Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

2012 XP security [Closed] [Solved]

Started by Call Any Vegetable , Dec 30 2011 09:04 PM

  • This topic is locked This topic is locked

#1
Call Any Vegetable
Posted 30 December 2011 - 09:04 PM

Call Any Vegetable

    Member

  • Member
  • PipPip
  • 51 posts
Whoops! I forgot to type out my problems. So.. I keep getting Windows XP 2012 Security is detecting viruses popups, and it wasn't letting anything load or open. I ran Malwarebytes, and it is keeping the virus at bay for the time being.






OTL logfile created on: 12/30/2011 6:45:34 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Alyssa\My Documents\Downloads
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 40.68% Memory free
3.81 Gb Paging File | 2.85 Gb Available in Paging File | 74.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 8.28 Gb Free Space | 7.40% Space Free | Partition Type: NTFS

Computer Name: 1-FCB8E25A0C824 | User Name: Alyssa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 18:14:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alyssa\My Documents\Downloads\OTL.exe
PRC - [2011/12/30 18:04:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
PRC - [2011/12/30 18:04:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/10/30 08:03:09 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 11:36:00 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint-HP\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
PRC - [2007/05/08 05:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/05/01 08:52:18 | 001,489,688 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.EXE
PRC - [2007/05/01 08:52:14 | 000,183,064 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\ATCHKSRV.EXE
PRC - [2007/05/01 08:52:06 | 000,121,624 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.EXE
PRC - [2007/04/27 07:58:58 | 000,221,184 | ---- | M] (SafeBoot International) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/04/18 11:35:38 | 000,181,792 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2007/04/18 11:32:38 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2007/02/06 17:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007/01/04 16:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/04 13:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/30 18:04:34 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\mozjs.dll
MOD - [2011/10/17 11:04:46 | 001,855,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\system\1.0.3300.0__b77a5c561934e089_c797d2d8\system.dll
MOD - [2011/10/17 11:04:18 | 003,301,376 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_b8135af6\mscorlib.dll
MOD - [2011/10/17 09:20:24 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/17 08:56:32 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/17 08:35:54 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/17 08:35:47 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/17 08:35:28 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/17 08:33:20 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/17 08:33:01 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/07/22 11:11:57 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/04/13 20:17:28 | 001,179,648 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll
MOD - [2009/04/13 20:14:22 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SKLibrary\1.7.2600.5512__31bf3856ad364e35\SKLibrary.dll
MOD - [2009/04/13 20:14:22 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SoftKeyboardLogic\1.7.2600.5512__31bf3856ad364e35\SoftKeyboardLogic.dll
MOD - [2009/04/13 20:14:22 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.SoftKeyboardInterface\1.7.2600.5512__31bf3856ad364e35\Interop.SoftKeyboardInterface.dll
MOD - [2009/03/05 17:57:24 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll
MOD - [2007/11/01 13:36:58 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/10/26 13:21:22 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/03 21:24:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/05 11:36:00 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files\Sprint-HP\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)
SRV - [2007/05/08 05:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/05/01 08:52:18 | 001,489,688 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.EXE -- (UNS) Intel®
SRV - [2007/05/01 08:52:14 | 000,183,064 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\ATCHKSRV.EXE -- (atchksrv) Intel®
SRV - [2007/05/01 08:52:06 | 000,121,624 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.EXE -- (LMS) Intel®
SRV - [2007/04/30 05:28:34 | 000,172,131 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/04/27 07:58:58 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/04/18 11:32:38 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/02/06 17:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/04 16:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/04 13:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)
SRV - [2006/06/21 21:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2004/10/22 00:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/12/30 18:35:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/30 18:02:57 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\MpKsl53923a64.sys -- (MpKsl53923a64)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/20 18:33:04 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/10/20 18:32:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/07/07 09:58:31 | 000,191,848 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pfmfs_463.sys -- (pfmfs_463)
DRV - [2010/02/25 00:02:56 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007/10/31 10:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/10/16 07:29:00 | 000,989,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/10/16 07:28:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/10/16 07:28:16 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/07/31 02:09:42 | 000,031,008 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2007/06/18 13:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/01 08:27:00 | 000,145,288 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/05/24 12:16:10 | 001,742,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/04/26 16:23:36 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/04/26 16:23:06 | 000,100,095 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/04/23 10:13:44 | 000,030,008 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/04/18 11:32:14 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007/04/18 11:06:08 | 000,041,216 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/04/06 01:27:36 | 000,044,800 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/03/29 13:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/02/24 11:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/14 06:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 06:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/08 17:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 17:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/10/26 13:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 13:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 13:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 13:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 13:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 13:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 13:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 13:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/09 10:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55455

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Alyssa\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Alyssa\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Alyssa\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Alyssa\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Alyssa\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2009/12/23 22:17:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/14 21:51:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/13 10:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/12/13 10:45:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/12/30 18:04:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins [2011/12/13 10:44:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/26 23:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/26 23:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2009/04/01 04:40:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alyssa\Application Data\Mozilla\Extensions
[2011/10/16 08:49:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\ubgp0wt2.default\extensions
[2010/10/26 11:22:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\ubgp0wt2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/26 11:22:27 | 000,000,000 | ---D | M] (GoogleTube) -- C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\ubgp0wt2.default\extensions\[email protected]
[2011/01/12 16:14:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALYSSA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UBGP0WT2.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALYSSA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UBGP0WT2.DEFAULT\EXTENSIONS\[email protected]
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Alyssa\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Alyssa\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Alyssa\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\gcswf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Alyssa\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Alyssa\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Alyssa\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/01/12 14:19:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61306BB9-205D-4488-95E8-D562AAB338F8}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\OneCard: DllName - (C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Alyssa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alyssa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/05 18:00:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 17:56:40 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Alyssa\Local Settings\Application Data\pyi.exe
[2011/12/13 10:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2011/12/13 10:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/12/13 10:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2011/12/13 10:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2011/12/13 10:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2011/12/13 10:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/12/13 10:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alyssa\Application Data\HpUpdate
[2011/12/13 10:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/12/13 10:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alyssa\Local Settings\Application Data\HP
[2009/03/05 19:03:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[1 C:\Documents and Settings\Alyssa\Application Data\*.tmp files -> C:\Documents and Settings\Alyssa\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/30 18:35:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/30 18:34:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 18:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 18:08:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/30 18:04:28 | 000,012,936 | -HS- | M] () -- C:\Documents and Settings\Alyssa\Local Settings\Application Data\ylq77ep03yp0nyflbufb170445n8baa528q03lwrnt3
[2011/12/30 18:04:28 | 000,012,936 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ylq77ep03yp0nyflbufb170445n8baa528q03lwrnt3
[2011/12/30 18:03:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/12/30 18:02:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 18:01:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/30 18:01:39 | 2104,807,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/30 17:37:01 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-515967899-1500820517-839522115-1005UA.job
[2011/12/30 09:00:38 | 000,445,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/30 09:00:38 | 000,072,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/29 15:11:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/24 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/12/24 10:43:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/12/24 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/12/17 09:06:59 | 001,684,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/17 08:42:14 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/15 12:21:28 | 000,370,766 | R--- | M] () -- C:\Documents and Settings\Alyssa\My Documents\LW2437_0.pdf
[2011/12/15 12:19:27 | 000,180,273 | R--- | M] () -- C:\Documents and Settings\Alyssa\My Documents\eveshoodedscarf.pdf
[2011/12/14 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/12/14 20:37:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-515967899-1500820517-839522115-1005Core.job
[2011/12/13 13:57:51 | 000,043,039 | ---- | M] () -- C:\Documents and Settings\Alyssa\My Documents\resumesaraah.rtf
[2011/12/13 13:04:44 | 000,034,428 | ---- | M] () -- C:\Documents and Settings\Alyssa\My Documents\Resume type thinger.rtf
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\Documents and Settings\Alyssa\Application Data\*.tmp files -> C:\Documents and Settings\Alyssa\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 18:34:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 17:56:45 | 000,012,936 | -HS- | C] () -- C:\Documents and Settings\Alyssa\Local Settings\Application Data\ylq77ep03yp0nyflbufb170445n8baa528q03lwrnt3
[2011/12/30 17:56:45 | 000,012,936 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ylq77ep03yp0nyflbufb170445n8baa528q03lwrnt3
[2011/12/15 12:21:43 | 000,370,766 | R--- | C] () -- C:\Documents and Settings\Alyssa\My Documents\LW2437_0.pdf
[2011/12/15 12:20:11 | 000,180,273 | R--- | C] () -- C:\Documents and Settings\Alyssa\My Documents\eveshoodedscarf.pdf
[2011/12/13 10:45:25 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/12/13 10:43:29 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/12/13 10:43:29 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/12/13 10:43:29 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/12/13 10:43:29 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/01/12 14:08:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/12 14:08:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/12 14:08:02 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/12 14:08:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/12 14:08:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/07 11:12:02 | 000,000,265 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/12/09 22:09:55 | 000,003,367 | ---- | C] () -- C:\WINDOWS\irubuzix.dll
[2010/11/14 16:30:30 | 000,003,364 | ---- | C] () -- C:\WINDOWS\alubecerisu.dll
[2010/10/24 18:43:00 | 000,003,364 | ---- | C] () -- C:\WINDOWS\enegowizewugo.dll
[2010/10/10 20:39:04 | 000,003,364 | ---- | C] () -- C:\WINDOWS\adawiyelukigatek.dll
[2010/10/09 18:46:41 | 000,003,003 | ---- | C] () -- C:\WINDOWS\Ypihoxajedeco.dat
[2010/10/09 18:46:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hvibijuqumo.bin
[2010/04/22 00:34:14 | 000,209,001 | ---- | C] () -- C:\WINDOWS\System32\KermitHotKeys.dll
[2010/04/22 00:31:06 | 000,209,003 | ---- | C] () -- C:\WINDOWS\System32\KermitHooks.dll
[2010/01/02 18:20:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/03 22:05:33 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Alyssa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/01 03:08:49 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Alyssa\Local Settings\Application Data\fusioncache.dat
[2009/03/31 23:30:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/05 19:51:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/03/05 19:51:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/03/05 19:51:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/03/05 19:51:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/03/05 19:51:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/03/05 19:51:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/03/05 19:49:23 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/03/05 19:49:23 | 000,000,163 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/05 19:48:16 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/05 19:23:47 | 000,000,154 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/05 19:07:24 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/05 19:03:53 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2009/03/05 19:03:50 | 000,910,304 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009/03/05 19:03:22 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\CHCOINST.dll
[2009/03/05 19:03:21 | 001,742,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/03/05 19:03:21 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/03/05 19:03:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\snuvcdsm.exe
[2009/03/05 18:02:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/05 17:56:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/05 12:45:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/05 12:44:18 | 001,684,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/30 05:31:14 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2007/04/26 16:23:06 | 000,100,095 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
[2007/02/06 12:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 11:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/01/19 06:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/18 20:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/18 20:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/02/28 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 04:00:00 | 000,445,044 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 04:00:00 | 000,072,754 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 10:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 10:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 09:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/05/06 18:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2009/03/05 19:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/04/05 09:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/03/05 18:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2011/12/15 10:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/01/07 11:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/05 19:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2009/04/01 23:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/26 17:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/25 08:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/12/24 17:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\.purple
[2009/04/01 11:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Ambient Design
[2011/01/12 14:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Auslogics
[2011/12/29 15:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Camfrog
[2009/04/06 02:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\ESET
[2011/07/16 18:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\GetRightToGo
[2009/11/10 01:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\gtk-2.0
[2010/09/24 10:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Idfuu
[2009/04/01 03:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Infineon
[2009/06/01 13:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\InterVideo
[2011/01/09 05:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Kermit Files
[2011/07/16 18:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\mediAvatar
[2011/05/19 12:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Red Chair Software
[2011/01/09 15:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Sierra Wireless
[2011/01/12 12:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Uryt
[2011/12/10 17:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\uTorrent
[2011/01/12 12:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alyssa\Application Data\Vodafone
[2011/12/24 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/12/14 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/12/24 10:43:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/12/24 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/12/14 20:37:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-1500820517-839522115-1005Core.job
[2011/12/30 17:37:01 | 000,001,002 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-1500820517-839522115-1005UA.job
[2011/12/30 18:08:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8B88761
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Edited by Call Any Vegetable, 30 December 2011 - 09:10 PM.

  • 0

Advertisements

#2
Call Any Vegetable
Posted 30 December 2011 - 10:46 PM

Call Any Vegetable

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Malwarebytes also keeps telling me this..

"Successfully blocked access to a potentially malicious website: 206.161.121.3

Type: Outgoing"

The I.P. address is not the same every time, though.

Edited by Call Any Vegetable, 30 December 2011 - 10:47 PM.

  • 0

#3
Essexboy
Posted 31 December 2011 - 07:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can stop this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55455
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    [2011/12/30 17:56:40 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Alyssa\Local Settings\Application Data\pyi.exe
    [2011/12/30 18:04:28 | 000,012,936 | -HS- | M] () -- C:\Documents and Settings\Alyssa\Local Settings\Application Data\ylq77ep03yp0nyflbufb170445n8baa528q03lwrnt3
    [2011/12/30 18:04:28 | 000,012,936 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ylq77ep03yp0nyflbufb170445n8baa528q03lwrnt3
    [2010/10/24 18:43:00 | 000,003,364 | ---- | C] () -- C:\WINDOWS\enegowizewugo.dll
    [2010/10/10 20:39:04 | 000,003,364 | ---- | C] () -- C:\WINDOWS\adawiyelukigatek.dll
    [2010/10/09 18:46:41 | 000,003,003 | ---- | C] () -- C:\WINDOWS\Ypihoxajedeco.dat
    [2010/10/09 18:46:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hvibijuqumo.bin

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
Call Any Vegetable
Posted 31 December 2011 - 04:46 PM

Call Any Vegetable

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
So, every time I ran the fix on OTL, it would freeze up and stop responding after about 15 minutes.. But, this is my MBR log.

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-31 11:23:10
-----------------------------
11:23:10.734 OS Version: Windows 5.1.2600 Service Pack 3
11:23:10.734 Number of processors: 2 586 0xF0D
11:23:10.750 ComputerName: 1-FCB8E25A0C824 UserName: Alyssa
11:23:14.843 Initialize success
11:26:39.562 AVAST engine defs: 11123101
11:28:21.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-9
11:28:21.015 Disk 0 Vendor: SAMSUNG_HS122JC GQ100-04 Size: 114473MB BusType: 3
11:28:21.031 Device \Driver\atapi -> DriverStartIo 8a96c2c6
11:28:21.031 Disk 0 MBR read
11:28:21.046 Disk 0 MBR scan
11:28:21.218 Disk 0 MBR:Pihar-C [Rtk]
11:28:21.218 Disk 0 TDL4@MBR code has been found
11:28:21.234 Disk 0 Windows XP default MBR code found via API
11:28:21.250 Disk 0 MBR hidden
11:28:21.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
11:28:21.281 Disk 0 MBR [TDL4] **ROOTKIT**
11:28:21.296 Disk 0 trace - called modules:
11:28:21.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys >>UNKNOWN [0x8a96c49f]<<
11:28:21.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9e5030]
11:28:21.359 3 CLASSPNP.SYS[f74f7fd7] -> nt!IofCallDriver -> [0x8aa21850]
11:28:21.375 5 hpdskflt.sys[f7718536] -> nt!IofCallDriver -> \Device\00000086[0x8aa5e9e8]
11:28:21.406 7 ACPI.sys[f735e620] -> nt!IofCallDriver -> [0x8aa17d98]
11:28:21.421 \Driver\atapi[0x8a9ccbf8] -> IRP_MJ_CREATE -> 0x8a96c49f
11:28:26.781 AVAST engine scan C:\WINDOWS
11:28:50.296 AVAST engine scan C:\WINDOWS\system32
11:33:47.046 AVAST engine scan C:\WINDOWS\system32\drivers
11:34:23.218 AVAST engine scan C:\Documents and Settings\Alyssa
11:40:40.046 File: C:\Documents and Settings\Alyssa\Local Settings\temp\0.3186677637592811.exe **INFECTED** Win32:Renosa-M [Wrm]
11:40:55.937 File: C:\Documents and Settings\Alyssa\Local Settings\temp\jar_cache1959820748262691193.tmp **INFECTED** Win32:Renosa-M [Wrm]
12:06:52.250 AVAST engine scan C:\Documents and Settings\All Users
13:28:58.593 Scan finished successfully
13:33:42.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Alyssa\Desktop\MBR.dat"
13:33:42.984 The log file has been saved successfully to "C:\Documents and Settings\Alyssa\Desktop\aswMBR.txt"
  • 0

#5
Essexboy
Posted 31 December 2011 - 04:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets kill the TDL4 first and then hit the rest

Re-Run aswMBR

Click Scan

On completion of the scanClick the Fix Button

Posted Image

Save the log as before and post in your next reply

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55455
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    [2011/12/30 17:56:40 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Alyssa\Local Settings\Application Data\pyi.exe
    [2011/12/30 18:04:28 | 000,012,936 | -HS- | M] () -- C:\Documents and Settings\Alyssa\Local Settings\Application Data\ylq77ep03yp0nyflbufb170445n8baa528q03lwrnt3
    [2011/12/30 18:04:28 | 000,012,936 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ylq77ep03yp0nyflbufb170445n8baa528q03lwrnt3
    [2010/10/24 18:43:00 | 000,003,364 | ---- | C] () -- C:\WINDOWS\enegowizewugo.dll
    [2010/10/10 20:39:04 | 000,003,364 | ---- | C] () -- C:\WINDOWS\adawiyelukigatek.dll
    [2010/10/09 18:46:41 | 000,003,003 | ---- | C] () -- C:\WINDOWS\Ypihoxajedeco.dat
    [2010/10/09 18:46:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hvibijuqumo.bin

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\tasks\At*.job
    C:\Documents and Settings\Alyssa\Local Settings\temp\0.3186677637592811.exe
    C:\Documents and Settings\Alyssa\Local Settings\temp\jar_cache1959820748262691193.tmp

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#6
Call Any Vegetable
Posted 02 January 2012 - 11:41 AM

Call Any Vegetable

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
This is the MBR log.

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2012-01-01 23:59:29
-----------------------------
23:59:29.656 OS Version: Windows 5.1.2600 Service Pack 3
23:59:29.656 Number of processors: 2 586 0xF0D
23:59:29.656 ComputerName: 1-FCB8E25A0C824 UserName: Alyssa
23:59:38.437 Initialize success
23:59:59.234 AVAST engine defs: 11123101
00:00:38.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-9
00:00:38.593 Disk 0 Vendor: SAMSUNG_HS122JC GQ100-04 Size: 114473MB BusType: 3
00:00:38.593 Device \Driver\atapi -> DriverStartIo 871492c6
00:00:38.625 Disk 0 MBR read successfully
00:00:38.640 Disk 0 MBR scan
00:00:38.921 Disk 0 MBR:Pihar-C [Rtk]
00:00:38.921 Disk 0 TDL4@MBR code has been found
00:00:38.937 Disk 0 Windows XP default MBR code found via API
00:00:38.953 Disk 0 MBR hidden
00:00:38.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
00:00:39.000 Disk 0 MBR [TDL4] **ROOTKIT**
00:00:39.015 Disk 0 trace - called modules:
00:00:39.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys >>UNKNOWN [0x8714949f]<<
00:00:39.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aaa5030]
00:00:39.281 3 CLASSPNP.SYS[f74f7fd7] -> nt!IofCallDriver -> [0x8aa60850]
00:00:39.296 5 hpdskflt.sys[f7718536] -> nt!IofCallDriver -> \Device\0000008d[0x8aa209e8]
00:00:39.328 7 ACPI.sys[f735e620] -> nt!IofCallDriver -> [0x8aa20d98]
00:00:39.343 \Driver\atapi[0x8717e558] -> IRP_MJ_CREATE -> 0x8714949f
00:00:43.437 AVAST engine scan C:\WINDOWS
00:01:48.859 AVAST engine scan C:\WINDOWS\system32
00:18:49.500 AVAST engine scan C:\WINDOWS\system32\drivers
00:20:09.437 AVAST engine scan C:\Documents and Settings\Alyssa
00:35:48.265 File: C:\Documents and Settings\Alyssa\Local Settings\temp\jar_cache1959820748262691193.tmp **INFECTED** Win32:Renosa-M [Wrm]
02:58:33.593 AVAST engine scan C:\Documents and Settings\All Users
06:04:04.000 Scan finished successfully
08:08:30.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Alyssa\Desktop\MBR.dat"
08:08:30.906 The log file has been saved successfully to "C:\Documents and Settings\Alyssa\Desktop\aswMBR2.txt"
08:08:35.250 Disk 0 MBR read successfully
08:08:39.015 Disk 0 MBR:Pihar-C [Rtk]
08:08:39.031 Disk 0 TDL4@MBR code has been found
08:08:39.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
08:08:39.546 Disk 0 fixing MBR ...
08:08:39.578 Disk 0 MBR restored successfully
08:08:39.593 Verifying disinfection
08:08:51.687 Infection fixed successfully - please reboot ASAP
08:09:54.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Alyssa\Desktop\MBR.dat"
08:09:54.500 The log file has been saved successfully to "C:\Documents and Settings\Alyssa\Desktop\aswMBR3.txt"
  • 0

#7
Essexboy
Posted 02 January 2012 - 11:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you could now run the OTL fix please
  • 0

#8
Call Any Vegetable
Posted 02 January 2012 - 12:24 PM

Call Any Vegetable

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
OTL is still freezing up.
  • 0

#9
Essexboy
Posted 02 January 2012 - 12:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets get serious then :cool:

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks, also allow the instalation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#10
Call Any Vegetable
Posted 02 January 2012 - 02:01 PM

Call Any Vegetable

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
ComboFix 12-01-02.01 - Alyssa 01/02/2012 10:54:05.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2007.1260 [GMT -8:00]
Running from: c:\documents and settings\Alyssa\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\Alyssa\Application Data\DRO28.tmp
c:\documents and settings\Alyssa\Application Data\Google Talk
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2012-01-02 18:20 . 2012-01-02 18:20 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\MpKsl74a4dd5c.sys
2012-01-02 18:10 . 2012-01-02 18:10 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\MpKsl31290f76.sys
2012-01-02 17:56 . 2012-01-02 17:56 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\MpKsla872f29d.sys
2012-01-02 16:14 . 2012-01-02 16:14 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\MpKsl65e46685.sys
2012-01-02 16:14 . 2012-01-02 18:20 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\offreg.dll
2012-01-02 02:00 . 2012-01-02 02:00 -------- d-----w- C:\$AVG
2012-01-02 01:40 . 2012-01-02 01:40 -------- d-----w- c:\documents and settings\Alyssa\Application Data\AVG2012
2012-01-02 01:39 . 2012-01-02 01:39 -------- d-----w- c:\documents and settings\Alyssa\Application Data\AVG Secure Search
2012-01-02 01:39 . 2012-01-02 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-01-02 01:39 . 2012-01-02 01:39 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-01-02 01:39 . 2012-01-02 01:39 -------- d-----w- c:\program files\AVG Secure Search
2012-01-02 01:38 . 2012-01-02 01:38 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-01-02 01:36 . 2012-01-02 17:20 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-02 01:36 . 2012-01-02 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-02 01:33 . 2012-01-02 01:33 -------- d-----w- c:\program files\AVG
2012-01-02 01:24 . 2012-01-02 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-12-31 18:23 . 2011-12-31 18:23 -------- d-----w- C:\_OTL
2011-12-31 06:11 . 2011-12-31 06:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-12-31 06:09 . 2011-12-31 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-12-31 06:09 . 2011-12-31 06:11 -------- d-----w- c:\program files\McAfee Security Scan
2011-12-31 03:10 . 2011-12-31 03:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-12-31 03:10 . 2011-12-31 03:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2011-12-31 03:04 . 2011-12-31 03:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-31 03:03 . 2011-12-31 03:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-12-31 00:55 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\mpengine.dll
2011-12-13 18:44 . 2011-12-13 18:44 -------- d-----w- c:\program files\MSN Toolbar
2011-12-13 18:44 . 2011-12-13 18:45 -------- d-----w- c:\program files\Bing Bar Installer
2011-12-13 18:44 . 2011-12-13 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2011-12-13 18:44 . 2011-12-13 18:44 -------- d-----w- c:\program files\HP Photo Creations
2011-12-13 18:44 . 2011-12-13 18:44 -------- d-----w- c:\program files\Coupons
2011-12-13 18:43 . 2011-12-13 18:49 -------- d-----w- c:\documents and settings\Alyssa\Application Data\HpUpdate
2011-12-13 18:41 . 2011-12-13 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-12-13 18:41 . 2011-12-13 18:49 -------- d-----w- c:\documents and settings\Alyssa\Local Settings\Application Data\HP
2011-12-13 18:40 . 2010-11-17 00:53 267112 ----a-r- c:\windows\system32\hpinksts8811LM.dll
2011-12-13 18:40 . 2010-11-17 00:53 232296 ----a-r- c:\windows\system32\hpinksts8811.dll
2011-12-13 18:40 . 2010-11-17 00:53 213864 ----a-r- c:\windows\system32\hpinkcoi8811.dll
2011-12-13 18:39 . 2008-04-13 22:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-12-13 18:39 . 2008-04-13 22:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-31 06:09 . 2011-07-22 19:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 23:24 . 2010-01-02 23:51 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-01-14 04:06 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-02-28 12:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-03-06 01:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 14:23 . 2011-10-07 14:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-02 01:39 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-02 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2010-07-07 17:57 153064 ----a-w- c:\windows\system32\pfmshx_463.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 138008]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-05-23 677408]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-02 892768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 13:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 08:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
2007-05-14 20:39 124928 ----a-w- c:\windows\system32\accelerometerST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-12-15 21:47 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 17:12 17920 ----a-r- c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2007-05-03 15:52 57344 ----a-w- c:\program files\Hewlett-Packard\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-08-18 03:32 137536 ----atw- c:\documents and settings\Alyssa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-06-14 14:45 162584 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 04:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2006-02-28 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-11-01 21:51 995328 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 22:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-25 01:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2010-05-10 22:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 22:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2007-02-02 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snuvcdsm]
2007-05-23 16:21 20480 ----a-w- c:\windows\snuvcdsm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-05 16:36 872448 ------w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-06-04 10:17 1791272 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip]
2008-04-14 00:12 271872 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\tabtip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard]
2008-04-14 00:12 16384 ----a-w- c:\windows\Help\splshwrp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2007-05-23 16:00 192512 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatcherHelper]
2007-07-24 20:48 120352 ----a-w- c:\program files\HPQ\HP Connection Manager\WaHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sp_rssrv"=2 (0x2)
"McComponentHostService"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Documents and Settings\\Alyssa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"=
"c:\\Documents and Settings\\Alyssa\\Desktop\\utorrent.exe"=
"c:\\Documents and Settings\\Alyssa\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [4/26/2007 4:23 PM 100095]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [10/9/2006 10:31 AM 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [3/29/2007 1:54 PM 13696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 MpKsl31290f76;MpKsl31290f76;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\MpKsl31290f76.sys [1/2/2012 10:10 AM 29904]
R1 MpKsl65e46685;MpKsl65e46685;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\MpKsl65e46685.sys [1/2/2012 8:14 AM 29904]
R1 MpKsl74a4dd5c;MpKsl74a4dd5c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\MpKsl74a4dd5c.sys [1/2/2012 10:20 AM 29904]
R1 MpKsla872f29d;MpKsla872f29d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\MpKsla872f29d.sys [1/2/2012 9:56 AM 29904]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [4/18/2007 11:32 AM 39080]
R1 pfmfs_463;pfmfs_463;c:\windows\system32\drivers\pfmfs_463.sys [1/3/2011 11:05 PM 191848]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [4/26/2007 4:23 PM 5808]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 4:00 AM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 4:00 AM 14336]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [11/23/2011 2:36 AM 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [4/27/2007 7:58 AM 221184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/2/2010 3:51 PM 652872]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [3/5/2009 7:22 PM 540448]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [12/4/2006 1:13 PM 292384]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.EXE [3/5/2009 6:20 PM 1489688]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [1/1/2012 5:39 PM 869216]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [3/5/2009 6:23 PM 41216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/2/2010 3:51 PM 20464]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [3/5/2009 12:48 PM 14208]
S1 MpKsl01430a08;MpKsl01430a08;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D55E4423-D6A7-439F-912E-1EFFBD3F2384}\MpKsl01430a08.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D55E4423-D6A7-439F-912E-1EFFBD3F2384}\MpKsl01430a08.sys [?]
S1 MpKsl073a1f33;MpKsl073a1f33;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C8ECCAE-D105-49A6-AEEB-11CA8803CADB}\MpKsl073a1f33.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C8ECCAE-D105-49A6-AEEB-11CA8803CADB}\MpKsl073a1f33.sys [?]
S1 MpKsl137a37ba;MpKsl137a37ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{329A8193-4D07-44E0-94E3-AC849BC47189}\MpKsl137a37ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{329A8193-4D07-44E0-94E3-AC849BC47189}\MpKsl137a37ba.sys [?]
S1 MpKsl4b685d04;MpKsl4b685d04;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\MpKsl4b685d04.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\MpKsl4b685d04.sys [?]
S1 MpKsl53923a64;MpKsl53923a64;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\MpKsl53923a64.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0FE9EA4-E763-4692-936C-0EA70E46AA5E}\MpKsl53923a64.sys [?]
S1 MpKsl7a251623;MpKsl7a251623;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97498BF3-78EC-4A9D-91B1-168073923000}\MpKsl7a251623.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97498BF3-78EC-4A9D-91B1-168073923000}\MpKsl7a251623.sys [?]
S1 MpKsl9be4cb77;MpKsl9be4cb77;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D55E4423-D6A7-439F-912E-1EFFBD3F2384}\MpKsl9be4cb77.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D55E4423-D6A7-439F-912E-1EFFBD3F2384}\MpKsl9be4cb77.sys [?]
S1 MpKslb16b8519;MpKslb16b8519;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C27077E-9419-49A1-A4CD-114E5941D2B0}\MpKslb16b8519.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C27077E-9419-49A1-A4CD-114E5941D2B0}\MpKslb16b8519.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/15/2009 8:01 PM 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [4/23/2007 10:13 AM 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [4/30/2007 5:28 AM 172131]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/15/2009 8:01 PM 133104]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL74A4DD5C
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-17 05:12]
.
2012-01-02 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-17 05:12]
.
2012-01-02 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-17 05:12]
.
2011-12-31 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-17 05:12]
.
2012-01-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-1500820517-839522115-1005Core.job
- c:\documents and settings\Alyssa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-18 03:32]
.
2012-01-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-1500820517-839522115-1005UA.job
- c:\documents and settings\Alyssa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-18 03:32]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 04:01]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 04:01]
.
2012-01-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:55455
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 97.64.183.164 97.64.209.37
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\ubgp0wt2.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B40932fa5-373d-41b8-ba76-20f826b67421%7D&mid=d34fa77a6ae147d1913cd16b22d0591f-4a4ba76e246e7942c3a80c8880c10960b15dd58f&ds=AVG&v=9.0.0.23&lang=en&pr=pr&d=2012-01-01%2017%3A39%3A19&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: general.useragent.extra.brc - BRI/1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-02 11:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1572)
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\SbHpNp.DLL
c:\windows\system32\netprovcredman.dll
c:\windows\system32\DeviceNP.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
.
Completion time: 2012-01-02 11:46:33
ComboFix-quarantined-files.txt 2012-01-02 19:46
ComboFix2.txt 2011-01-12 22:29
.
Pre-Run: 7,907,975,168 bytes free
Post-Run: 9,036,918,784 bytes free
.
- - End Of File - - 4CFB53583967D87A2E666F7B72990B29






My computer is definitely running better. The popups have gone.. but it's still running very slow.
  • 0

#11
Essexboy
Posted 02 January 2012 - 04:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is the slowness during start, whilst surfing or just general use ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#12
Call Any Vegetable
Posted 03 January 2012 - 01:18 PM

Call Any Vegetable

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
The slowness is mostly during startup. Opening programs or folders takes forever.. and not just right after the computer is turned on.

Here is my Mbam report.



Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.02.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Alyssa :: 1-FCB8E25A0C824 [administrator]

Protection: Disabled

1/3/2012 10:54:06 AM
mbam-log-2012-01-03 (10-54-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208373
Time elapsed: 11 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:55455 -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Alyssa\Local Settings\Application Data\pyi.exe" -a "C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#13
Essexboy
Posted 03 January 2012 - 01:38 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Drive C: | 111.78 Gb Total Space | 8.28 Gb Free Space | 7.40% Space Free | Partition Type: NTFS

This is part of the problem as windows generally needs about 15% free space to play with

What I will do now is remove my tools, reset the restore points and then see how much space is remaining . Once you have completed these tasks then defragment your C drive... Then let me know if there is an improvement

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#14
Essexboy
Posted 05 January 2012 - 02:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP