Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer locking up at boot and at random times [Solved]


  • This topic is locked This topic is locked

#1
Alysher

Alysher

    Member

  • Member
  • PipPipPip
  • 122 posts
first a bit of background.

our household has 8 ppl in it. 5 kids 8 adults. this machine that is infected is used by 4 of the kids and one of the adults. the others(one highschool home schooled teen, my GF and myself) all have their own system. since i have more computer experence then everyone else combined im deemed the tech guy for the house....unfortunatly my specialities lie with hardware and building, not malware and such.

now i KNOW this system is infected, as mentioned in the title of the post the computer will lock up for a breif period of time upon login, about 5 minutes or so and at random times while browsing. i have also seen the screen rotate in a way its not suppose to(clockwise. and shortly after opening firefox.) no one is allowed administrator privs except myself so every one else has there own accounts. i also have a piece of software that will limit the ammout of time every one has on the computer. the name of that software is TimesUpKidz.

i am running both Avast and MSE for secruity atm, mostly cause i figure both would help with keeping the system clean. after reading a few of the facts i think i MAY be under protected.

i keep windows updated as best as possible. i do not have automatic updates on only because this machine also keeps the house phone running and with out a script to log the administrator in and switch users after all the magicjack software is running it has to be manually done after a reboot. i grant most updates wont require an update, but there have been days that i come down in the morning only to find that the computer rebooted over night....and i dont have time to start up the account again.

about every other night after every one else has gone to bed i check to see if there are any updates and install them all.

i also make sure that Firefox is the only way the users can access the internet. well its just the default browser atm. not sure if i can completely block IE nor sure if i should.

well here is my log from OTL. its attached as well. not sure if i can just attach it or if i NEED to post it.


OTL Extras logfile created on: 2/5/2012 8:23:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\MagicJack\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.63% Memory free
3.98 Gb Paging File | 2.93 Gb Available in Paging File | 73.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 26.43 Gb Free Space | 35.51% Space Free | Partition Type: NTFS

Computer Name: ROLAND | User Name: MagicJack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{1747DF05-6890-440B-B094-2146F5DC50E0}" = HP MediaSmart SlingPlayer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5C3E7880-7F8B-4A06-A3C3-95509F092161}" = HP MediaSmart SmartMenu
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver 14.0 Rel. 5
"{76423878-BF55-4C2F-AC25-2A82CE9AFB7A}" = Windows 7 Logon Background Changer
"{837DA79C-B12B-4709-9B9B-16D1468E418A}" = TimesUpKidz
"{86391634-A94B-4355-8397-3D85C2F942DA}" = SP45575 - Wallpaper Picture Position Enabler for Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{D7305ABA-0FF9-41E0-8513-132963E1C0BC}" = WebEx Training Manager for Firefox or Chrome
"{DBDAD850-F8CD-45DA-8077-44368A1F959F}" = HP Support Assistant
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DVDStyler Toolbar" = DVDStyler Toolbar
"DVDStyler_is1" = DVDStyler v2.0.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Prism" = Prism Video File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/4/2012 7:09:00 PM | Computer Name = Roland | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 8.0.0.4325 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1ee8 Start
Time: 01cccb2cfa12f5be Termination Time: 34 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 113f91ac-3729-11e1-9c8a-001b3883af07

Error - 1/16/2012 8:09:40 PM | Computer Name = Roland | Source = Application Error | ID = 1000
Description = Faulting application name: DVDAgent.exe, version: 5.0.0.0, time stamp:
0x4a685206 Faulting module name: CLRCEngine3.dll_unloaded, version: 0.0.0.0, time
stamp: 0x490efec5 Exception code: 0xc0000005 Fault offset: 0x10001e3e Faulting process
id: 0xf3c Faulting application start time: 0x01ccd250cfadb2cc Faulting application
path: c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe Faulting module path:
CLRCEngine3.dll Report Id: 8c0b7f04-409f-11e1-88d0-001b3883af07

Error - 1/25/2012 1:33:13 AM | Computer Name = Roland | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 1/26/2012 2:20:21 AM | Computer Name = Roland | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 1/27/2012 1:32:22 AM | Computer Name = Roland | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 1/28/2012 1:32:43 AM | Computer Name = Roland | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 1/29/2012 1:32:50 AM | Computer Name = Roland | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 1/29/2012 1:57:44 AM | Computer Name = Roland | Source = Application Error | ID = 1000
Description = Faulting application name: DVDAgent.exe, version: 5.0.0.0, time stamp:
0x4a685206 Faulting module name: CLRCEngine3.dll_unloaded, version: 0.0.0.0, time
stamp: 0x490efec5 Exception code: 0xc0000005 Fault offset: 0x10001e3e Faulting process
id: 0xb58 Faulting application start time: 0x01ccdbef6a796252 Faulting application
path: c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe Faulting module path:
CLRCEngine3.dll Report Id: 290a3e72-4a3e-11e1-b18b-001b3883af07

Error - 1/30/2012 1:32:40 AM | Computer Name = Roland | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 1/31/2012 11:35:43 AM | Computer Name = Roland | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

[ Hewlett-Packard Events ]
Error - 11/28/2011 5:48:42 PM | Computer Name = Roland | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 11/28/2011 5:48:42 PM | Computer Name = Roland | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 12/1/2011 4:12:13 PM | Computer Name = Roland | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 12/1/2011 4:12:13 PM | Computer Name = Roland | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 12/1/2011 4:12:26 PM | Computer Name = Roland | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 12/15/2011 4:14:48 PM | Computer Name = Roland | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ System Events ]
Error - 1/30/2012 3:27:57 PM | Computer Name = Roland | Source = DCOM | ID = 10016
Description =

Error - 1/31/2012 8:29:13 AM | Computer Name = Roland | Source = DCOM | ID = 10010
Description =

Error - 1/31/2012 9:48:03 AM | Computer Name = Roland | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 1/31/2012 11:12:32 AM | Computer Name = Roland | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 1/31/2012 2:38:36 PM | Computer Name = Roland | Source = DCOM | ID = 10010
Description =

Error - 1/31/2012 7:21:59 PM | Computer Name = Roland | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 1/31/2012 8:23:10 PM | Computer Name = Roland | Source = DCOM | ID = 10010
Description =

Error - 2/1/2012 2:50:18 AM | Computer Name = Roland | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 2/1/2012 3:53:40 PM | Computer Name = Roland | Source = Service Control Manager | ID = 7011
Description = A timeout (60001 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 2/1/2012 8:58:48 PM | Computer Name = Roland | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

Advertisements


#2
Alysher

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
forgot to add the extras.txt....here you go
  • 0

#3
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, Alysher! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.





P2P Warning!:

IMPORTANT I have noticed that there are signs of uTorrent P2P (Person to Person) File Sharing Program on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.



You have two anti-virus programs running ( MS Security Essentials & Avast Anti-Virus). I strongly recommend that you have only one antivirus product installed and running on your computer at a time. I would recommend you uninstall MS security Essentials and keep Avast.

Multiple installed antivirus products can lead to a clash as products fight for access to files which are being opened since they need to be checked for viruses. In general terms, the programs may conflict and cause:
False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to multiple products attempting to access the same file at the same time. (This is what is most likely causing the delay you describe on startup.)

Therefore, download AppRemover to your desktop, follow the prompts, and remove MS Security Essentials. You will be required to reboot the computer after removal.

Layered protection is a good thing to have but not this way. Once we clean up your computer, I will make recommendations on how to do that and what products we recommend here at G2G.




Step 1.

Rerun OTL with these settings:

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users, LOP Check, and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt
  • Post the log


Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


Step 3.

Please post:

OTL.txt
aswMBR log


Give me any updates on issues with your computer
  • 0

#4
Alysher

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
i took your suggestions and removed utorrent and MSE. here are your logs.


OTL logfile created on: 2/5/2012 10:59:05 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\MagicJack\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.98% Memory free
3.98 Gb Paging File | 3.03 Gb Available in Paging File | 76.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 26.72 Gb Free Space | 35.90% Space Free | Partition Type: NTFS

Computer Name: ROLAND | User Name: MagicJack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/05 20:22:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\MagicJack\Downloads\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/22 14:34:22 | 000,011,264 | ---- | M] () -- C:\Program Files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/16 12:42:30 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/09 11:38:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/21 05:34:52 | 000,567,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2007/09/15 02:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe


========== Modules (No Company Name) ==========

MOD - [2009/09/16 12:42:28 | 000,931,112 | ---- | M] () -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/21 05:34:52 | 000,567,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/12 08:14:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/10/22 14:34:22 | 000,011,264 | ---- | M] () [Auto | Running] -- C:\Program Files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe -- (TimesUpKidz)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/09/09 11:38:10 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/11/10 08:09:54] [Kernel | Auto | Running] -- c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3485651380-2356597060-1245099679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111220
IE - HKU\S-1-5-21-3485651380-2356597060-1245099679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3485651380-2356597060-1245099679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3485651380-2356597060-1245099679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 FE 9C 74 DE A0 CC 01 [binary data]
IE - HKU\S-1-5-21-3485651380-2356597060-1245099679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-3485651380-2356597060-1245099679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111220&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/11 19:12:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/11 19:04:15 | 000,000,000 | ---D | M]

[2011/11/11 21:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MagicJack\AppData\Roaming\Mozilla\Extensions
[2011/12/20 13:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions
[2011/12/20 13:05:25 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}
[2011/11/13 21:18:48 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/12/20 13:05:50 | 000,001,945 | ---- | M] () -- C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\searchplugins\bing-zugo.xml
[2011/11/15 20:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/11 19:12:22 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 05:34:30 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/11/14 08:45:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-3485651380-2356597060-1245099679-1000..\Run: [cdloader] C:\Users\MagicJack\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\MagicJack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\MagicJack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magicJack.lnk = C:\Users\MagicJack\AppData\Roaming\mjusbsp\magicJackLoader.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3485651380-2356597060-1245099679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3485651380-2356597060-1245099679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3485651380-2356597060-1245099679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0B016E8-57F0-4CD6-B9E7-E784DB9B7E5C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5bf3f0d9-0ccd-11e1-93a9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5bf3f0d9-0ccd-11e1-93a9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{7ab94278-15ec-11e1-88f0-001b3883af07}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{7ab94278-15ec-11e1-88f0-001b3883af07}\Shell\phone\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/05 21:22:47 | 000,000,000 | ---D | C] -- C:\Users\MagicJack\AppData\Local\CyberLink
[2012/02/05 21:22:46 | 000,000,000 | ---D | C] -- C:\Users\MagicJack\AppData\Local\PowerCinema
[2012/02/05 17:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012/02/05 17:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012/02/05 17:43:00 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012/02/05 17:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/01/30 17:20:43 | 000,000,000 | ---D | C] -- C:\Users\MagicJack\AppData\Roaming\CyberLink
[2012/01/30 17:18:45 | 000,000,000 | ---D | C] -- C:\Users\MagicJack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2012/01/30 17:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2012/01/30 17:17:59 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2012/01/30 17:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2012/01/11 17:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2012/01/11 17:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2012/01/10 13:19:13 | 000,461,824 | ---- | C] (Wowhead) -- C:\Users\MagicJack\Desktop\Wowhead_Client.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/05 22:53:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/05 22:52:53 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/05 22:52:53 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/05 22:16:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1002UA.job
[2012/02/05 21:21:18 | 000,000,627 | ---- | M] () -- C:\Users\MagicJack\Desktop\World Of Warcraft.lnk
[2012/02/05 20:24:51 | 000,010,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 20:24:51 | 000,010,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 20:22:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1001UA.job
[2012/02/05 20:22:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1001Core.job
[2012/02/05 20:19:11 | 000,001,001 | ---- | M] () -- C:\Users\MagicJack\Desktop\magicJack.lnk
[2012/02/05 20:13:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/05 20:13:27 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/05 17:46:12 | 000,176,333 | ---- | M] () -- C:\Windows\hpoins35.dat
[2012/02/05 10:16:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1002Core.job
[2012/01/30 17:18:46 | 000,000,963 | ---- | M] () -- C:\Users\MagicJack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/01/30 17:18:45 | 000,000,927 | ---- | M] () -- C:\Users\MagicJack\Desktop\MagicDisc.lnk
[2012/01/19 17:49:26 | 093,722,765 | ---- | M] () -- C:\Users\MagicJack\Documents\VIDEO0023.3gp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/05 17:38:33 | 000,176,333 | ---- | C] () -- C:\Windows\hpoins35.dat
[2012/02/05 17:38:33 | 000,001,062 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2012/01/30 17:18:46 | 000,000,963 | ---- | C] () -- C:\Users\MagicJack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/01/30 17:18:45 | 000,000,927 | ---- | C] () -- C:\Users\MagicJack\Desktop\MagicDisc.lnk
[2012/01/24 08:28:31 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/01/19 18:25:40 | 093,722,765 | ---- | C] () -- C:\Users\MagicJack\Documents\VIDEO0023.3gp
[2011/11/13 21:09:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/11/12 16:55:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/11/11 21:04:46 | 000,001,697 | ---- | C] () -- C:\Users\MagicJack\AppData\Roaming\System Monitor II_Settings.ini
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,405,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2011/11/14 09:49:48 | 000,000,000 | ---D | M] -- C:\Users\Amber Parker\AppData\Roaming\webex
[2012/01/19 18:11:16 | 000,000,000 | ---D | M] -- C:\Users\Avery Walls\AppData\Roaming\Unity
[2012/02/04 21:04:06 | 000,000,000 | ---D | M] -- C:\Users\Kaitlyn Sullivan\AppData\Roaming\uTorrent
[2012/02/05 20:19:18 | 000,000,000 | ---D | M] -- C:\Users\MagicJack\AppData\Roaming\mjusbsp
[2012/02/05 20:22:00 | 000,000,930 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1001Core.job
[2012/02/05 20:22:00 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1001UA.job
[2012/02/05 10:16:00 | 000,000,930 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1002Core.job
[2012/02/05 22:16:00 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1002UA.job
[2009/07/13 23:53:46 | 000,014,678 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2010/11/20 03:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{B0B016E8-57F0-4CD6-B9E7-E784DB9B7E5C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C4F8EE7B-F94F-465A-94D6-8FA61D0D4B52}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/13 18:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 02 01 01 01 05 01 00 01 06 01 04 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 6
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/13 20:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-05 23:17:56
-----------------------------
23:17:56.090 OS Version: Windows 6.1.7601 Service Pack 1
23:17:56.090 Number of processors: 2 586 0xE0C
23:17:56.090 ComputerName: ROLAND UserName:
23:17:58.306 Initialize success
23:17:58.976 AVAST engine defs: 12020503
23:18:04.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:18:04.000 Disk 0 Vendor: ST980811AS 3.ALC Size: 76319MB BusType: 3
23:18:04.046 Disk 0 MBR read successfully
23:18:04.046 Disk 0 MBR scan
23:18:04.046 Disk 0 Windows 7 default MBR code
23:18:04.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:18:04.078 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
23:18:04.093 Disk 0 scanning sectors +156299264
23:18:04.187 Disk 0 scanning C:\Windows\system32\drivers
23:18:18.773 Service scanning
23:18:20.380 Modules scanning
23:18:32.969 Disk 0 trace - called modules:
23:18:32.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
23:18:33.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c23030]
23:18:33.000 3 CLASSPNP.SYS[88d9859e] -> nt!IofCallDriver -> [0x84ca4608]
23:18:33.016 5 ACPI.sys[888a63d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ca0610]
23:18:33.858 AVAST engine scan C:\Windows
23:18:35.449 AVAST engine scan C:\Windows\system32
23:20:57.519 AVAST engine scan C:\Windows\system32\drivers
23:21:08.735 AVAST engine scan C:\Users\MagicJack
23:21:56.421 File: C:\Users\MagicJack\AppData\Local\TempDIR\BetterInstaller.exe **INFECTED** Win32:Ezula-AGE [Adw]
23:22:18.846 AVAST engine scan C:\ProgramData
23:22:49.013 Scan finished successfully
23:24:06.878 Disk 0 MBR has been saved successfully to "C:\Users\MagicJack\Desktop\MBR.dat"
23:24:06.887 The log file has been saved successfully to "C:\Users\MagicJack\Desktop\aswMBR.txt"


...got one infection there....

next step please!

and just so you know since uninstalling mse the system is quite a bit faster
  • 0

#5
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

OTL Fix

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run. If this fix hangs after you have disabled MalwareBytes;, just close it and uninstall MalwareBytes' , reboot, and run it again.


We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKU\S-1-5-21-3485651380-2356597060-1245099679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 FE 9C 74 DE A0 CC 01 [binary data]
    [2011/12/20 13:05:25 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}
    O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
    [2012/02/04 21:04:06 | 000,000,000 | ---D | M] -- C:\Users\Kaitlyn Sullivan\AppData\Roaming\uTorrent
    
    
    
    
    :files
    ipconfig /flushdns /c
    C:\Users\MagicJack\AppData\Local\TempDIR\BetterInstaller.exe
    C:\Users\MagicJack\AppData\Local\TempDIR\*.*
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

Posted ImagePlease download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application. When it asks you do not accept the trial, decline it for now. If you want the trial version later we can take care of making it resident.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.



Step 3.


Re run OTL
[*]Double click on the Posted Image icon to run it.

[*]Make sure all other windows are closed and to let it run uninterrupted.
[*]When the window appears, underneath Output at the top, make sure Standard output is selected.
[*]Select Scan all users
[*]Check the boxes beside LOP Check and Purity Check.
[*]Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
iexplorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT


[*]Click the QuickScan button. Do not change any settings unless otherwise told to do so. The scan won't take long.[/list]
  • When the scan completes, it will open OTL.Txt in Notepad window on the task bar.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.


Step 4.

Please post:

OTL fix log
OTL.txt


What problems do you now have?

Edited by CompCav, 06 February 2012 - 02:49 PM.

  • 0

#6
Alysher

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
otl fix log


All processes killed
========== OTL ==========
HKU\S-1-5-21-3485651380-2356597060-1245099679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\components folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\searchbar folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\options folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\radio folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\panels folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib\debugbar folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin\lib folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\skin folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\data\weather folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\data\search folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\data\rss folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\data\dynamicElements folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\data folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\content\widgets folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\content\newtab\images folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\content\newtab folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\content\modules folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\content\lib folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome\content folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}\chrome folder moved successfully.
C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{652853ad-5592-4231-88c6-706613a52e61} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{652853ad-5592-4231-88c6-706613a52e61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{652853ad-5592-4231-88c6-706613a52e61}\ deleted successfully.
C:\Program Files\somototoolbar\vmntemplateX.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{652853ad-5592-4231-88c6-706613a52e61} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{652853ad-5592-4231-88c6-706613a52e61}\ not found.
File C:\Program Files\somototoolbar\vmntemplateX.dll not found.
C:\Users\Kaitlyn Sullivan\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Kaitlyn Sullivan\AppData\Roaming\uTorrent\Cache folder moved successfully.
C:\Users\Kaitlyn Sullivan\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Kaitlyn Sullivan\AppData\Roaming\uTorrent folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\MagicJack\Downloads\cmd.bat deleted successfully.
C:\Users\MagicJack\Downloads\cmd.txt deleted successfully.
C:\Users\MagicJack\AppData\Local\TempDIR\BetterInstaller.exe moved successfully.
File\Folder C:\Users\MagicJack\AppData\Local\TempDIR\*.* not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Amber Parker
->Temp folder emptied: 11332370 bytes
->Temporary Internet Files folder emptied: 17140974 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 84904473 bytes
->Flash cache emptied: 1874 bytes

User: Angie Trimm
->Temp folder emptied: 6036466 bytes
->Temporary Internet Files folder emptied: 2445003 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 751629767 bytes
->Flash cache emptied: 80689 bytes

User: Avery Walls
->Temp folder emptied: 55693586 bytes
->Temporary Internet Files folder emptied: 1916483 bytes
->FireFox cache emptied: 166539108 bytes
->Flash cache emptied: 63490 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Joshua Sullivan
->Temp folder emptied: 112569 bytes
->Temporary Internet Files folder emptied: 39925034 bytes
->FireFox cache emptied: 732235796 bytes
->Flash cache emptied: 23785 bytes

User: Kaitlyn Sullivan
->Temp folder emptied: 8959585 bytes
->Temporary Internet Files folder emptied: 1589428 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 734040148 bytes
->Flash cache emptied: 40956 bytes

User: Kimmy
->Temp folder emptied: 65017 bytes
->Temporary Internet Files folder emptied: 37134 bytes
->FireFox cache emptied: 636179604 bytes
->Flash cache emptied: 69500 bytes

User: MagicJack
->Temp folder emptied: 364308923 bytes
->Temporary Internet Files folder emptied: 27477704 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 76344011 bytes
->Flash cache emptied: 20424 bytes

User: Mary Jaine
->Temp folder emptied: 1040957 bytes
->Temporary Internet Files folder emptied: 56291 bytes
->FireFox cache emptied: 347475175 bytes
->Flash cache emptied: 4709 bytes

User: Olivya Cox
->Temp folder emptied: 34023281 bytes
->Temporary Internet Files folder emptied: 807705 bytes
->FireFox cache emptied: 727135006 bytes
->Flash cache emptied: 109529 bytes

User: Public

User: Samantha
->Temp folder emptied: 36388 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 199817559 bytes
->Flash cache emptied: 1458 bytes

User: Sandra
->Temp folder emptied: 35255 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 239665489 bytes
->Flash cache emptied: 6554 bytes

User: Shardell
->Temp folder emptied: 39503 bytes
->Temporary Internet Files folder emptied: 614530 bytes
->FireFox cache emptied: 71543649 bytes
->Flash cache emptied: 58781 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 122204615 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5,211.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 02062012_154141

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Malwarebytes Anti-Malware log....

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MagicJack :: ROLAND [administrator]

2/6/2012 4:17:56 PM
mbam-log-2012-02-06 (16-17-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 352253
Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Olivya Cox\Downloads\IWON.exe (Adware.FunWeb) -> Quarantined and deleted successfully.

(end)


finally otl log



OTL logfile created on: 2/6/2012 4:29:52 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\MagicJack\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.07% Memory free
3.98 Gb Paging File | 2.89 Gb Available in Paging File | 72.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 31.37 Gb Free Space | 42.15% Space Free | Partition Type: NTFS

Computer Name: ROLAND | User Name: MagicJack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/05 20:22:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\MagicJack\Downloads\OTL.exe
PRC - [2012/01/11 19:12:21 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/22 14:34:22 | 000,011,264 | ---- | M] () -- C:\Program Files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/16 12:42:30 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/09 11:38:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/21 05:34:52 | 000,567,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2007/09/15 02:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/11 19:12:18 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/09/16 12:42:28 | 000,931,112 | ---- | M] () -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/21 05:34:52 | 000,567,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/12 08:14:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/10/22 14:34:22 | 000,011,264 | ---- | M] () [Auto | Running] -- C:\Program Files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe -- (TimesUpKidz)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/09/09 11:38:10 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/11/10 08:09:54] [Kernel | Auto | Running] -- c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111220
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111220&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/11 19:12:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/11 19:04:15 | 000,000,000 | ---D | M]

[2011/11/11 21:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MagicJack\AppData\Roaming\Mozilla\Extensions
[2012/02/06 15:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions
[2011/11/13 21:18:48 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/12/20 13:05:50 | 000,001,945 | ---- | M] () -- C:\Users\MagicJack\AppData\Roaming\Mozilla\Firefox\Profiles\yf0y6tnr.default\searchplugins\bing-zugo.xml
[2011/11/15 20:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/11 19:12:22 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 05:34:30 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/11/14 08:45:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/06 15:42:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [cdloader] C:\Users\MagicJack\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - Startup: C:\Users\MagicJack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\MagicJack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magicJack.lnk = C:\Users\MagicJack\AppData\Roaming\mjusbsp\magicJackLoader.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0B016E8-57F0-4CD6-B9E7-E784DB9B7E5C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5bf3f0d9-0ccd-11e1-93a9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5bf3f0d9-0ccd-11e1-93a9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{7ab94278-15ec-11e1-88f0-001b3883af07}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{7ab94278-15ec-11e1-88f0-001b3883af07}\Shell\phone\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/06 16:15:36 | 000,000,000 | ---D | C] -- C:\Users\MagicJack\AppData\Roaming\Malwarebytes
[2012/02/06 16:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/06 16:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/06 16:15:29 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/06 16:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/06 15:41:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/05 21:22:47 | 000,000,000 | ---D | C] -- C:\Users\MagicJack\AppData\Local\CyberLink
[2012/02/05 21:22:46 | 000,000,000 | ---D | C] -- C:\Users\MagicJack\AppData\Local\PowerCinema
[2012/02/05 17:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012/02/05 17:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012/02/05 17:43:00 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012/02/05 17:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/01/30 17:20:43 | 000,000,000 | ---D | C] -- C:\Users\MagicJack\AppData\Roaming\CyberLink
[2012/01/30 17:18:45 | 000,000,000 | ---D | C] -- C:\Users\MagicJack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2012/01/30 17:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2012/01/30 17:17:59 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2012/01/30 17:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2012/01/11 17:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2012/01/11 17:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2012/01/10 13:19:13 | 000,461,824 | ---- | C] (Wowhead) -- C:\Users\MagicJack\Desktop\Wowhead_Client.exe

========== Files - Modified Within 30 Days ==========

[2012/02/06 16:33:20 | 000,010,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 16:33:20 | 000,010,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 16:27:30 | 000,001,001 | ---- | M] () -- C:\Users\MagicJack\Desktop\magicJack.lnk
[2012/02/06 16:25:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/06 16:25:19 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/06 16:16:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1002UA.job
[2012/02/06 16:15:31 | 000,001,095 | ---- | M] () -- C:\Users\MagicJack\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/06 16:15:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 15:42:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/02/06 14:22:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1001UA.job
[2012/02/06 10:16:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1002Core.job
[2012/02/05 23:34:56 | 000,000,627 | ---- | M] () -- C:\Users\MagicJack\Desktop\World Of Warcraft.lnk
[2012/02/05 23:24:06 | 000,000,512 | ---- | M] () -- C:\Users\MagicJack\Desktop\MBR.dat
[2012/02/05 22:53:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/05 22:52:53 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/05 22:52:53 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/05 20:22:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1001Core.job
[2012/02/05 17:46:12 | 000,176,333 | ---- | M] () -- C:\Windows\hpoins35.dat
[2012/01/30 17:18:46 | 000,000,963 | ---- | M] () -- C:\Users\MagicJack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/01/30 17:18:45 | 000,000,927 | ---- | M] () -- C:\Users\MagicJack\Desktop\MagicDisc.lnk
[2012/01/19 17:49:26 | 093,722,765 | ---- | M] () -- C:\Users\MagicJack\Documents\VIDEO0023.3gp

========== Files Created - No Company Name ==========

[2012/02/06 16:15:31 | 000,001,095 | ---- | C] () -- C:\Users\MagicJack\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/06 16:15:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/05 23:24:06 | 000,000,512 | ---- | C] () -- C:\Users\MagicJack\Desktop\MBR.dat
[2012/02/05 17:38:33 | 000,176,333 | ---- | C] () -- C:\Windows\hpoins35.dat
[2012/02/05 17:38:33 | 000,001,062 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2012/01/30 17:18:46 | 000,000,963 | ---- | C] () -- C:\Users\MagicJack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/01/30 17:18:45 | 000,000,927 | ---- | C] () -- C:\Users\MagicJack\Desktop\MagicDisc.lnk
[2012/01/24 08:28:31 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/01/19 18:25:40 | 093,722,765 | ---- | C] () -- C:\Users\MagicJack\Documents\VIDEO0023.3gp
[2011/11/13 21:09:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/11/12 16:55:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/11/11 21:04:46 | 000,001,697 | ---- | C] () -- C:\Users\MagicJack\AppData\Roaming\System Monitor II_Settings.ini
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,405,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2012/02/06 16:27:37 | 000,000,000 | ---D | M] -- C:\Users\MagicJack\AppData\Roaming\mjusbsp
[2012/02/05 20:22:00 | 000,000,930 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1001Core.job
[2012/02/06 14:22:00 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1001UA.job
[2012/02/06 10:16:00 | 000,000,930 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1002Core.job
[2012/02/06 16:16:00 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3485651380-2356597060-1245099679-1002UA.job
[2009/07/13 23:53:46 | 000,015,174 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/11 19:12:15 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/11 19:12:15 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/11 19:12:15 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/11 19:12:21 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/11 19:12:21 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/11 19:12:21 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/11/12 00:01:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/11/12 00:01:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/11/12 00:01:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/11/12 00:01:09 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/11/12 00:01:09 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/11 19:12:15 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/11 19:12:15 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/11 19:12:15 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/11 19:12:21 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/11 19:12:21 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/11 19:12:21 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/11/12 00:01:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/11/12 00:01:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/11/12 00:01:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/11/12 00:01:09 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/11/12 00:01:09 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >

no issues as of yet.
  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 2.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 3.

Please post:

eset log
checkup.txt


Give me an update on the computer issues if any
  • 0

#8
Alysher

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
eset log...

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cf720147df48ef4ca4585cae3b53b7c6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-06 11:47:40
# local_time=2012-02-06 06:47:40 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 80114038 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=98310
# found=2
# cleaned=2
# scan_time=2812
C:\Users\Olivya Cox\Downloads\playpickle-setup.exe Win32/DownloadAdmin.A.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\02062012_154141\C_Users\MagicJack\AppData\Local\TempDIR\BetterInstaller.exe Win32/Adware.Somoto.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


checkup.txt...

Results of screen317's Security Check version 0.99.30
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````


no issues atm, im the only one useing atm tho
  • 0

#9
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please use it like you normally would and report back any issues. I will have another post tomorrow, unless you note any new or returning issues. :thumbsup:
  • 0

#10
Alysher

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Can i remove the moved folder for OTL and the quarentine folder from ESET with out any issues?
  • 0

Advertisements


#11
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Yes but I will have cleanup instructions for you tomorrow when my instructor approves it :thumbsup:
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#13
Alysher

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
you had mentioned that it was possible to set up malwarebites for realtime protection. do i just buy it from their website, or do i need to do something special?
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
You can do it as a trial first for I believe 30 days. Here is what you do:

Uninstall it and reboot your computer.

Download a fresh copy to your desktop.

Install it and when it asks about the trial, accept it and continue the install.

Then if you like it you can purchase it. (I personally have it on two of my computers and not the other because it is my test machine for this!)
  • 0

#15
Alysher

Alysher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
is it worth having the real-time protection on a system that is used by several people including children less then 8 years old
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP