Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVG keep coming out with tracking cookies serving-sys and trojan fakea


  • This topic is locked This topic is locked

#16
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
    O37 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [2012/03/10 13:29:00 | 000,002,752 | -HS- | M] () -- C:\WINDOWS\0926399drv.spi
    [2012/02/01 15:33:55 | 002,923,879 | ---- | C] ()(C:\Documents and  Settings\winxp\Desktop\1015??.rar) -- C:\Documents and  Settings\winxp\Desktop\1015唛头.rar
    [2012/02/01 15:24:38 | 002,923,879 | ---- | M] ()(C:\Documents and  Settings\winxp\Desktop\1015??.rar) -- C:\Documents and  Settings\winxp\Desktop\1015唛头.rar
    [2010/12/31 17:49:35 | 002,175,820 | ---- | M] ()(C:\Documents and  Settings\winxp\Desktop\88131-NEWArt-tray&adaptor (OP)_????12-31.jpg)  -- C:\Documents and  Settings\winxp\Desktop\88131-NEWArt-tray&adaptor (OP)_复制副本12-31.jpg
    [2010/12/31 17:33:51 | 002,175,820 | ---- | C] ()(C:\Documents and  Settings\winxp\Desktop\88131-NEWArt-tray&adaptor (OP)_????12-31.jpg)  -- C:\Documents and  Settings\winxp\Desktop\88131-NEWArt-tray&adaptor (OP)_复制副本12-31.jpg
      	
    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    :Reg
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYJAVA]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements


#17
winsomemy

winsomemy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi... Sorry, i have no good knowledge in IT. Would you mind to explain to me what does the OTL fix do?



Here is the log after the fix


All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1547161642-1284227242-725345543-1004_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1547161642-1284227242-725345543-1004_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\WINDOWS\0926399drv.spi moved successfully.
File C:\Documents and Settings\winxp\Desktop\1015唛头.rar not found.
File C:\Documents and Settings\winxp\Desktop\1015唛头.rar not found.
File C:\Documents and Settings\winxp\Desktop\88131-NEWArt-tray&adaptor (OP)_复制副本12-31.jpg not found.
File C:\Documents and Settings\winxp\Desktop\88131-NEWArt-tray&adaptor (OP)_复制副本12-31.jpg not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\winxp\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\winxp\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\winxp\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\winxp\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\winxp\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\winxp\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\winxp\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\winxp\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\winxp\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\winxp\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: winxp
->Temp folder emptied: 24569826 bytes
->Temporary Internet Files folder emptied: 142004758 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19260235 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 563 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 322 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 177.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: winxp
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: winxp
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.33.2 log created on 03152012_190152

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\winxp\Local Settings\Temp\~DFC47C.tmp not found!
File\Folder C:\Documents and Settings\winxp\Local Settings\Temp\~DFC487.tmp not found!

Registry entries deleted on Reboot...



This is the log after the quick scan....


OTL logfile created on: 3/15/2012 7:14:31 PM - Run 4
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\winxp\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.09 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 44.81% Memory free
1.71 Gb Paging File | 1.20 Gb Available in Paging File | 70.45% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 8.54 Gb Free Space | 35.00% Space Free | Partition Type: NTFS
Drive D: | 12.85 Gb Total Space | 4.16 Gb Free Space | 32.36% Space Free | Partition Type: NTFS

Computer Name: HEMA | User Name: winxp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/01 13:03:02 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\winxp\Desktop\OTL.exe
PRC - [2012/02/15 07:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\winxp\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/10/18 09:05:28 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/22 09:19:25 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/22 09:19:24 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/22 09:19:18 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/22 09:19:11 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/22 09:19:08 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2008/04/14 08:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 08:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/01/19 12:33:38 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL
MOD - [2003/07/29 05:45:10 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBRPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2009/08/22 09:19:11 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/22 09:19:08 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)


========== Driver Services (SafeList) ==========

DRV - [2009/10/20 18:47:46 | 000,113,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/08/22 09:19:25 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/22 09:19:24 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/05/12 08:48:55 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/04/14 02:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/10 13:32:46 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2004/08/04 06:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"



FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/04 16:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 16:17:34 | 000,000,000 | ---D | M]

[2010/03/22 13:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\winxp\Application Data\Mozilla\Extensions
[2010/10/07 11:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\sbnokl62.default\extensions
[2012/03/09 16:07:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\winxp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\winxp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Documents and Settings\winxp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/15 19:01:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\winxp\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\winxp\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{379F3389-7EF6-4C5C-8C1A-D94EB280DC2C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/24 21:19:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/13 16:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\winxp\My Documents\syts u photo
[2012/03/13 16:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\New Folder (3)
[2012/03/13 15:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\RENEE DOC-13 MAR
[2012/03/12 12:20:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\winxp\Recent
[2012/03/08 13:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/08 13:29:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/07 11:24:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/06 11:16:05 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\winxp\Desktop\aswMBR.exe
[2012/03/01 13:02:44 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\winxp\Desktop\OTL.exe
[2012/02/29 17:38:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\winxp\My Documents\Dropbox
[2012/02/29 17:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\winxp\Start Menu\Programs\Dropbox
[2012/02/29 17:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\winxp\Application Data\Dropbox
[2012/02/24 15:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/24 14:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2012/02/24 14:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2012/02/24 14:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2012/02/24 14:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2012/02/22 11:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\winxp\My Documents\pic artwork

========== Files - Modified Within 30 Days ==========

[2012/03/15 19:10:13 | 1173,938,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/15 19:10:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/15 19:01:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/03/15 12:37:48 | 001,307,889 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\33792-Ocean Dough Set (N).jpg
[2012/03/15 09:11:59 | 076,294,483 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/03/14 17:32:13 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 12:55:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/14 12:28:15 | 001,381,592 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\03-14-2012 12;28;06PM.pdf
[2012/03/13 15:24:59 | 000,746,334 | ---- | M] () -- C:\Documents and Settings\winxp\Desktop\2063 - BL (PG 1).pdf
[2012/03/11 13:17:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/11 13:05:05 | 000,017,607 | ---- | M] () -- C:\Documents and Settings\winxp\Desktop\avptool_sysinfo.zip
[2012/03/09 14:05:59 | 123,437,576 | ---- | M] () -- C:\Documents and Settings\winxp\Desktop\setup_11.0.0.1245.x01_2012_03_09_07_09.exe
[2012/03/08 13:29:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/07 17:15:41 | 001,238,414 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\03-07-2012 05;15;21PM.pdf
[2012/03/07 08:50:26 | 000,248,174 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\03-07-2012 08;49;10AM.pdf
[2012/03/06 12:40:48 | 000,000,510 | ---- | M] () -- C:\Documents and Settings\winxp\Desktop\MBR.zip
[2012/03/06 11:57:40 | 000,511,576 | ---- | M] () -- C:\Documents and Settings\winxp\Desktop\39929-My Desktop Organiser-N.jpg
[2012/03/06 11:16:09 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\winxp\Desktop\aswMBR.exe
[2012/03/01 13:03:02 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\winxp\Desktop\OTL.exe
[2012/02/29 17:38:14 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\winxp\Desktop\Dropbox.lnk
[2012/02/29 17:35:44 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\winxp\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/29 12:15:26 | 001,918,745 | ---- | M] () -- C:\Documents and Settings\winxp\My Documents\1655796-ciseaux.pdf
[2012/02/27 15:36:22 | 000,244,668 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\02-27-2012 03;36;09PM.pdf
[2012/02/27 10:30:57 | 000,253,359 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\02-27-2012 10;30;04AM.pdf
[2012/02/27 10:16:42 | 000,677,607 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\02-27-2012 10;16;18AM.pdf
[2012/02/24 15:06:57 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\winxp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/24 14:51:25 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/24 14:51:25 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/23 17:44:36 | 000,211,487 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\02-23-2012 05;44;22PM.pdf
[2012/02/23 16:49:28 | 000,227,540 | ---- | M] () -- C:\Documents and Settings\winxp\My Documents\IMG_23022012_094907.png
[2012/02/20 11:50:58 | 000,481,483 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\02-20-2012 11;50;35AM.pdf
[2012/02/20 11:44:34 | 000,507,750 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\02-20-2012 11;44;14AM.pdf

========== Files Created - No Company Name ==========

[2012/03/15 12:30:29 | 001,307,889 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\33792-Ocean Dough Set (N).jpg
[2012/03/14 12:54:51 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/03/14 12:28:15 | 001,381,592 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\03-14-2012 12;28;06PM.pdf
[2012/03/13 15:24:39 | 000,746,334 | ---- | C] () -- C:\Documents and Settings\winxp\Desktop\2063 - BL (PG 1).pdf
[2012/03/13 08:02:08 | 000,196,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/11 13:06:41 | 000,017,607 | ---- | C] () -- C:\Documents and Settings\winxp\Desktop\avptool_sysinfo.zip
[2012/03/09 13:48:50 | 123,437,576 | ---- | C] () -- C:\Documents and Settings\winxp\Desktop\setup_11.0.0.1245.x01_2012_03_09_07_09.exe
[2012/03/08 13:29:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/07 17:15:41 | 001,238,414 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\03-07-2012 05;15;21PM.pdf
[2012/03/07 08:50:26 | 000,248,174 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\03-07-2012 08;49;10AM.pdf
[2012/03/06 12:40:48 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\winxp\Desktop\MBR.zip
[2012/03/06 11:57:00 | 000,511,576 | ---- | C] () -- C:\Documents and Settings\winxp\Desktop\39929-My Desktop Organiser-N.jpg
[2012/02/29 17:38:14 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\winxp\Desktop\Dropbox.lnk
[2012/02/29 17:35:44 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\winxp\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/29 12:15:26 | 001,918,745 | ---- | C] () -- C:\Documents and Settings\winxp\My Documents\1655796-ciseaux.pdf
[2012/02/27 15:36:22 | 000,244,668 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\02-27-2012 03;36;09PM.pdf
[2012/02/27 10:30:57 | 000,253,359 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\02-27-2012 10;30;04AM.pdf
[2012/02/27 10:16:41 | 000,677,607 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\02-27-2012 10;16;18AM.pdf
[2012/02/25 12:24:33 | 1173,938,176 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/24 15:06:57 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\winxp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/23 17:44:36 | 000,211,487 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\02-23-2012 05;44;22PM.pdf
[2012/02/23 16:49:18 | 000,227,540 | ---- | C] () -- C:\Documents and Settings\winxp\My Documents\IMG_23022012_094907.png
[2012/02/20 11:50:58 | 000,481,483 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\02-20-2012 11;50;35AM.pdf
[2012/02/20 11:44:34 | 000,507,750 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\02-20-2012 11;44;14AM.pdf
[2012/02/18 13:59:34 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\winxp\Start Menu\Programs\Ad-Aware.lnk
[2012/02/18 13:59:05 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\winxp\Start Menu\Programs\SpybotSD.lnk
[2012/02/15 12:35:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 12:35:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2010/03/22 13:51:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/22 08:48:01 | 000,012,028 | -HS- | C] () -- C:\Documents and Settings\winxp\Local Settings\Application Data\4Jp87e378L
[2010/03/22 08:48:01 | 000,012,028 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4Jp87e378L

========== LOP Check ==========

[2007/05/28 12:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emjysoft
[2012/03/15 19:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\winxp\Application Data\Dropbox
[2012/02/01 15:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\winxp\Application Data\Ludoofx
[2012/01/13 10:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\winxp\Application Data\Uvob

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/02/01 15:33:55 | 002,923,879 | ---- | C] ()(C:\Documents and Settings\winxp\Desktop\1015??.rar) -- C:\Documents and Settings\winxp\Desktop\1015唛头.rar
[2012/02/01 15:24:38 | 002,923,879 | ---- | M] ()(C:\Documents and Settings\winxp\Desktop\1015??.rar) -- C:\Documents and Settings\winxp\Desktop\1015唛头.rar
[2010/12/31 17:49:35 | 002,175,820 | ---- | M] ()(C:\Documents and Settings\winxp\Desktop\88131-NEWArt-tray&adaptor (OP)_????12-31.jpg) -- C:\Documents and Settings\winxp\Desktop\88131-NEWArt-tray&adaptor (OP)_复制副本12-31.jpg
[2010/12/31 17:33:51 | 002,175,820 | ---- | C] ()(C:\Documents and Settings\winxp\Desktop\88131-NEWArt-tray&adaptor (OP)_????12-31.jpg) -- C:\Documents and Settings\winxp\Desktop\88131-NEWArt-tray&adaptor (OP)_复制副本12-31.jpg

< End of report >
  • 0

#18
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Would you mind to explain to me what does the OTL fix do?

We removed some registry keys and set valid one. Also we removed some malicious looks like file.

Please tell me if you are aware of these files on your desktop:
  • 1015唛头.rar
  • 1015唛头.rar
  • 88131-NEWArt-tray&adaptor (OP)_复制副本12-31.jpg
  • 88131-NEWArt-tray&adaptor (OP)_复制副本12-31.jpg

  • 0

#19
winsomemy

winsomemy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Yes, i am aware of these 4 files that i saved on my desktop.
  • 0

#20
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Reset System Restore points:

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :Commands
    [ClearAllRestorePoints]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.

NEXT...

OTL Clean-Up:

  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Updates for other installed software

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission.
Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently.

I highly recommend you to install Secunia Personal Software Inspector (PSI) that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. A tutorial on how to use Secunia Personal Software Inspector (PSI) can be found here: Keep Software Updated with Secunia PSI.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
  • Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.
  • 0

#21
winsomemy

winsomemy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I will follow all the suggestions to keep my pc clean.

Thank you very much for you help. Every time i have a problem and turn to Geeks to go, i always get the problem solved completely. You guys are really doing great job!
  • 0

#22
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP