Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Java Popup

Started by instigata , Oct 16 2011 04:02 AM

  • This topic is locked This topic is locked

#16
instigata
Posted 18 October 2011 - 02:24 PM

instigata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hmm..long story about the admin bit. I ran your commands one by one, as the first time I tried in full and I got an error saying Hosts file can not be created. So skipped that and did everything. The following is the log:


OTL logfile created on: 18/10/2011 21:10:51 - Run 5
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Documents and Settings\Laptop\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.91% Memory free
3.33 Gb Paging File | 2.86 Gb Available in Paging File | 85.91% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 115.38 Gb Free Space | 77.41% Space Free | Partition Type: NTFS
Drive E: | 938.25 Mb Total Space | 610.69 Mb Free Space | 65.09% Space Free | Partition Type: FAT

Computer Name: Workstation | User Name: Laptop | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Laptop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Laptop\Application Data\Trusteer\Rapport\app\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Documents and Settings\Laptop\Local Settings\Application Data\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Documents and Settings\Laptop\Local Settings\Application Data\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Laptop\Application Data\Trusteer\Rapport\app\bin\js32.dll ()
MOD - C:\Documents and Settings\Laptop\Application Data\Trusteer\Rapport\user\store\exts\RapportMS\28896\RapportMS.dll ()
MOD - C:\Program Files\McAfee\Common Framework\naXML71.dll ()
MOD - C:\Program Files\McAfee\Common Framework\naisign.dll ()
MOD - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {B4184744-9F8F-43D0-B62C-795BB1859915}:1.9.1
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: {65e41d20-f092-41b7-bb83-c6e8a9ab0f57}:1.0
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {a6fd85ed-e919-4a43-a5af-8da18bda539f}:1.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/06 20:41:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/06 20:41:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/06 20:38:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B4184744-9F8F-43D0-B62C-795BB1859915}: C:\Documents and Settings\Laptop\Local Settings\Application Data\{B4184744-9F8F-43D0-B62C-795BB1859915} [2010/06/14 12:51:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F1F2E80E-0C1D-49B4-BF4B-927F9B8C6A26}: C:\Documents and Settings\Laptop\Local Settings\Application Data\{F1F2E80E-0C1D-49B4-BF4B-927F9B8C6A26}\ [2010/08/17 14:24:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02246DED-1065-4861-B753-F642349402A6}: C:\Documents and Settings\Laptop\Local Settings\Application Data\{02246DED-1065-4861-B753-F642349402A6}\ [2010/08/28 14:41:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{75D50587-C484-4567-8A88-C624E5867BC1}: C:\Documents and Settings\Laptop\Local Settings\Application Data\{75D50587-C484-4567-8A88-C624E5867BC1} [2010/10/17 13:30:25 | 000,000,000 | ---D | M]

[2010/06/06 10:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Extensions
[2010/05/29 11:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/06/06 10:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Extensions\[email protected]
[2011/10/18 20:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions
[2010/12/25 13:32:40 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/07/15 19:15:56 | 000,000,000 | ---D | M] ("Boomerang for GMail") -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2011/02/26 23:40:01 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/02/21 17:08:12 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/02/23 00:11:41 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/05/26 23:29:22 | 000,000,000 | ---D | M] (Selenium IDE: C# Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/02/12 14:14:01 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE: Groovy Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE: Java Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE: Perl Formatter) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:25 | 000,000,000 | ---D | M] (Selenium IDE: PHP Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:22 | 000,000,000 | ---D | M] (Selenium IDE: Python Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2011/05/26 23:29:26 | 000,000,000 | ---D | M] (Selenium IDE: Ruby Formatters) -- C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Profiles\fjnjazqc.default\extensions\[email protected]
[2010/01/26 22:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/14 12:51:44 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\LAPTOP\LOCAL SETTINGS\APPLICATION DATA\{B4184744-9F8F-43D0-B62C-795BB1859915}
[2011/05/26 06:50:32 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/26 06:50:32 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/26 06:50:32 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/26 06:50:32 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Laptop\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2003/03/31 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (txthlpBHO Class) - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [ConnectionCenter] C:\Documents and Settings\Laptop\Local Settings\Application Data\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKCU..\Run: [Rapportexe] C:\Documents and Settings\Laptop\Application Data\Trusteer\Rapport\app\bin\RapportService.exe (Trusteer Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231253869456 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1231846328429 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.co...?BundleId=26688 (Java Plug-in 1.6.0_11)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Laptop\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/22 15:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1169f6eb-5109-11de-927f-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1169f6eb-5109-11de-927f-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
O33 - MountPoints2\{193e7eb2-2d97-11de-9254-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{193e7eb2-2d97-11de-9254-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_installer.exe
O33 - MountPoints2\{28148f96-1abf-11de-924f-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28148f96-1abf-11de-924f-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto_run.exe
O33 - MountPoints2\{2b156c1c-453a-11de-926b-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b156c1c-453a-11de-926b-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_installer.exe
O33 - MountPoints2\{4b4eae4d-df88-11de-92b1-002100879676}\Shell\AutoRun\command - "" = E:\WDSetup.exe
O33 - MountPoints2\{59cd7741-51bd-11de-9281-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{59cd7741-51bd-11de-9281-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_auto.exe
O33 - MountPoints2\{67c73b23-1ea7-11de-9252-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{67c73b23-1ea7-11de-9252-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67c73b23-1ea7-11de-9252-002100879676}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{67c73b26-1ea7-11de-9252-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{67c73b26-1ea7-11de-9252-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67c73b26-1ea7-11de-9252-002100879676}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{67c73b27-1ea7-11de-9252-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67c73b27-1ea7-11de-9252-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_installer.exe
O33 - MountPoints2\{67c73b28-1ea7-11de-9252-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{67c73b28-1ea7-11de-9252-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cb6b92c-50f7-11de-927e-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{7cb6b92c-50f7-11de-927e-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cb6b92d-50f7-11de-927e-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cb6b92d-50f7-11de-927e-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_smss.exe
O33 - MountPoints2\{8356282c-5119-11de-9280-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8356282c-5119-11de-9280-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_auto.exe
O33 - MountPoints2\{96fe2aba-24a2-11e0-93eb-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{96fe2aba-24a2-11e0-93eb-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a4ac4ac-4e84-11de-9279-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a4ac4ac-4e84-11de-9279-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
O33 - MountPoints2\{ba0e6e88-3ed6-11de-9262-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{ba0e6e88-3ed6-11de-9262-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{beeba536-4077-11de-9264-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{beeba536-4077-11de-9264-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c36676e7-24f9-11e0-93ec-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{c36676e7-24f9-11e0-93ec-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c36676e7-24f9-11e0-93ec-002100879676}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{e1921dca-154a-11de-924a-002100879676}\Shell - "" = AutoRun
O33 - MountPoints2\{e1921dca-154a-11de-924a-002100879676}\Shell\Auto\command - "" = sss.exe
O33 - MountPoints2\{e1921dca-154a-11de-924a-002100879676}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e1921dca-154a-11de-924a-002100879676}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sss.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/16 18:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop\My Documents\tools
[2011/10/16 12:37:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/16 08:44:37 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Laptop\Desktop\OTL.exe
[2011/10/16 08:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop\Local Settings\Application Data\Deployment
[2011/10/15 23:33:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Laptop\Recent
[2011/10/15 22:32:12 | 000,000,000 | ---D | C] -- C:\Documents
[2011/10/15 22:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop\and
[2011/10/15 21:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\Git
[2011/10/08 18:00:23 | 000,000,000 | ---D | C] -- C:\lcc
[2011/09/29 20:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop\My Documents\working

========== Files - Modified Within 30 Days ==========

[2011/10/18 21:09:08 | 000,409,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/18 21:09:08 | 000,064,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/18 21:03:59 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/10/18 21:03:57 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2011/10/18 21:03:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/18 20:37:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-152049171-839522115-1003UA.job
[2011/10/18 06:22:56 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2011/10/17 19:28:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/16 18:54:56 | 000,010,000 | ---- | M] () -- C:\Documents and Settings\Laptop\My Documents\tools.zip
[2011/10/16 12:05:07 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\Mozilla Firefox.lnk
[2011/10/16 12:04:42 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\Mozilla Thunderbird.lnk
[2011/10/16 08:44:54 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laptop\Desktop\OTL.exe
[2011/10/16 08:40:32 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\Google Chrome.lnk
[2011/10/16 08:40:32 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/16 08:37:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-152049171-839522115-1003Core.job
[2011/10/15 23:32:09 | 000,002,402 | ---- | M] () -- C:\Documents and Settings\Laptop\.bash_history
[2011/10/15 23:09:43 | 000,000,223 | ---- | M] () -- C:\Documents and Settings\Laptop\.gitconfig
[2011/10/15 21:54:36 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\Git Bash.lnk
[2011/10/08 18:03:22 | 000,010,932 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\BSearch.aspx.cs
[2011/10/08 17:32:16 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Laptop\Desktop\Dis#.lnk

========== Files Created - No Company Name ==========

[2011/10/16 18:54:56 | 000,010,000 | ---- | C] () -- C:\Documents and Settings\Laptop\My Documents\tools.zip
[2011/10/16 12:05:07 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Laptop\Desktop\Mozilla Firefox.lnk
[2011/10/16 12:04:42 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Laptop\Desktop\Mozilla Thunderbird.lnk
[2011/10/16 08:40:32 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Laptop\Desktop\Google Chrome.lnk
[2011/10/16 08:40:32 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/16 08:32:48 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-152049171-839522115-1003UA.job
[2011/10/16 08:32:48 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-152049171-839522115-1003Core.job
[2011/10/15 23:09:43 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\Laptop\.gitconfig
[2011/10/15 21:58:46 | 000,002,402 | ---- | C] () -- C:\Documents and Settings\Laptop\.bash_history
[2011/10/15 21:54:36 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\Laptop\Desktop\Git Bash.lnk
[2011/10/08 18:03:21 | 000,010,932 | ---- | C] () -- C:\Documents and Settings\Laptop\Desktop\BSearch.aspx.cs
[2011/02/28 12:41:27 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Laptop\Local Settings\Application Data\PUTTY.RND
[2010/09/27 15:43:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/26 23:03:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2010/01/26 22:58:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/25 12:58:07 | 000,002,537 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/17 12:50:24 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Laptop\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/20 12:18:55 | 000,000,268 | ---- | C] () -- C:\WINDOWS\{AA9DC20A-BB40-4C0D-BAFD-68421180DE19}_WiseFW.ini
[2009/01/13 11:13:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/01/13 11:13:50 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/01/13 11:13:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/01/13 11:13:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/01/13 11:13:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/01/13 11:13:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/01/06 14:18:00 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/01/05 09:59:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/23 16:16:35 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/12/23 16:01:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PPOPUP.INI
[2008/12/23 15:53:52 | 002,215,364 | ---- | C] () -- C:\WINDOWS\System32\igklg400.bin
[2008/12/23 15:53:52 | 001,971,732 | ---- | C] () -- C:\WINDOWS\System32\igklg450.bin
[2008/12/23 15:53:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2008/12/23 15:53:52 | 000,029,932 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.bin
[2008/12/22 15:17:19 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2008/12/22 15:16:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/22 15:10:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/22 13:07:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/22 13:06:17 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/22 13:06:13 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 13:00:00 | 000,409,800 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 13:00:00 | 000,064,774 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/08/24 11:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/08/23 18:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EMP
[2010/09/20 16:32:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\MSCXGXPWS
[2011/03/23 14:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/09/23 10:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\download2
[2011/07/06 19:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\GetRightToGo
[2011/07/10 12:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\gtk-2.0
[2010/05/04 20:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\ICAClient
[2010/11/09 11:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Kingston
[2011/02/24 21:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\LiveSoftware
[2010/01/18 23:40:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Laptop\Application Data\lowsec
[2009/03/20 16:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\pdfaloud 3.0
[2010/08/23 15:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\SendBlaster2
[2010/09/22 09:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Spydaman Design Studios Ltd
[2010/05/29 11:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Thunderbird
[2011/03/23 14:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laptop\Application Data\Trusteer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Laptop\My Documents\PAVARK.exe:License

< End of report >
  • 0

Advertisements

#17
Essexboy
Posted 18 October 2011 - 02:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have gone about as far as I can now from a user account - what are the current problems
  • 0

#18
instigata
Posted 18 October 2011 - 02:27 PM

instigata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hmm.. no problems as such.. something wrong in the log? What else would have we done with an Admin account? Combofix?
  • 0

#19
Essexboy
Posted 18 October 2011 - 02:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No I can see no requirement for combofix, but I would have liked to delete the mountpoints
  • 0

#20
instigata
Posted 18 October 2011 - 02:59 PM

instigata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OK - will try and do something tommorrow..and send small thanks via paypal (tomorrow also)..
  • 0

#21
Essexboy
Posted 19 October 2011 - 12:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thank you - I await your response :)
  • 0

#22
Essexboy
Posted 23 October 2011 - 09:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP