Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirects and No Sound on Internet (youtube)


  • This topic is locked This topic is locked

#1
Grantsch

Grantsch

    Member

  • Member
  • PipPip
  • 11 posts
I recently have got a virus on my computer, and have searched all over the internet for a way to fix it but I can't find one. I have windows Vista and if I search on google and click on the link it redirects me to a advertising site. Also, sound works with things offline, but anything online like youtube will not work. Please help me. Thanks.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I will need a little more info before I can commence any cleaning

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 567KB ) to your desktop.

Double click the aswMBR.exe to run it

If you have Avast installed then click the AV engine drop down and select quickscan. If not and you are prepared to download the latest virus database then select quickscan
If you do not want to download the database then select none in the drop down - this is an upgraded version that I am trialing and will double as an antivirus scan as well as an MBR check

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Grantsch

Grantsch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is OTL.Txt

OTL logfile created on: 6/17/2011 3:08:25 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Karen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 66.04% Memory free
6.20 Gb Paging File | 4.81 Gb Available in Paging File | 77.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.52 Gb Total Space | 347.08 Gb Free Space | 76.03% Space Free | Partition Type: NTFS
Drive D: | 9.24 Gb Total Space | 1.25 Gb Free Space | 13.50% Space Free | Partition Type: NTFS

Computer Name: HOME-COMPUTER | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 15:02:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/06 17:18:48 | 000,380,416 | ---- | M] () -- C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/13 12:48:14 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
PRC - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/05 08:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/08/05 08:46:00 | 001,016,792 | ---- | M] (PC Tool) -- C:\Program Files\Registry Mechanic\Alert.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/15 07:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


========== Modules (SafeList) ==========

MOD - [2011/06/17 15:02:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/05/08 13:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 13:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 15:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/03 12:18:12 | 000,099,840 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2001/05/07 06:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2646239008-2084633532-2222816099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2646239008-2084633532-2222816099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2646239008-2084633532-2222816099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2646239008-2084633532-2222816099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2646239008-2084633532-2222816099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2011/06/11 22:39:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/06/16 09:32:26 | 000,000,000 | ---D | M]

[2011/02/26 18:00:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions
[2011/02/26 18:00:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/11 22:39:19 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/06/11 22:39:19 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/06/11 22:39:19 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2646239008-2084633532-2222816099-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2646239008-2084633532-2222816099-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2646239008-2084633532-2222816099-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://connect.spec...ca32/wficat.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Karen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Karen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/18 07:26:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 14:55:01 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2011/06/17 09:16:25 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/06/16 09:32:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/13 10:39:01 | 000,109,088 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
[2011/06/12 14:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/06/12 14:01:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/06/12 14:01:23 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/06/12 14:01:23 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/06/12 12:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/12 12:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/12 12:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/11 21:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/06/11 21:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/07 20:35:00 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\PackageAware
[2011/06/05 10:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/06/02 19:21:33 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\Avira
[2011/06/02 19:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/06/02 19:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/06/02 17:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/06/02 17:21:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/02 17:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2008/07/15 15:03:55 | 000,308,600 | ---- | C] (Symantec Corporation) -- C:\ProgramData\NortonProtectionMemo.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Karen\AppData\Local\*.tmp files -> C:\Users\Karen\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 15:02:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2011/06/17 14:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/17 14:52:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/17 13:21:55 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 13:21:55 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 09:22:13 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/06/17 09:22:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/17 09:21:49 | 3211,042,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 20:48:23 | 000,016,384 | ---- | M] () -- C:\Users\Karen\Documents\bob resume.wps
[2011/06/16 19:00:04 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2011/06/16 18:10:02 | 000,023,552 | ---- | M] () -- C:\Users\Karen\Documents\K - Resume - Executive Assist.wps
[2011/06/16 18:01:10 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/16 18:01:10 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/16 09:32:27 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/14 18:22:31 | 311,572,696 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/13 10:31:37 | 000,000,905 | ---- | M] () -- C:\Users\Karen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/13 10:07:49 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/06/13 10:07:49 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/06/13 10:07:40 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/06/12 14:01:26 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/06/12 12:30:28 | 000,001,626 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/07 18:22:35 | 000,001,356 | ---- | M] () -- C:\Users\Karen\AppData\Local\d3d9caps.dat
[2011/05/31 17:29:52 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~50126584r
[2011/05/31 17:29:52 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~50126584
[2011/05/31 17:29:47 | 000,000,336 | -H-- | M] () -- C:\ProgramData\50126584
[2011/05/27 23:02:48 | 000,106,442 | -H-- | M] () -- C:\Users\Karen\Desktop\youtube video.htm
[2011/05/23 21:39:01 | 000,000,000 | -H-- | M] () -- C:\Users\Karen\AppData\Local\{D286D14A-3E59-4A1A-9123-40DF76C8C686}
[2011/05/23 21:08:04 | 000,010,774 | -HS- | M] () -- C:\Users\Karen\AppData\Local\flg68ex23ay01fq84he27a302
[2011/05/23 21:08:04 | 000,010,774 | -HS- | M] () -- C:\ProgramData\flg68ex23ay01fq84he27a302
[2011/05/22 13:34:34 | 000,000,129 | ---- | M] () -- C:\Users\Karen\jagex_runescape_preferences2.dat
[2011/05/22 13:34:34 | 000,000,034 | ---- | M] () -- C:\Users\Karen\jagex_runescape_preferences.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Karen\AppData\Local\*.tmp files -> C:\Users\Karen\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 09:21:03 | 000,001,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2011/06/17 08:59:57 | 3211,042,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/16 20:48:23 | 000,016,384 | ---- | C] () -- C:\Users\Karen\Documents\bob resume.wps
[2011/06/16 18:10:01 | 000,023,552 | ---- | C] () -- C:\Users\Karen\Documents\K - Resume - Executive Assist.wps
[2011/06/16 09:32:27 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/16 09:32:26 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/13 10:07:40 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/06/12 14:01:26 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/06/12 12:30:28 | 000,001,626 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/31 17:29:52 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~50126584r
[2011/05/31 17:29:51 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~50126584
[2011/05/31 17:29:47 | 000,000,336 | -H-- | C] () -- C:\ProgramData\50126584
[2011/05/27 23:02:47 | 000,106,442 | -H-- | C] () -- C:\Users\Karen\Desktop\youtube video.htm
[2011/05/23 21:38:48 | 000,000,000 | -H-- | C] () -- C:\Users\Karen\AppData\Local\{D286D14A-3E59-4A1A-9123-40DF76C8C686}
[2011/05/23 20:57:45 | 000,010,774 | -HS- | C] () -- C:\Users\Karen\AppData\Local\flg68ex23ay01fq84he27a302
[2011/05/23 20:57:45 | 000,010,774 | -HS- | C] () -- C:\ProgramData\flg68ex23ay01fq84he27a302
[2010/12/31 22:14:01 | 001,124,568 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2010/09/27 21:20:10 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2010/02/19 21:05:25 | 000,000,202 | ---- | C] () -- C:\Windows\disneysy.ini
[2009/12/23 14:45:17 | 000,000,620 | ---- | C] () -- C:\Windows\eReg.dat
[2009/09/18 12:41:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 12:41:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/13 10:47:05 | 000,024,206 | -H-- | C] () -- C:\Users\Karen\AppData\Roaming\UserTile.png
[2009/01/27 20:01:50 | 000,000,275 | ---- | C] () -- C:\Windows\EReg072.dat
[2009/01/27 19:52:26 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ealtest.exe
[2008/09/03 16:48:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/22 21:52:49 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2008/08/22 21:52:38 | 000,000,019 | ---- | C] () -- C:\Windows\Sierra.ini
[2008/05/23 17:38:53 | 000,000,550 | ---- | C] () -- C:\Windows\PowerReg.dat
[2008/05/23 08:41:17 | 000,022,678 | -H-- | C] () -- C:\Users\Karen\AppData\Roaming\wklnhst.dat
[2008/05/20 16:41:29 | 000,003,666 | ---- | C] () -- C:\Windows\wininit.ini
[2008/05/17 21:33:02 | 000,056,832 | ---- | C] () -- C:\Windows\System32\IYVU9_32.DLL
[2008/05/11 19:46:39 | 000,000,507 | ---- | C] () -- C:\Windows\EReg515.dat
[2008/05/11 19:45:17 | 000,000,904 | ---- | C] () -- C:\Windows\disney.ini
[2008/05/10 19:31:33 | 000,000,711 | ---- | C] () -- C:\Windows\EReg077.dat
[2008/05/10 19:27:30 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
[2008/04/30 00:59:55 | 000,093,184 | ---- | C] () -- C:\Users\Karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/27 20:52:14 | 004,194,441 | -H-- | C] () -- C:\Users\Karen\AppData\Roaming\sdi.db
[2008/04/27 20:49:55 | 000,001,356 | ---- | C] () -- C:\Users\Karen\AppData\Local\d3d9caps.dat
[2007/11/18 07:27:04 | 000,000,060 | ---- | C] () -- C:\Windows\System32\HP_Demo.ini
[2007/11/18 07:18:22 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/11/18 07:13:56 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/11/18 07:11:29 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/11/18 07:11:29 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/11/18 07:04:23 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2007/11/18 07:04:23 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/11/18 07:04:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007/11/18 07:04:23 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,322,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2008/05/02 14:49:36 | 000,000,000 | ---D | M] -- C:\Users\Grant\AppData\Roaming\Snapfish
[2011/04/20 18:47:24 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\.minecraft
[2009/01/28 16:36:27 | 000,000,000 | -H-D | M] -- C:\Users\Karen\AppData\Roaming\7Wonders
[2010/12/30 23:12:22 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\eMusic
[2011/01/02 10:52:10 | 000,000,000 | -H-D | M] -- C:\Users\Karen\AppData\Roaming\Firefly Studios
[2011/06/11 22:40:12 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\GetRightToGo
[2011/06/11 22:40:12 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\ICAClient
[2008/05/01 08:22:51 | 000,000,000 | -H-D | M] -- C:\Users\Karen\AppData\Roaming\MSNInstaller
[2011/01/07 19:10:36 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\OpenOffice.org
[2009/02/13 10:47:05 | 000,000,000 | -H-D | M] -- C:\Users\Karen\AppData\Roaming\PeerNetworking
[2011/06/11 22:40:14 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Philips-Songbird
[2008/06/11 13:00:36 | 000,000,000 | -H-D | M] -- C:\Users\Karen\AppData\Roaming\PlayFirst
[2010/10/18 19:02:36 | 000,000,000 | -H-D | M] -- C:\Users\Karen\AppData\Roaming\Registry Mechanic
[2009/06/28 21:59:34 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Snapfish
[2008/05/23 08:41:18 | 000,000,000 | -H-D | M] -- C:\Users\Karen\AppData\Roaming\Template
[2008/07/02 05:55:51 | 000,000,000 | -H-D | M] -- C:\Users\Karen\AppData\Roaming\WinBatch
[2011/06/16 19:00:04 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2011/06/17 09:21:08 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %USERPROFILE%\..|smtmp;true;true;true /FP >
[2011/05/31 17:23:45 | 000,000,000 | ---D | M] -- C:\Users\Karen\..\Karen\AppData\Local\Temp\smtmp
[2011/05/31 17:23:45 | 000,000,000 | ---D | M] -- C:\Users\Karen\..\Karen\AppData\Local\Temp\smtmp\1


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/06/13 10:07:40 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/06/13 10:07:40 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/06/13 10:07:40 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/06/13 10:07:41 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/06/13 10:07:41 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/06/13 10:07:40 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/06/13 10:07:40 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/06/13 10:07:40 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/06/13 10:07:41 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/06/13 10:07:41 | 000,748,336 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Attached Files

  • Attached File  OTL.Txt   66.94KB   90 downloads

  • 0

#4
Grantsch

Grantsch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is Extras.Txt. Thanks.

Attached Files


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Out of curiosity did you decide to run aswMBR with or without the virus scan
  • 0

#6
Grantsch

Grantsch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
This is the other one.

Attached Files


  • 0

#7
Grantsch

Grantsch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I did it with the Avast.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thank you could you give me a rough idea of whether is is fast or slow as I will be feeding all this back to the developer

Also are you missing anything from your start folder or does it all look good
  • 0

#9
Grantsch

Grantsch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
The scan was pretty fast, another folder called MBR.dat was created but when I click on it, it says windows cannot open this folder. Also, after the scan it gave me the option to click fix, but I did not do that. Do you want me to?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No but could you post the aswMBR.TXT which should be on your desktop
  • 0

Advertisements


#11
Grantsch

Grantsch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I posted it above, but here it is again.

Attached Files


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry for the delay I had to go out .. I reckon it is a TDL3 infection so lets clear that and the hangers on. On completion can you let me know what problems remain

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

THEN

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-2646239008-2084633532-2222816099-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    [2011/05/31 17:29:52 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~50126584r
    [2011/05/31 17:29:52 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~50126584
    [2011/05/31 17:29:47 | 000,000,336 | -H-- | M] () -- C:\ProgramData\50126584
    [2011/05/27 23:02:48 | 000,106,442 | -H-- | M] () -- C:\Users\Karen\Desktop\youtube video.htm
    [2011/05/23 21:39:01 | 000,000,000 | -H-- | M] () -- C:\Users\Karen\AppData\Local\{D286D14A-3E59-4A1A-9123-40DF76C8C686}
    [2011/05/23 21:08:04 | 000,010,774 | -HS- | M] () -- C:\Users\Karen\AppData\Local\flg68ex23ay01fq84he27a302
    [2011/05/23 21:08:04 | 000,010,774 | -HS- | M] () -- C:\ProgramData\flg68ex23ay01fq84he27a302

    :Files
    C:\Users\Karen\AppData\Local\flg68ex23ay01fq84he27a302
    C:\ProgramData\flg68ex23ay01fq84he27a302
    ipconfig /flushdns /c
    attrib -H c:\*.* /s /d /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

AND FINALY

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#13
Grantsch

Grantsch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
When I double click on TDSSKiller.exe, it asks me for permission to continue. I clicked on continue and then nothing happens. It doesn't open.
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case your Volsnap is probably infected with TDL3


Run the OTL fix first and then .......

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#15
Grantsch

Grantsch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the log. Now what do I do? Thanks.

ComboFix 11-06-17.04 - Karen 06/17/2011 18:24:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.2067 [GMT -4:00]
Running from: c:\users\Karen\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\desktop
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 22:37 . 2011-06-17 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-17 22:37 . 2011-06-17 22:37 -------- d-----w- c:\users\Grant\AppData\Local\temp
2011-06-17 22:16 . 2011-06-17 22:16 -------- d-----w- C:\_OTL
2011-06-16 13:34 . 2011-06-16 13:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-15 07:08 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-15 07:08 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 07:08 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-14 22:29 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-14 22:29 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-14 22:29 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-14 22:26 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-14 22:26 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-14 22:26 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-14 22:26 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-14 22:26 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-14 22:26 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-14 22:26 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-13 14:39 . 2009-02-11 16:48 109088 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2011-06-12 18:01 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-12 18:01 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-12 16:47 . 2011-06-12 16:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-12 16:29 . 2011-06-12 16:30 -------- d-----w- c:\program files\iTunes
2011-06-12 03:08 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2DF57354-09D9-4DCD-A655-5BA1D304A594}\mpengine.dll
2011-06-12 01:26 . 2011-06-12 01:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-12 01:26 . 2011-06-12 01:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-08 00:35 . 2011-06-08 00:35 -------- d-----w- c:\users\Karen\AppData\Local\PackageAware
2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-06-05 14:04 . 2011-06-05 14:04 -------- d-----w- c:\programdata\Hitman Pro
2011-06-02 23:21 . 2011-06-02 23:21 -------- d-----w- c:\users\Karen\AppData\Roaming\Avira
2011-06-02 23:18 . 2011-06-02 23:18 -------- d-----w- c:\programdata\Avira
2011-06-02 23:18 . 2011-06-02 23:18 -------- d-----w- c:\program files\Avira
2011-06-02 21:26 . 2011-06-02 23:12 -------- d-----w- c:\programdata\AVG10
2011-06-02 21:21 . 2011-06-02 21:21 -------- d--h--w- c:\programdata\Common Files
2011-06-02 21:21 . 2011-06-02 23:10 -------- d-----w- c:\programdata\MFAData
2011-05-24 01:39 . 2011-05-24 01:39 0 ---ha-w- c:\users\Karen\AppData\Local\BITF0F2.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 23:14 . 2009-10-03 11:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-27 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-01-19 942080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-05-06 380416]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-27 150552]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-27 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-11-03 182808]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-27 173592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 21:36]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 21:36]
.
2011-06-16 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-09-28 12:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-Trophy Bass 3D Demo - c:\dynamix\Trophy Bass 3D Demo\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 18:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2646239008-2084633532-2222816099-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-17 18:42:53
ComboFix-quarantined-files.txt 2011-06-17 22:42
.
Pre-Run: 370,225,008,640 bytes free
Post-Run: 370,937,114,624 bytes free
.
- - End Of File - - 55641A1973E59517D786A6B025F5EEE4

Attached Files

  • Attached File  log.txt   10.29KB   98 downloads

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP