 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/09 23:45:31 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/30 14:41:43 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/08/29 16:27:27 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/01/20 21:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/15 12:10:34 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/15 12:10:34 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/08/15 12:10:34 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2009/08/15 12:10:34 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symfw.sys -- (SYMFW)
DRV:64bit: - [2009/08/15 12:10:34 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2009/08/15 12:10:34 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/15 12:10:34 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/07/21 15:32:50 | 007,345,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 14:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 16:53:32 | 000,716,288 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/29 22:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2011/03/19 17:04:05 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2010/12/16 09:00:00 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110319.003\EX64.SYS -- (NAVEX15)
DRV - [2010/12/16 09:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110319.003\ENG64.SYS -- (NAVENG)
DRV - [2010/11/22 02:18:46 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/11/09 00:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110317.002\IDSviA64.sys -- (IDSVia64)
DRV - [2010/08/29 03:08:46 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk
IE - HKCU\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/09/01 06:10:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Broadband Toolbar Loader) - {776a9d06-e178-4aa0-aee4-b4de3a64ad28} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {e6ed7f95-e571-4f81-8757-5eb11252703d} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Easybits Recovery] File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1296293777\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/07/02 11:07:42 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/20 14:53:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/20 12:45:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/19 17:47:35 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Desktop\tdsskiller
[2011/03/19 16:28:45 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Desktop\RK_Quarantine
[2011/03/19 13:33:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.com
[2011/03/19 13:32:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.scr
[2011/03/19 13:29:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.exe
[2011/03/19 12:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\mLaJkLf16633
[2011/03/15 18:53:20 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Desktop\Lisa Batala recording
[2011/03/15 18:52:27 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Desktop\Debbie Glasto recording
[2011/03/14 23:41:50 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Documents\Digital Wave Player
[2011/03/14 23:41:13 | 000,086,016 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\Windows\SysWow64\STRDEVAPI.dll
[2011/03/14 23:41:04 | 000,073,728 | ---- | C] (OLYMPUS OPTICAL CO.,LTD.) -- C:\Windows\SysWow64\DW90USB.DLL
[2011/03/14 23:41:04 | 000,073,728 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\Windows\SysWow64\VNUSB.dll
[2011/03/14 23:41:04 | 000,039,096 | ---- | C] (OLYMPUS OPTICAL CO.,LTD.) -- C:\Windows\SysWow64\drivers\DW90USB.SYS
[2011/03/14 23:41:04 | 000,038,496 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\Windows\SysWow64\drivers\VNUSB.sys
[2011/03/14 23:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Olympus Digital Wave Player
[2011/03/14 23:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Olympus
[2011/03/14 14:57:21 | 000,000,000 | ---D | C] -- C:\Users\nhvh\AppData\Roaming\Friday's games
[2011/03/14 14:56:42 | 000,000,000 | ---D | C] -- C:\Users\nhvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stray Souls - Dollhouse Story
[2011/03/14 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stray Souls - Dollhouse Story
[2011/03/14 14:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stray Souls - Dollhouse Story
[2011/03/14 13:03:12 | 000,000,000 | ---D | C] -- C:\Users\nhvh\AppData\Roaming\CursedOnboard
[2011/03/14 12:56:33 | 000,000,000 | ---D | C] -- C:\Users\nhvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Adventures - Cursed Onboard
[2011/03/14 12:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Adventures - Cursed Onboard
[2011/03/14 12:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epic Adventures - Cursed Onboard
[2011/03/14 12:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011/03/09 13:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/03/09 13:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/27 19:33:52 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Documents\McFeggan Burials

========== Files - Modified Within 30 Days ==========

[2011/03/20 14:56:18 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/20 14:56:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/20 14:56:00 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/20 14:50:58 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/20 12:57:21 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/20 12:57:21 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/19 17:04:05 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/03/19 16:29:39 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/19 16:29:39 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/19 16:29:39 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/19 16:26:06 | 001,001,472 | ---- | M] () -- C:\Users\nhvh\Desktop\RogueKiller.exe
[2011/03/19 13:33:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.com
[2011/03/19 13:32:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.scr
[2011/03/19 13:29:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.exe
[2011/03/14 23:41:14 | 000,001,965 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
[2011/03/14 12:47:16 | 000,001,720 | ---- | M] () -- C:\Users\nhvh\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2011/03/14 12:47:16 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2011/02/28 22:04:48 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/02/28 22:02:30 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job

========== Files Created - No Company Name ==========

[2011/03/19 17:01:33 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/03/19 16:28:32 | 001,001,472 | ---- | C] () -- C:\Users\nhvh\Desktop\RogueKiller.exe
[2011/03/14 23:41:14 | 000,001,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
[2011/03/14 23:41:13 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\OdiOlDVR.dll
[2011/03/14 23:41:09 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\OdiAPI.dll
[2011/01/29 09:31:05 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/12 18:03:37 | 000,000,440 | ---- | C] () -- C:\Users\nhvh\AppData\Roaming\prefsdb.dat
[2010/11/02 17:00:16 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/07 22:22:54 | 000,357,424 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpNOTTING HILL 057.JPG
[2010/09/07 22:22:34 | 000,228,845 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpNOTTING HILL 056.0
[2010/09/07 22:22:34 | 000,145,758 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpNOTTING HILL 056.JPG
[2010/09/07 22:12:27 | 000,556,462 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpNOTTING HILL 057.0
[2010/09/07 18:31:42 | 000,833,096 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpJAMES MAC WILL 1817 001.0
[2010/09/07 18:31:42 | 000,819,526 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpJAMES MAC WILL 1817 001.JPG
[2010/09/07 17:09:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/29 17:38:24 | 000,000,122 | ---- | C] () -- C:\Users\nhvh\AppData\Roaming\wklnhst.dat
[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/15 20:20:52 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/08/15 20:20:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/08/15 20:20:52 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/08/15 20:20:51 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/08/15 12:09:19 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/10/29 11:56:10 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\AVG10
[2010/08/31 20:15:26 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Big Fish Games
[2011/03/14 13:03:12 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\CursedOnboard
[2011/01/09 23:47:04 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\DAEMON Tools Lite
[2010/12/19 01:11:53 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Floodlight Games
[2011/03/14 14:57:21 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Friday's games
[2010/12/01 23:31:28 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\GameMill Entertainment
[2010/08/31 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Gogii
[2010/11/10 17:24:14 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\MA2
[2010/11/20 22:32:08 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\MumboJumbo
[2010/12/12 01:17:32 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Orneon
[2010/11/12 18:04:14 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\perfect future studio
[2011/01/29 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Phantasmat_bf_ce1
[2010/10/10 20:07:07 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\PlayFirst
[2011/01/09 23:50:59 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\ProtectDisc
[2011/01/13 22:41:55 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\ScummVM
[2010/11/11 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Skinux
[2010/12/04 19:46:32 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\TeamViewer
[2010/08/29 17:38:26 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Template
[2011/01/10 00:01:29 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\The Games Company
[2010/11/22 22:57:20 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\URSE Games
[2010/12/11 21:03:07 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Vast Studios
[2010/08/30 12:41:34 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\WinBatch
[2011/02/28 22:02:30 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2011/02/28 22:04:48 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/01/17 11:11:17 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:6114B257
@Alternate Data Stream - 243 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:9812B773
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:29F0CA7D
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:D9656460
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:A6D89509
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:774A0E14
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:8684F6F0
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:4A77A28B
@Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:FB7C1D10
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:1E17A249
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:329BA65B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:B3196E8D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:53B8C5D2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:2F1D743F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:6BFA43EB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:AFB24B00
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:59846E5E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:AECF4772
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:95198126

< End of report >
  • 0

Advertisements

#17
azarl
Posted 20 March 2011 - 09:10 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
» Step 1 «

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

» Step 2 «
Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

  • On the first tab select all elements down to Computer and then select start scan
  • Once it has finished select Report and post it in your next reply

Posted Image
  • 0

#18
Trixsteruk
Posted 20 March 2011 - 12:34 PM

Trixsteruk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6111

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20/03/2011 15:56:42
mbam-log-2011-03-20 (15-56-42).txt

Scan type: Quick scan
Objects scanned: 162914
Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Kaspersky below



Autoscan: completed 3 minutes ago (events: 2, objects: 442571, time: 01:41:50)
20/03/2011 16:48:28 Task started
20/03/2011 18:30:18 Task completed

Edited by Trixsteruk, 20 March 2011 - 12:35 PM.

  • 0

#19
azarl
Posted 20 March 2011 - 03:36 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
How does it seem now?
  • 0

#20
Trixsteruk
Posted 20 March 2011 - 07:42 PM

Trixsteruk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
It seems fine now, thank you very much indeed, it is greatly appreciated :D
  • 0

#21
azarl
Posted 21 March 2011 - 02:28 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Your logs are now clean - you are clear or seem to be. Please advise me if you still have any problems.

OTL Cleanup
Run OTL and click the cleanup button. It will remove all the programmes we have used plus itself.

Preventing re-infection
Now that your system is clear, there are a number of steps you can take to prevent re-infection

It is critical that you have both a firewall and anti virus to protect your system and to keep them updated.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Winpatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found Here
SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
MVPS Hosts File - Blocks known bad sites by adding them to your Hosts file thereby preventing you from accessing them
TFC (Temp File Cleaner)- Cleans an enormous amount of junk held in temporary files and disposes of any malware lurking there.
Anti Spyware Program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware

Browsers
Consider using FIREFOX or OPERA, both are free to use and are more secure than IE. If you are using Firefox you can stay more secure by adding NoScript and WOT (Web Of Trust). NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.


Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • Run Internet Explorer
  • Click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Updates
From time to time, software vendors introduce updates for their products. Sometimes these are to enhance the product, but often they are to repair an exploitable vulnerability. You may like to consider installing Secunia PSI. This is a free application (for home users) that sits in the system tray and alerts you when security updates are available, and where from. Secunia PSI can be downloaded from HERE
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP