Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

a trojan attack


  • This topic is locked This topic is locked

#1
jjason123

jjason123

    New Member

  • Member
  • Pip
  • 2 posts
Ran Symantec on this machine and pulled up maljava and byte verify trojans. Computer has been acting a little funny. Slow at startup. Mozilla taking forever to load. I'm trying to better the situation. Does anything jump out at you

THANKS!!!





OTL logfile created on: 6/17/2011 5:55:08 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Jason\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 36.75% Memory free
4.22 Gb Paging File | 2.72 Gb Available in Paging File | 64.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.49 Gb Total Space | 57.01 Gb Free Space | 40.01% Space Free | Partition Type: NTFS
Drive D: | 6.56 Gb Total Space | 0.67 Gb Free Space | 10.21% Space Free | Partition Type: NTFS

Computer Name: AUTOSTRADA-TO-T | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 17:53:54 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Downloads\OTL.exe
PRC - [2011/04/29 17:40:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/24 18:31:36 | 000,629,336 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
PRC - [2010/07/13 17:26:12 | 004,302,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010/07/13 17:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010/07/13 17:26:10 | 002,533,232 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2010/07/13 17:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/08 06:35:55 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/03/29 17:14:29 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/11/28 06:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2006/11/22 17:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/04/18 00:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE


========== Modules (SafeList) ==========

MOD - [2011/06/17 17:53:54 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Downloads\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (ONDA Autorun CDROM Monitor)
SRV - File not found [On_Demand | Stopped] -- -- (AddFiltr)
SRV - [2010/07/13 17:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010/07/13 17:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2009/04/08 06:35:55 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/04/18 00:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2004/10/22 07:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/06/10 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110610.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/10 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110610.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/13 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/13 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/19 17:52:36 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/09/21 19:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/06/09 11:16:42 | 003,482,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/04/11 01:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/01/21 19:52:07 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/09 20:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/06/20 09:03:34 | 000,041,472 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/10/31 18:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/24 12:58:54 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/02/27 06:39:26 | 000,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/01/22 09:00:00 | 000,139,008 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rdwm1046.sys -- (RDID1046)
DRV - [2007/01/22 02:55:00 | 000,056,704 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rdwm1053.sys -- (RDID1053)
DRV - [2006/12/12 11:06:40 | 000,148,992 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/22 16:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/22 16:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/22 16:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/16 05:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/16 00:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 22:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/09 05:02:30 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/10/10 07:53:48 | 000,005,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/10/06 14:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/06/28 13:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/02/16 11:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\eMusic Remote\remoteExt
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 17:40:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 20:44:06 | 000,000,000 | ---D | M]

[2010/04/12 05:21:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2010/04/12 05:21:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/16 22:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\qs0jjpan.default\extensions
[2009/09/02 14:27:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\qs0jjpan.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/01 17:25:59 | 000,000,000 | ---D | M] (ShopToWin2) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\qs0jjpan.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2011/06/15 22:09:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\qs0jjpan.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/01 23:09:31 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\qs0jjpan.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/06/16 22:42:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\qs0jjpan.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/24 20:52:11 | 000,000,000 | ---D | M] (yogurttree) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\qs0jjpan.default\extensions\[email protected]
[2011/03/24 20:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/21 16:58:36 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
[2010/04/28 03:37:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/25 10:23:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 18:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/25 18:43:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/26 12:24:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\EMUSIC REMOTE\XULRUNNER\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\EMUSIC REMOTE\XULRUNNER\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\EMUSIC REMOTE\XULRUNNER\EXTENSIONS\[email protected]
[2011/04/29 17:40:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jason\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Jason\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jason\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/18 02:06:55 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{53e79252-e811-11dd-9604-001b243111e9}\Shell\AutoRun\command - "" = F:\.\EDmini_LogOn.exe
O33 - MountPoints2\{ac32ae13-9cca-11dc-ae8a-001b243111e9}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O33 - MountPoints2\{b6475d64-4918-11dc-92b5-001b243111e9}\Shell\AutoRun\command - "" = F:\InstallSeagateManager.exe
O33 - MountPoints2\{bc92cb51-e816-11dd-956d-001b243111e9}\Shell - "" = AutoRun
O33 - MountPoints2\{bc92cb51-e816-11dd-956d-001b243111e9}\Shell\AutoRun\command - "" = G:\RunGame.exe
O33 - MountPoints2\{d5a60eb7-33ff-11de-9fd0-001b243111e9}\Shell - "" = AutoRun
O33 - MountPoints2\{d5a60eb7-33ff-11de-9fd0-001b243111e9}\Shell\AutoRun\command - "" = H:\Windows\AutoRun.exe
O33 - MountPoints2\{dcb36853-5f4b-11dd-8360-001b243111e9}\Shell - "" = AutoRun
O33 - MountPoints2\{dcb36853-5f4b-11dd-8360-001b243111e9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{fac533b6-da5b-11de-9d52-001b243111e9}\Shell\AutoRun\command - "" = H:\Setup_FlipShare.exe
O33 - MountPoints2\{fac533b6-da5b-11de-9d52-001b243111e9}\Shell\Setup FlipShare\command - "" = H:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 17:59:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Updater5
[2011/06/16 19:46:33 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\sound
[2011/06/16 19:45:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\books
[2011/06/16 19:44:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\resumes
[2011/06/16 17:42:47 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/16 17:42:40 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/16 17:42:40 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/16 17:42:32 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/16 17:42:30 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/06/16 17:42:28 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/06/03 22:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/06/03 22:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/05/30 11:23:32 | 000,000,000 | ---D | C] -- C:\2011website
[2007/07/04 15:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007/06/22 19:03:32 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\Jason\AppData\Roaming\REX Shared Library.dll
[2007/06/22 19:03:32 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\Jason\AppData\Roaming\Rewire.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jason\*.tmp files -> C:\Users\Jason\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 18:05:27 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{24BC2FB2-A5AC-4734-A14D-506CF985B1FA}.job
[2011/06/17 17:37:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/17 16:43:50 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/17 16:43:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 16:43:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 16:43:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/17 16:42:15 | 2137,055,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 23:50:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/16 20:40:57 | 000,104,448 | ---- | M] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/16 19:40:22 | 000,669,814 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/16 19:40:22 | 000,128,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/15 17:05:40 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJason.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jason\*.tmp files -> C:\Users\Jason\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/09/17 20:15:20 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2010/03/05 11:35:00 | 000,002,554 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2010/01/20 12:00:06 | 000,130,251 | ---- | C] () -- C:\Windows\hpoins13.dat.temp
[2010/01/20 12:00:06 | 000,000,811 | ---- | C] () -- C:\Windows\hpomdl13.dat.temp
[2010/01/17 19:32:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/17 04:04:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 04:04:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 09:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 05:46:52 | 000,170,456 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/06/09 11:16:42 | 003,482,240 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/02/11 11:45:02 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/01/22 18:58:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/01/21 20:04:31 | 000,000,547 | ---- | C] () -- C:\Windows\eReg.dat
[2008/10/12 06:03:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/20 09:03:35 | 000,005,120 | ---- | C] () -- C:\Windows\System32\haspvdd.dll
[2008/06/20 09:03:35 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2008/06/20 09:03:07 | 000,000,000 | ---- | C] () -- C:\Windows\Hinstall.INI
[2008/06/20 09:02:34 | 000,041,472 | ---- | C] () -- C:\Windows\System32\drivers\Haspnt.sys
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/31 10:50:56 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/01/06 05:47:20 | 000,001,356 | ---- | C] () -- C:\Users\Jason\AppData\Local\d3d9caps.dat
[2008/01/04 17:58:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/12/27 18:41:01 | 000,121,356 | ---- | C] () -- C:\Windows\hpoins15.dat
[2007/12/27 18:41:01 | 000,001,037 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2007/12/20 11:35:43 | 000,002,835 | ---- | C] () -- C:\Windows\checkip.dat
[2007/12/15 06:45:06 | 000,000,032 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ATE
[2007/11/16 08:54:07 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2007/11/16 08:54:07 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2007/11/16 08:54:07 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2007/11/16 08:54:07 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2007/11/16 08:54:07 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2007/11/16 08:54:07 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2007/11/16 08:54:07 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2007/11/16 08:54:07 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2007/11/16 08:54:07 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2007/11/16 08:54:07 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2007/11/16 08:54:07 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2007/11/16 08:54:07 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2007/11/16 08:54:07 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2007/11/16 08:54:07 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2007/11/16 08:54:07 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2007/11/16 08:54:07 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2007/11/16 08:54:07 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2007/11/16 08:54:07 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2007/11/16 08:54:07 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/11/16 08:51:52 | 000,000,025 | ---- | C] () -- C:\Windows\CDED92Euro.ini
[2007/10/06 06:07:20 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/09/10 09:30:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\RdCi1053.dll
[2007/09/10 09:30:25 | 000,004,088 | ---- | C] () -- C:\Windows\System32\Rd3t1053.DAT
[2007/09/10 06:42:20 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2007/09/04 09:13:19 | 000,024,206 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\UserTile.png
[2007/08/10 15:10:36 | 000,012,800 | ---- | C] () -- C:\Windows\System32\RdCi1046.dll
[2007/08/10 15:10:36 | 000,004,088 | ---- | C] () -- C:\Windows\System32\RD3T1046.DAT
[2007/08/10 14:59:19 | 000,104,448 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/07 14:52:16 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2007/08/07 14:50:46 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
[2007/08/07 13:01:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/08/06 17:26:19 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2007/07/05 11:46:21 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/02/26 13:54:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1187.dll
[2006/12/18 01:06:22 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/29 03:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/06 07:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 001,723,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,669,814 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,128,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 03:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 03:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/05/19 09:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/08 00:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

< End of report >
  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Sorry for the delay

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [] File not found
    O33 - MountPoints2\{53e79252-e811-11dd-9604-001b243111e9}\Shell\AutoRun\command - "" = F:\.\EDmini_LogOn.exe
    O33 - MountPoints2\{ac32ae13-9cca-11dc-ae8a-001b243111e9}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
    O33 - MountPoints2\{b6475d64-4918-11dc-92b5-001b243111e9}\Shell\AutoRun\command - "" = F:\InstallSeagateManager.exe
    O33 - MountPoints2\{bc92cb51-e816-11dd-956d-001b243111e9}\Shell - "" = AutoRun
    O33 - MountPoints2\{bc92cb51-e816-11dd-956d-001b243111e9}\Shell\AutoRun\command - "" = G:\RunGame.exe
    O33 - MountPoints2\{d5a60eb7-33ff-11de-9fd0-001b243111e9}\Shell - "" = AutoRun
    O33 - MountPoints2\{d5a60eb7-33ff-11de-9fd0-001b243111e9}\Shell\AutoRun\command - "" = H:\Windows\AutoRun.exe
    O33 - MountPoints2\{dcb36853-5f4b-11dd-8360-001b243111e9}\Shell - "" = AutoRun
    O33 - MountPoints2\{dcb36853-5f4b-11dd-8360-001b243111e9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
    O33 - MountPoints2\{fac533b6-da5b-11de-9d52-001b243111e9}\Shell\AutoRun\command - "" = H:\Setup_FlipShare.exe
    O33 - MountPoints2\{fac533b6-da5b-11de-9d52-001b243111e9}\Shell\Setup FlipShare\command - "" = H:\Setup_FlipShare.exe
    [2010/09/17 20:15:20 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
    [2010/01/17 19:32:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/01/22 18:58:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2007/08/07 14:52:16 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
    [2007/08/07 14:50:46 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#3
jjason123

jjason123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
OTL (it froze up and I had to manually restart. this is what i got after.)

Files\Folders moved on Reboot...
C:\Users\Jason\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

malwarebytes

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6919

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

6/22/2011 11:54:27 AM
mbam-log-2011-06-22 (11-54-27).txt

Scan type: Quick scan
Objects scanned: 195796
Time elapsed: 12 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

11:41:57 Jason MESSAGE Protection started successfully
11:42:02 Jason MESSAGE IP Protection started successfully
  • 0

#4
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#5
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP