Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WIN 32:Malware gen keeps saying My dongle is infected EVEN though


  • This topic is locked This topic is locked

#1
Clare Rawlins

Clare Rawlins

    New Member

  • Member
  • Pip
  • 4 posts
as i was saying , My thread title got cut of , even though i brought a new one! and its saying the same thing.

I have a malware or so My avast free antivirus tells me. I believe this came from a music file i got from a friend which i got rid of and uninfected my computer (with various full scans indicating nothing ) Until My 3 connect dongle some how became infected or so I thought as the program that starts it kept saying there was a malware (win32:Malware gen ) when I tried to start the program to go on my internet.
I uninstalled the whole thing and re-installed and it said the same thing, so I again Uninstalled and got rid of all registry entries mentioning the program, tried again with the same thing happening.
so I gave up to Buy another one a few days ago, this is saying the same thing EVEN THOUGH it is a totally new dongle and program file!
I don't know what to do as when I actually scan with My avast it says nothing?? WHEN the program and dongle are uninstalled??

I also clicked the false positive by mistake yesterday , which means IF it is still infected its not saying anymore BUT I also tried the MCshield program for removing and detecting malwares on ALL my 3 USB dongles and it didn't find anything :( I'm totally stuck now , as I believe its not the actual programs or dongles infected BUT maybe something saying it is?? or maybe My internet process??
Still ...like I said when i did do a full scan on my whole computer (after uninstalling everything to do with My 3 connect dongle) I got a clean scan with no viruses, even before clicking the false positive (BUT before i got the new dongle) , then loaded the new one and got the same message from the new dongle as i did from the old one (the win32 malware gen), so I may of brought it for no reason now (which is annoying! ).

As you Brilliant people here have helped before I thought i would come for some help!
Here is My OTL file as instructed , couldn't remember if I added the extra text file last time so thought i better this time too. Thank you again for your help :)



OTL logfile created on: 1/6/2012 11:21:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\clare\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 76.91% Memory free
2.48 Gb Paging File | 2.28 Gb Available in Paging File | 92.18% Paging File free
Paging file location(s): C:\pagefile.sys 1149 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 67.38 Gb Free Space | 60.28% Space Free | Partition Type: NTFS
Drive D: | 542.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1007.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 27.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CLARE-FA8362144 | User Name: clare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\clare\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12010601\algo.dll ()
MOD - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (BecHelperService) -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe ()


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (mdvrmng) -- C:\WINDOWS\system32\drivers\mdvrmng.sys ()
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_usbenumfilter) -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.oberon-...com/istart.html
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://search.bearsh...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Twilight Eclipse Small = C:\Documents and Settings\clare\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agkanefolkjijhdnpcbmegdgeahnkbjf\1.0_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\clare\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\clare\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

O1 HOSTS File: ([2004/08/12 13:57:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-412668190-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/04 17:18:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/04/18 07:23:00 | 000,000,041 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/07/26 14:37:22 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2008/07/26 14:45:07 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008/07/26 14:45:08 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2008/07/26 14:44:48 | 000,000,156 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2011/03/23 18:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/07/22 11:37:40 | 000,027,750 | R--- | M] () - F:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/03/23 18:17:40 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2e519ef4-160d-11e1-a16f-f927e6e61e43}\Shell - "" = AutoRun
O33 - MountPoints2\{2e519ef4-160d-11e1-a16f-f927e6e61e43}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e519ef4-160d-11e1-a16f-f927e6e61e43}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/23 18:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2e519ef8-160d-11e1-a16f-f927e6e61e43}\Shell - "" = AutoRun
O33 - MountPoints2\{2e519ef8-160d-11e1-a16f-f927e6e61e43}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e519ef8-160d-11e1-a16f-f927e6e61e43}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/23 18:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2e519efb-160d-11e1-a16f-f927e6e61e43}\Shell - "" = AutoRun
O33 - MountPoints2\{2e519efb-160d-11e1-a16f-f927e6e61e43}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e519efb-160d-11e1-a16f-f927e6e61e43}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/23 18:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{37cc8c70-db00-11e0-a0ff-9bf2ca67acde}\Shell - "" = AutoRun
O33 - MountPoints2\{37cc8c70-db00-11e0-a0ff-9bf2ca67acde}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{37cc8c70-db00-11e0-a0ff-9bf2ca67acde}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/23 18:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4b95d778-1614-11e1-a170-e781c8372e43}\Shell - "" = AutoRun
O33 - MountPoints2\{4b95d778-1614-11e1-a170-e781c8372e43}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b95d778-1614-11e1-a170-e781c8372e43}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/23 18:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4b95d784-1614-11e1-a170-e781c8372e43}\Shell - "" = AutoRun
O33 - MountPoints2\{4b95d784-1614-11e1-a170-e781c8372e43}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b95d784-1614-11e1-a170-e781c8372e43}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/23 18:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4b95d786-1614-11e1-a170-e781c8372e43}\Shell - "" = AutoRun
O33 - MountPoints2\{4b95d786-1614-11e1-a170-e781c8372e43}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b95d786-1614-11e1-a170-e781c8372e43}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/23 18:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{caf25f54-38b9-11e1-a1a8-edcee9d11543}\Shell - "" = AutoRun
O33 - MountPoints2\{caf25f54-38b9-11e1-a1a8-edcee9d11543}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{caf25f54-38b9-11e1-a1a8-edcee9d11543}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/23 18:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ec965cfa-db00-11e0-a100-eb6bc35da4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{ec965cfa-db00-11e0-a100-eb6bc35da4cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ec965cfa-db00-11e0-a100-eb6bc35da4cd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/23 18:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fdf3348d-bec0-11e0-a0b1-ec615a2c60d4}\Shell - "" = AutoRun
O33 - MountPoints2\{fdf3348d-bec0-11e0-a0b1-ec615a2c60d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fdf3348d-bec0-11e0-a0b1-ec615a2c60d4}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/23 18:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fdf3348f-bec0-11e0-a0b1-ec615a2c60d4}\Shell - "" = AutoRun
O33 - MountPoints2\{fdf3348f-bec0-11e0-a0b1-ec615a2c60d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fdf3348f-bec0-11e0-a0b1-ec615a2c60d4}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/23 18:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fdf33491-bec0-11e0-a0b1-ec615a2c60d4}\Shell - "" = AutoRun
O33 - MountPoints2\{fdf33491-bec0-11e0-a0b1-ec615a2c60d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fdf33491-bec0-11e0-a0b1-ec615a2c60d4}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/23 18:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/06 23:04:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\clare\Desktop\OTL.exe
[2012/01/06 22:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\clare\Application Data\Birdstep Technology
[2012/01/06 22:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\3 Mobile Broadband
[2012/01/06 22:58:18 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2012/01/06 22:58:18 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2012/01/06 22:58:18 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2012/01/06 22:58:18 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2012/01/06 22:58:18 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2012/01/06 22:58:18 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2012/01/06 22:58:18 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2012/01/06 22:58:18 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2012/01/06 22:58:18 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2012/01/06 22:58:18 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2012/01/06 22:58:18 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2012/01/06 22:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Huawei Modems
[2012/01/06 22:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2011/12/09 19:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\clare\My Documents\diablo2 weapons saved
[2011/08/04 19:14:07 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/11/24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/06 23:10:15 | 000,186,824 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/06 23:10:13 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/06 23:09:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/06 23:09:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/06 23:09:43 | 1609,420,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/06 23:07:47 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/06 23:04:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\clare\Desktop\OTL.exe
[2012/01/06 23:02:06 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/06 22:58:34 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\3Connect.lnk
[2012/01/06 22:58:34 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\clare\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2012/01/06 22:58:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/01/06 22:58:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2012/01/06 22:58:06 | 000,067,156 | ---- | M] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[2012/01/06 20:06:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2012/01/06 13:26:34 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/12/31 20:06:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\wavepadDowngrade.job
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/06 22:58:34 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3Connect.lnk
[2012/01/06 22:58:34 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\clare\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2012/01/06 22:58:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/01/06 22:58:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2012/01/06 22:58:05 | 000,067,156 | ---- | C] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[2012/01/06 22:58:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2011/12/31 20:06:00 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\wavepadDowngrade.job
[2011/09/28 15:34:17 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\clare\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/26 15:03:41 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/09/21 12:14:11 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/09/21 12:12:33 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/09/21 12:12:33 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/09/21 12:12:33 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/09/21 11:51:32 | 000,035,314 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/08/23 18:24:05 | 000,667,978 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2011/08/23 18:24:05 | 000,006,479 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2011/08/04 21:08:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2011/08/04 21:08:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/08/04 19:52:05 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-00201102}.dat
[2011/08/04 19:52:05 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000002-00201102}.dat
[2011/08/04 19:14:41 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2011/08/04 19:14:40 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2011/08/04 19:14:40 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2011/08/04 19:14:11 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2011/08/04 19:14:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/08/04 19:14:08 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/08/04 19:14:08 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/08/04 19:14:08 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2011/08/04 19:14:08 | 000,113,273 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2011/08/04 19:14:08 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/08/04 19:14:07 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2011/08/04 19:14:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2011/08/04 19:14:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2011/08/04 19:14:07 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2011/08/04 18:07:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/08/04 18:06:20 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/04 17:20:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/08/04 17:15:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/19 11:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2010/01/19 11:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\RemoveDevice.dll
[2008/12/19 15:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 17:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 17:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 17:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 17:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 16:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/05/16 13:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 13:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/16 13:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 13:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/16 13:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 13:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 13:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/16 13:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/16 13:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/11/02 16:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/12 14:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 14:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 14:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 14:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 14:03:20 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 14:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 14:03:19 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 14:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 13:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 13:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 13:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 13:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/08/23 14:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3A29F
[2011/08/04 21:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/26 14:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/01/06 22:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2011/08/16 10:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/08/04 17:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/10/30 22:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/08/11 17:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/09/20 17:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/04 17:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2012/01/06 22:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clare\Application Data\Birdstep Technology
[2011/09/27 12:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clare\Application Data\bsbandmltbpi
[2011/11/04 16:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clare\Application Data\Magic Match
[2011/08/10 12:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clare\Application Data\Petroglyph
[2011/10/30 22:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clare\Application Data\PlayFirst
[2011/08/04 17:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Birdstep Technology
[2011/08/30 14:06:17 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
[2011/08/23 14:07:01 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2011/12/31 20:06:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadDowngrade.job
[2012/01/06 20:06:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700CD00E

< End of report >




and the extras file




OTL Extras logfile created on: 1/6/2012 11:21:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\clare\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 76.91% Memory free
2.48 Gb Paging File | 2.28 Gb Available in Paging File | 92.18% Paging File free
Paging file location(s): C:\pagefile.sys 1149 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 67.38 Gb Free Space | 60.28% Space Free | Partition Type: NTFS
Drive D: | 542.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1007.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 27.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CLARE-FA8362144 | User Name: clare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-842925246-412668190-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 29
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{6292FC53-E103-458D-AF49-35314F55641A}" = Tradewinds 2
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11052313}" = Magic Match
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111120777}" = Chicken Attack
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B1899CD8-9584-4DC5-00AE-48F47CF81183}" = The Sims 2 HomeCrafter Plus
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Art Shop_is1" = Art Shop
"avast" = avast! Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"Cake Mania" = Cake Mania (remove only)
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"Diablo II" = Diablo II
"Google Chrome" = Google Chrome
"Huawei Modems" = Huawei modem
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Prism" = Prism Video File Converter
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"SimPE PhotoStudio Templates_is1" = SimPE PhotoStudio Templates 3.0
"SimPE_is1" = SimPE 0.72 (alpha)
"Sims 2 Pets Custom Content Updater Version 1.01" = Sims 2 Pets Custom Content Updater Version 1.01
"Sims2Pack Clean Installer" = Sims2Pack Clean Installer
"ST6UNST #1" = Hero Editor V0.95
"Switch" = Switch Sound File Converter
"The Sims 2 Poster Importer" = The Sims 2 Poster Importer
"Tradewinds Legends_is1" = Tradewinds Legends
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"WavePad" = WavePad Sound Editor
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"YTdetect" = Yahoo! Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/7/2011 3:32:46 PM | Computer Name = CLARE-FA8362144 | Source = | ID = 0
Description =

Error - 11/7/2011 3:32:46 PM | Computer Name = CLARE-FA8362144 | Source = | ID = 0
Description =

Error - 11/18/2011 9:58:22 AM | Computer Name = CLARE-FA8362144 | Source = Application Error | ID = 1000
Description = Faulting application sweaw.exe, version 1.0.5.0, faulting module unknown,
version 0.0.0.0, fault address 0x04b49eed.

Error - 11/20/2011 4:05:38 PM | Computer Name = CLARE-FA8362144 | Source = | ID = 0
Description =

Error - 11/20/2011 4:05:38 PM | Computer Name = CLARE-FA8362144 | Source = | ID = 0
Description =

Error - 11/20/2011 4:05:38 PM | Computer Name = CLARE-FA8362144 | Source = | ID = 0
Description =

Error - 11/23/2011 1:57:24 PM | Computer Name = CLARE-FA8362144 | Source = Application Error | ID = 1000
Description = Faulting application swfoc.exe, version 1.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x05bec887.

Error - 11/23/2011 3:19:49 PM | Computer Name = CLARE-FA8362144 | Source = Application Hang | ID = 1002
Description = Hanging application WinRAR.exe, version 3.51.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/29/2011 10:04:44 AM | Computer Name = CLARE-FA8362144 | Source = Application Hang | ID = 1002
Description = Hanging application AvastUI.exe, version 6.0.1289.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2011 7:56:15 AM | Computer Name = CLARE-FA8362144 | Source = Application Hang | ID = 1002
Description = Hanging application LaunchEAWX.exe, version 1.7.7.270, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/28/2011 10:18:20 AM | Computer Name = CLARE-FA8362144 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/30/2011 8:55:48 AM | Computer Name = CLARE-FA8362144 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 12/30/2011 10:18:21 AM | Computer Name = CLARE-FA8362144 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/1/2012 7:55:30 AM | Computer Name = CLARE-FA8362144 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 1/1/2012 10:18:22 AM | Computer Name = CLARE-FA8362144 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/2/2012 7:53:11 AM | Computer Name = CLARE-FA8362144 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 1/3/2012 4:53:39 AM | Computer Name = CLARE-FA8362144 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 1/3/2012 10:18:23 AM | Computer Name = CLARE-FA8362144 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/5/2012 10:18:24 AM | Computer Name = CLARE-FA8362144 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/6/2012 9:03:19 AM | Computer Name = CLARE-FA8362144 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.


< End of report >

Edited by Clare Rawlins, 07 January 2012 - 07:15 PM.

  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found
    O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found
    [2011/08/23 14:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3A29F
    [2011/09/27 12:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clare\Application Data\bsbandmltbpi
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\PROGRA~1\BEARSH~1\MediaBar
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Can you please tell me exactly what the avast! alerts say? (Filename, file location, detection name etc.) If you can, please make a screenshot of it and post it here. :thumbsup:
  • 0

#3
Clare Rawlins

Clare Rawlins

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Ok for some reason the log I had for the malware has gone ?? It was saying this though

win32: malware gen and it was this file that was supposedly infected :3 connect welcome app exe

Ok so I found this information in the avast statistics reports and it now says the last scan I did actually healed it?? BUT never said this at the time. It was still saying it was infected, which is strange.
so i Checked the avast satistics logs from when it started to give the first virus alerts. It tells me there were 5 infected files which was on 23rd november 2011, they were all win32: malware gen apart from 1 file although.... for some reason the log files are gone and I don't Know how to find out what the files were now from My avast, seeing as the log files have disappeared?? Even the one from the other day. The security file only says how many files were infected and when BUT NOT what viruses it had.


Could it be saying healed because I checked the false positive by mistake? The other files were took from My computer because they were files I could get rid of rather easily, Like music files and also 3 restore files. Looking back I suppose the blue screens did start around november, But as I didn't have any internet I couldn't Update My avast , so for some reason these viruses didn't show up until I updated My avast , when I got My internet back. every time I started My 3 connect up after doing the update ,it was saying that the welcome app (which starts the modem and runs the program for it ) was Infected. so as I said before I tried to re-install etc and even ended up buying another and It was still saying the new dongles file was infected??

Maybe It was a virus which plays games and gives you false information I don't Know??
It may of healed it Now, what I'm going to do Is run the OTL and also see if the old dongle is still saying the same thing, and then get back to you . I also ran a malware and It came up clean the last few days.
I was worried i had a program that was infected But giving me false reading OR Only opening when I ran the internet???
As everytime I uninstalled and did a full scan It was clean UNTIL i ran the 3 connect program again and It came up EVEN after scanning all the files on the dongle (and off the dongle )and everything else in the computer, This also came up clean , ONLY when I ran the program did it give me a virus warning.

ALSO yes that stupid bearshare program may of started this, My daughter loaded this to the computer, I have warned them about limewire etc BUT didn't know about the bearshare UNTIL reading one of your topics AND uninstalling it, after one of the files were infected!
AND then i read it on your topic about 'how did i become infected in the first place' and realised this is where it all came from I expect!

I also remembered that when looking at the OTL LOG that my local settings had disappeared , I couldn't find them?? they seem to of disappeared from where they usually were, don't know if that is of any consequence BUT they aren't there anymore.


Ok so going to do the things you suggest and will get back to you, Thank you for the reply and I totally understand how swamped you guys are . Thank u

I will edit and add it to this post :)
AGAIN THANK U GAMMO!! Hopefully this bearshare program hasn't mucked up my computer registry! Which I think it has as I keep getting the blue screen of death! all saying different messages now! Although they either happen daily OR it goes by a week then they start up again!


HERE IS THE OTL LOG:


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found.
C:\Documents and Settings\All Users\Application Data\3A29F folder moved successfully.
C:\Documents and Settings\clare\Application Data\bsbandmltbpi folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET7B.tmp deleted successfully.
C:\WINDOWS\System32\SET7F.tmp deleted successfully.
C:\WINDOWS\System32\SET80.tmp deleted successfully.
C:\WINDOWS\System32\SET87.tmp deleted successfully.
C:\WINDOWS\002569_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
C:\Documents and Settings\clare\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\clare\Desktop\cmd.txt deleted successfully.
File\Folder C:\PROGRA~1\BEARSH~1\MediaBar not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: clare
->Temp folder emptied: 490599121 bytes
->Temporary Internet Files folder emptied: 12122129 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 479061018 bytes
->Flash cache emptied: 10881 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38210637 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 149468246 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2344176 bytes

Total Files Cleaned = 1,118.00 mb


[EMPTYFLASH]

User: All Users

User: clare
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 01132012_184356

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

UPDATE :
i also just found the results from the Avast shield log!

it says this:

FILE NAME

C:\Program Files\...\WelcomeApp.exe


SEVERITY

High


STATUS

Threat:Win32:Malware-gen


ACTION

Moved to virus chest


RESULT

(tick) ACTION SUCCESSFUL


So it doesn't say it was fixed on the log either?? Hope this helps more , Knew I would find something in the end :)

Edited by Clare Rawlins, 13 January 2012 - 01:19 PM.

  • 0

#4
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Judging by your story I'm quite sure it was just a (real) false positive (that, and your OTL log was quite clean). My guess is that avast has since then fixed the false positive. That would also explain why you're nothing getting the alerts anymore.


In order to cleanup OTL (please do this after you've run the OTL fix in my previous post):
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

If it's OK with you, I'm gonna close this topic in a couple of days (marking it as resolved). :)
  • 0

#5
Clare Rawlins

Clare Rawlins

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
WOW Thank u for being so quick lol , I was still changing my topic when you had replied although I think you are right , I didn't want to go into any of My accounts on any forums or anything Incase My passwords were in trouble of being sent to someone due to a virus or malware!

And sure that is ok to close this in a few days, If I have any trouble in the next few days i will let you Know, BUT I'M SURE YOU ARE RIGHT, go figure an actual false positive!
Ok I will run the clean up and Thank you very Much for your help :)
  • 0

#6
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP