Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus?

Started by clarissagraff , Oct 26 2011 03:45 PM

  • Please log in to reply

#16
clarissagraff
Posted 30 October 2011 - 07:45 PM

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: 1319740493.836.bin
Submission date: 2011-10-31 01:30:42 (UTC)
Current status: queued queued analysing finished


Result: 1/ 43 (2.3%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.10.30.00 2011.10.30 -
AntiVir 7.11.16.202 2011.10.30 -
Antiy-AVL 2.0.3.7 2011.10.30 -
Avast 6.0.1289.0 2011.10.30 -
AVG 10.0.0.1190 2011.10.30 -
BitDefender 7.2 2011.10.31 -
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.10.29 -
ClamAV 0.97.3.0 2011.10.31 -
Commtouch 5.3.2.6 2011.10.30 -
Comodo 10610 2011.10.30 -
DrWeb 5.0.2.03300 2011.10.31 -
Emsisoft 5.1.0.11 2011.10.31 -
eSafe 7.0.17.0 2011.10.30 -
eTrust-Vet 36.1.8645 2011.10.28 -
F-Prot 4.6.5.141 2011.10.30 -
F-Secure 9.0.16440.0 2011.10.31 -
Fortinet 4.3.370.0 2011.10.31 -
GData 22 2011.10.31 -
Ikarus T3.1.1.107.0 2011.10.31 -
Jiangmin 13.0.900 2011.10.30 -
K7AntiVirus 9.116.5354 2011.10.29 -
Kaspersky 9.0.0.837 2011.10.30 -
McAfee 5.400.0.1158 2011.10.31 -
McAfee-GW-Edition 2010.1D 2011.10.30 -
Microsoft 1.7801 2011.10.30 -
NOD32 6588 2011.10.31 -
Norman 6.07.13 2011.10.30 -
nProtect 2011-10-30.01 2011.10.30 -
Panda 10.0.3.5 2011.10.30 -
PCTools 8.0.0.5 2011.10.31 -
Prevx 3.0 2011.10.31 -
Rising 23.81.04.01 2011.10.28 -
Sophos 4.70.0 2011.10.30 -
SUPERAntiSpyware 4.40.0.1006 2011.10.29 Rogue.Agent/Gen-Nullo[BIN]
Symantec 20111.2.0.82 2011.10.31 -
TheHacker 6.7.0.1.336 2011.10.30 -
TrendMicro 9.500.0.1008 2011.10.30 -
TrendMicro-HouseCall 9.500.0.1008 2011.10.31 -
VBA32 3.12.16.4 2011.10.25 -
VIPRE 10922 2011.10.31 -
ViRobot 2011.10.29.4745 2011.10.30 -
VirusBuster 14.1.38.0 2011.10.30 -
Additional informationShow all
MD5 : 75aaccc77ee2388840acae70399a3ebe
SHA1 : e1572e252794bf7c91f28fe5b1f796a0fea5c291
SHA256: b8e197712729b534b002ccd389024840e1af5b1bec7b346e467460eca1804670
ssdeep: 96:FOtDtv6+NRC4SM8Lv9EKmOda8qsecR0y6jWui/jOC:FOdtv6hM8Lv97da8qsecR07W/yC
File size : 4256 bytes
First seen: 2011-10-31 01:30:42
Last seen : 2011-10-31 01:30:42
TrID:
file seems to be plain text/ASCII (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

ExifTool:
file metadata
Error: Unknown file type
FileSize: 4.2 kB



VT Community
  • 0

Advertisements

#17
RKinner
Posted 30 October 2011 - 11:10 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
When in doubt, throw them out:

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
[2011/10/27 13:38:21 | 000,051,539 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.2396.bin
[2011/10/27 13:38:21 | 000,040,061 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.2964.bin
[2011/10/27 13:38:21 | 000,032,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3556.bin
[2011/10/27 13:38:21 | 000,007,497 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3588.bin
[2011/10/27 13:37:30 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.4008.bin
[2011/10/27 13:35:32 | 000,004,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.836.bin
[2011/10/27 13:35:22 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3592.bin
[2011/10/27 13:35:00 | 000,009,369 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319740493.3384.bin
     
:Commands
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Then run OTL quickscan and post the log.

Ron
  • 0

#18
clarissagraff
Posted 30 October 2011 - 11:59 PM

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Application Data\1319740493.2396.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1319740493.2964.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1319740493.3556.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1319740493.3588.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1319740493.4008.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1319740493.836.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1319740493.3592.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1319740493.3384.bin moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 10312011_005419

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 10/31/2011 1:01:07 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 500.07 Mb Available Physical Memory | 48.91% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.84% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.44 Gb Total Space | 72.98 Gb Free Space | 84.43% Space Free | Partition Type: NTFS
Drive D: | 6.71 Gb Total Space | 3.97 Gb Free Space | 59.19% Space Free | Partition Type: FAT32

Computer Name: YOUR-AD5B808096 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/26 17:00:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
PRC - [2011/10/24 18:49:58 | 001,148,584 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2011/10/24 18:47:24 | 001,538,984 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2011/10/21 18:54:10 | 000,093,912 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\pchooklaunch32.exe
PRC - [2011/10/20 18:11:42 | 000,050,128 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2011/07/11 17:06:48 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/05 09:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/03 16:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe
PRC - [2004/11/03 16:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1310422344\EE\AOLServiceHost.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/24 18:46:02 | 000,135,088 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\popup.dll
MOD - [2011/10/21 14:04:28 | 001,910,272 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpfr.mdl
MOD - [2011/10/21 14:04:28 | 001,909,760 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2011/10/21 14:04:28 | 001,858,560 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2011/10/21 14:04:28 | 000,952,832 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2011/10/21 14:04:28 | 000,632,832 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2011/10/21 14:04:28 | 000,444,416 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2011/10/21 14:04:26 | 002,054,144 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2011/10/21 14:04:26 | 000,509,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2011/10/21 14:04:26 | 000,389,632 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2011/10/20 18:14:46 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2011/10/20 18:03:26 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2011/10/20 18:03:18 | 000,249,424 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2011/10/20 18:02:48 | 000,109,856 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2011/10/20 18:02:06 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2011/10/17 09:43:02 | 000,107,008 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\popup.ui
MOD - [2011/10/17 09:43:02 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2011/10/17 09:43:00 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2011/10/15 00:07:58 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2011/10/15 00:05:48 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/10/15 00:05:32 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2011/10/14 23:57:34 | 000,337,992 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/10/07 16:26:02 | 000,574,904 | ---- | M] () -- C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\bdsmartdb.dll
MOD - [2011/08/09 12:16:10 | 000,112,952 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\bdnimbus.dll
MOD - [2011/07/29 11:29:08 | 001,236,176 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\wslib.dll
MOD - [2011/07/14 17:59:24 | 000,074,336 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2011/06/16 07:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/05/19 19:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\Antivirus_06506_026\avxdisk.dll
MOD - [2011/03/01 17:46:16 | 000,132,176 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdfwcore.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/11/03 16:03:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Common Files\AOL\1310422344\EE\libexpat.dll
MOD - [2004/09/28 03:54:48 | 000,269,824 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/24 18:47:24 | 001,538,984 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2011/10/20 18:11:42 | 000,050,128 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2011/10/14 23:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/07/11 17:06:48 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - [2011/10/14 23:57:34 | 000,311,248 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2011/09/29 16:09:50 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/09/01 11:15:08 | 000,454,960 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2011/09/01 11:12:42 | 000,596,600 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avc3.sys -- (avc3)
DRV - [2011/07/19 16:20:36 | 000,127,056 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2011/07/15 16:11:46 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2011/07/11 17:13:18 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2011/03/24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/03/01 17:45:34 | 000,113,232 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - [2011/03/01 17:45:32 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2005/02/11 03:52:00 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/02/02 00:39:20 | 000,970,240 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/17 08:27:00 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/08/30 00:39:00 | 000,190,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/06/28 02:03:42 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/06/28 02:02:34 | 000,034,048 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/06/17 02:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 02:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 02:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2011/10/27 15:14:59 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/10/27 22:16:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE (New Boundary Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC2BACB1-098B-4475-82DD-4E44BFC8B79F}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/27 20:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/31 00:54:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/30 14:36:23 | 004,307,416 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\spsetup113.exe
[2011/10/30 14:31:20 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\procexp.exe
[2011/10/30 14:23:44 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\VEW.exe
[2011/10/29 01:30:39 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\tdsskiller.exe
[2011/10/29 01:23:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/27 15:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012
[2011/10/27 15:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\Bitdefender
[2011/10/27 15:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2011/10/27 15:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/27 15:02:21 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/27 15:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/27 13:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/27 13:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/10/27 13:34:58 | 000,311,248 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2011/10/27 13:34:57 | 000,353,096 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2011/10/27 13:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011/10/27 13:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\QuickScan
[2011/10/26 20:44:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/26 20:41:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/26 20:41:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/26 20:41:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/26 20:41:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/26 20:41:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/26 20:41:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/26 20:40:19 | 004,274,254 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\ComboFix.exe
[2011/10/26 16:59:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
[2011/10/26 16:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\Malwarebytes
[2011/10/26 16:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/25 23:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/25 23:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/25 22:58:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/31 00:56:49 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/31 00:56:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/31 00:55:59 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/31 00:41:14 | 000,000,303 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2011/10/31 00:25:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/30 20:55:27 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{58EA9D84-8565-464C-9DCF-59B43ACA0438}.job
[2011/10/30 14:36:39 | 004,307,416 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\spsetup113.exe
[2011/10/30 14:31:30 | 004,845,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\procexp.exe
[2011/10/30 14:23:53 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\VEW.exe
[2011/10/29 01:30:58 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\tdsskiller.exe
[2011/10/27 22:16:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/27 21:57:49 | 004,274,254 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\ComboFix.exe
[2011/10/27 21:16:27 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2011/10/27 15:17:10 | 000,246,169 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319746070.bdinstall.bin
[2011/10/27 15:15:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/10/27 15:15:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/10/27 15:15:04 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Internet Security 2012.lnk
[2011/10/27 15:02:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/26 20:44:25 | 000,000,312 | RHS- | M] () -- C:\boot.ini
[2011/10/26 17:00:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
[2011/10/14 23:57:34 | 000,311,248 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2011/10/11 19:07:50 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/11 18:55:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/11 18:54:50 | 000,442,114 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/11 18:54:50 | 000,071,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/30 00:42:05 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{58EA9D84-8565-464C-9DCF-59B43ACA0438}.job
[2011/10/27 21:16:27 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2011/10/27 15:31:46 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\checkdnsid.xml
[2011/10/27 15:17:10 | 000,246,169 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1319746070.bdinstall.bin
[2011/10/27 15:15:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/10/27 15:15:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/10/27 15:15:04 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Internet Security 2012.lnk
[2011/10/27 15:02:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/26 20:44:25 | 000,000,197 | ---- | C] () -- C:\Boot.bak
[2011/10/26 20:44:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/26 20:41:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/26 20:41:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/26 20:41:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/26 20:41:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/26 20:41:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/24 16:35:28 | 000,233,444 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010005.JPG
[2011/10/24 16:35:17 | 000,234,556 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010004.JPG
[2011/10/24 16:35:06 | 000,233,016 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010003.JPG
[2011/10/24 16:34:51 | 000,262,623 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010002.JPG
[2011/10/24 16:34:42 | 000,232,214 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010001.JPG
[2011/08/19 10:35:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/17 13:20:22 | 000,612,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/11 17:12:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/11 17:11:27 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2011/07/11 17:06:49 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2011/07/11 16:50:37 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011/07/11 16:30:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/07/11 16:29:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/07/11 16:29:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/07/11 16:29:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/07/11 16:29:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/07/11 16:28:52 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/07/11 16:28:44 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/07/11 16:23:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/07/11 16:15:44 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/07/11 16:15:35 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/07/11 16:15:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/07/11 16:03:15 | 000,073,845 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/10/28 12:47:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/27 21:43:40 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/10/27 20:24:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/27 20:14:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/27 19:53:07 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/27 19:53:07 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/10/27 19:52:06 | 000,442,114 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/27 19:52:06 | 000,071,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/27 13:07:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/27 13:06:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/10/27 15:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2011/07/17 12:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/07/11 17:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/27 15:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\Bitdefender
[2011/07/15 18:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\ElevatedDiagnostics
[2011/10/27 13:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\QuickScan
[2011/07/11 17:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\SampleView
[2011/10/30 20:55:27 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{58EA9D84-8565-464C-9DCF-59B43ACA0438}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\WINDOWS\WindowsUpdate.log:BDU
@Alternate Data Stream - 16 bytes -> C:\WINDOWS\tasks\User_Feed_Synchronization-{58EA9D84-8565-464C-9DCF-59B43ACA0438}.job:BDU
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\VEW.exe:BDU
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\tdsskiller.exe:BDU
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\spsetup113.exe:BDU
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\procexp.exe:BDU

< End of report >

Just curious was this caused by the java download? Im going to bed but will check back tomorrow.

Edited by clarissagraff, 31 October 2011 - 12:16 AM.

  • 0

#19
clarissagraff
Posted 31 October 2011 - 03:42 PM

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Ok I have posted the logs!
  • 0

#20
RKinner
Posted 31 October 2011 - 04:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You really need to uninstall:

J2SE Runtime Environment 5.0 Update 2
Adobe Reader 7.0

Old Java and old Adobe reader versions the main ways that you get infected. Adobe Reader is now at version 10 something.

I don't see any reason in your logs for things to be slow. If you are talking about boot time then:

Start Run, msconfig, OK
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. If it doesn't run faster then go back into msconfig and recheck the
things you turned off. If it helps then go back and turn on a few items each
time until you find the culprit.

If it's bringing up Firefox then:
make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.

If surfing with Firefox or Chrome then get the AdBlock Plus extension.

If IE is slow loading then Tools, Manage Add-Ons and disable all of the Toolbars and Extensions. Then restart IE.

Ron
  • 0

#21
clarissagraff
Posted 31 October 2011 - 04:59 PM

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I run explorer I deleted the two you said. Im not sure why its running slow seems like there is alot going on in the processes area though.
  • 0

#22
RKinner
Posted 31 October 2011 - 06:59 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
   
:Commands
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Any improvement in IE?

Ron
  • 0

#23
clarissagraff
Posted 31 October 2011 - 08:29 PM

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
File C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 10312011_212225

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Seems to be a little better!

Any way to get rid of aolhostmanager and I have about 7or 8 svchost.exe running in processes

Edited by clarissagraff, 31 October 2011 - 08:35 PM.

  • 0

#24
RKinner
Posted 31 October 2011 - 08:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
If you aren't using AOL then you should uninstall it:

America Online (Choose which version to remove)

svchost.exe is pretty normal. If you run Process Explorer you can hover over one and it will tell you more about it.
  • 0

#25
clarissagraff
Posted 31 October 2011 - 09:25 PM

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Ive tried to uninstall aol but it wont for some reason says it isnt there but it shows up everytime I reboot. Other than that the computer seems to be working great now. Thanks for all the hard work getting this fixed.

Edited by clarissagraff, 31 October 2011 - 09:26 PM.

  • 0

Advertisements

#26
RKinner
Posted 31 October 2011 - 10:24 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe (America Online, Inc.)

:files
C:\Program Files\Common Files\AOL
sc config "AOL TopSpeedMonitor" start= disabled /c
sc config YahooAUService start= disabled /c
     
:Commands
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.
  • 0

#27
clarissagraff
Posted 31 October 2011 - 11:29 PM

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HostManager deleted successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe moved successfully.
========== FILES ==========
C:\Program Files\Common Files\AOL\TopSpeed\2.0 folder moved successfully.
C:\Program Files\Common Files\AOL\TopSpeed folder moved successfully.
C:\Program Files\Common Files\AOL\System Information\ui\locale folder moved successfully.
C:\Program Files\Common Files\AOL\System Information\ui\core\script folder moved successfully.
C:\Program Files\Common Files\AOL\System Information\ui\core folder moved successfully.
C:\Program Files\Common Files\AOL\System Information\ui folder moved successfully.
C:\Program Files\Common Files\AOL\System Information folder moved successfully.
C:\Program Files\Common Files\AOL\Screensaver\en-US folder moved successfully.
C:\Program Files\Common Files\AOL\Screensaver folder moved successfully.
C:\Program Files\Common Files\AOL\Proofreader folder moved successfully.
C:\Program Files\Common Files\AOL\Loader folder moved successfully.
C:\Program Files\Common Files\AOL\Backup folder moved successfully.
C:\Program Files\Common Files\AOL\AOLDiag folder moved successfully.
C:\Program Files\Common Files\AOL\ACS folder moved successfully.
C:\Program Files\Common Files\AOL\ACF folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\waolTrayMenuService\ver_0_9_1\resources\en-us folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\waolTrayMenuService\ver_0_9_1\resources folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\waolTrayMenuService\ver_0_9_1 folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\waolTrayMenuService folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\sysinfo\ver1\resources\en-US folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\sysinfo\ver1\resources folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\sysinfo\ver1 folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\sysinfo folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\notification\ver0_9_6 folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\notification folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\minixml\ver0_9_6 folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\minixml folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\htmlRenderer\ver0_9_3 folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\htmlRenderer folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\compression\ver0_9_7 folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\compression folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\aolsystrayservice\ver_0_9_2\resources\en-US folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\aolsystrayservice\ver_0_9_2\resources folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\aolsystrayservice\ver_0_9_2 folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services\aolsystrayservice folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE\services folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344\EE folder moved successfully.
C:\Program Files\Common Files\AOL\1310422344 folder moved successfully.
C:\Program Files\Common Files\AOL folder moved successfully.
< sc config "AOL TopSpeedMonitor" start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\cmd.txt deleted successfully.
< sc config YahooAUService start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 11012011_002330

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Well that got rid of it thanks again for the help!
  • 0

#28
RKinner
Posted 01 November 2011 - 12:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
That's about all I see so I think we can clean up now.

We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 27 or 7 update 0). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#29
clarissagraff
Posted 01 November 2011 - 07:17 PM

clarissagraff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Ok I went thru and did all above. Thanks for your time and help!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP