Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple Malware: OpenCandy, OpenStream.AP, Wimpix.E, Renos.PG, VB.AGA

Started by noahvail , Apr 29 2011 11:08 AM

  • This topic is locked This topic is locked

#1
noahvail
Posted 29 April 2011 - 11:08 AM

noahvail

    Member

  • Member
  • PipPip
  • 19 posts
Hello, and thanks in advance to anyone who can help.

The first symptom was an unfamiliar webpage opening upon starting up Firefox, telling me I had won a free iPad. The domain appeared to be amazonaws.com. (I did not click anything.)

Over the next few hours, things got increasingly buggy. Now Google search results redirect to the wrong page (presumably more malware) and I frequently cannot connect to any websites at all. (Restarting fixes this temporarily.)

I ran Microsoft Security Essentials and found several Trojans described in the subject line, but the problems persist. And now I cannot update virus definitions in Microsoft Security Essentials due to "connectivity problems."

I have also run a Malwarebytes (free version) scan and several more items were detected. I can post log files upon request.

OTL.txt and Extras.txt are pasted below.

OTL.TXT:

OTL logfile created on: 4/29/2011 12:53:59 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Noah Masterson\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 36.07 Gb Free Space | 48.39% Space Free | Partition Type: NTFS

Computer Name: NOAH-5DA1A501AA | User Name: Noah Masterson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 12:52:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noah Masterson\My Documents\Downloads\OTL.exe
PRC - [2011/02/08 17:24:02 | 003,600,184 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2010/12/20 22:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/11/30 15:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/12 20:53:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010/11/11 23:31:10 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Documents and Settings\Noah Masterson\Local Settings\Application Data\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2010/11/11 14:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/16 16:22:13 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/23 17:57:58 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
PRC - [2010/06/23 17:57:58 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
PRC - [2010/06/23 17:57:58 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
PRC - [2010/06/21 22:51:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 12:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/03/20 19:06:52 | 016,087,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe


========== Modules (SafeList) ==========

MOD - [2011/04/29 12:52:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noah Masterson\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 06:42:10 | 000,270,336 | ---- | M] () -- C:\WINDOWS\ipisumiwumezi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/28 10:01:59 | 000,215,552 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\itlpfw32.dll -- (itlperf)
SRV - [2010/11/11 14:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/06/21 22:51:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2004/08/17 20:00:00 | 000,073,728 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4ex.dll -- (6to4)


========== Driver Services (SafeList) ==========

DRV - [2011/04/29 12:24:19 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C85D3B34-EB60-4E9B-A0F1-81102A7FB4C2}\MpKsl7db1a369.sys -- (MpKsl7db1a369)
DRV - [2011/04/29 09:23:21 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C85D3B34-EB60-4E9B-A0F1-81102A7FB4C2}\MpKsla10b10b6.sys -- (MpKsla10b10b6)
DRV - [2010/12/20 22:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/10/07 17:01:32 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/23 19:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/05/10 12:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/26 12:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/05/13 18:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:4.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {1d682819-bef2-4a75-8ffa-adf3733f5557}:0.4.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {9BA8FB3D-0659-428B-9FA9-F0B6CF49F98D}:1.9.1


FF - HKLM\software\mozilla\Firefox\extensions\\{9BA8FB3D-0659-428B-9FA9-F0B6CF49F98D}: C:\Documents and Settings\Noah Masterson\Local Settings\Application Data\{9BA8FB3D-0659-428B-9FA9-F0B6CF49F98D} [2011/04/27 12:58:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/23 23:26:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 12:31:23 | 000,000,000 | ---D | M]

[2010/07/18 22:45:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Extensions
[2011/04/29 10:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\extensions
[2010/07/27 16:19:22 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/04/20 09:46:44 | 000,000,000 | ---D | M] (HootBar) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2011/02/07 10:50:37 | 000,000,000 | ---D | M] (Instaright!) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\extensions\{1d682819-bef2-4a75-8ffa-adf3733f5557}
[2010/10/01 12:44:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/20 09:46:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/02/07 10:50:12 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\extensions\[email protected]
[2010/10/29 21:36:19 | 000,001,951 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\searchplugins\blekko.xml
[2011/04/29 10:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 21:28:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/20 10:11:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/19 09:15:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/18 14:05:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/27 12:58:39 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\NOAH MASTERSON\LOCAL SETTINGS\APPLICATION DATA\{9BA8FB3D-0659-428B-9FA9-F0B6CF49F98D}
[2010/07/20 10:11:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/19 12:30:55 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2011/04/19 12:30:55 | 000,449,848 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2010/09/01 12:57:55 | 000,046,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2010/07/01 13:05:04 | 000,101,760 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/09/01 12:57:49 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/11/12 20:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

Hosts file not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Tvapolayizajovan] C:\WINDOWS\ipisumiwumezi.dll ()
O4 - HKCU..\Run: [AdVantage] C:\Documents and Settings\Noah Masterson\Application Data\advantage\AdVantage.exe ()
O4 - HKCU..\Run: [GHWAUC6NNZ] File not found
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [RockMelt Update] C:\Documents and Settings\Noah Masterson\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKCU..\Run: [Uzumaludejemil] C:\WINDOWS\masylt.dll (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\Noah Masterson\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Noah Masterson\Start Menu\Programs\Startup\firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/11 15:30:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 12:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noah Masterson\My Documents\Version Cue
[2011/04/27 14:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noah Masterson\Application Data\advantage
[2011/04/27 12:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noah Masterson\Local Settings\Application Data\{9BA8FB3D-0659-428B-9FA9-F0B6CF49F98D}
[2011/04/19 10:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noah Masterson\My Documents\2010 Taxes
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/29 12:42:00 | 000,000,204 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/29 12:36:08 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\RockMeltUpdateTaskUserS-1-5-21-57989841-1580818891-1214440339-1003UA.job
[2011/04/29 12:29:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/29 12:24:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/29 12:23:49 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/29 12:23:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 09:30:02 | 000,005,612 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2011/04/29 09:30:02 | 000,004,066 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2011/04/29 09:28:02 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/29 09:28:01 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/29 09:22:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Blivoyex.bin
[2011/04/28 21:06:11 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1580818891-1214440339-1003UA.job
[2011/04/28 10:01:59 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/04/28 09:49:19 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ysuyojoq.dat
[2011/04/26 21:36:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\RockMeltUpdateTaskUserS-1-5-21-57989841-1580818891-1214440339-1003Core.job
[2011/04/25 16:08:29 | 000,043,470 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\My Documents\BKrumsiek.jpg
[2011/04/21 21:39:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/21 09:48:58 | 000,222,587 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\Desktop\919.jpg
[2011/04/20 20:37:23 | 000,002,280 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\Desktop\RockMelt.lnk
[2011/04/20 20:37:23 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\Application Data\Microsoft\Internet Explorer\Quick Launch\RockMelt.lnk
[2011/04/18 09:58:26 | 000,180,821 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\My Documents\f4868.pdf
[2011/04/14 10:45:12 | 000,106,818 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\My Documents\ava-charlie-bday.jpg
[2011/04/14 10:32:33 | 000,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 23:36:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/11 14:39:57 | 000,269,258 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\My Documents\Alamo Lamar 4.16.2011. Masterson.pdf
[2011/03/31 10:10:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2011/03/31 10:08:29 | 000,048,467 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\Desktop\Scene.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/28 17:41:23 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/28 13:25:22 | 000,000,204 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/28 10:22:28 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/28 10:01:59 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/04/27 12:58:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Blivoyex.bin
[2011/04/27 12:58:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ysuyojoq.dat
[2011/04/25 16:08:28 | 000,043,470 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\My Documents\BKrumsiek.jpg
[2011/04/21 09:48:58 | 000,222,587 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\Desktop\919.jpg
[2011/04/14 10:45:10 | 000,106,818 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\My Documents\ava-charlie-bday.jpg
[2011/04/11 15:18:08 | 000,180,821 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\My Documents\f4868.pdf
[2011/04/11 14:39:57 | 000,269,258 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\My Documents\Alamo Lamar 4.16.2011. Masterson.pdf
[2011/03/31 10:10:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2011/03/31 10:08:29 | 000,048,467 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\Desktop\Scene.pdf
[2011/02/17 11:44:26 | 000,027,924 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/15 16:58:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/06 14:59:27 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\Local Settings\Application Data\PUTTY.RND
[2010/07/18 22:56:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2010/07/18 22:45:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/18 22:30:17 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/07/18 22:30:14 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/07/18 22:30:13 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/07/18 11:43:53 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/07/18 11:42:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2010/07/17 22:38:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/17 22:12:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/17 16:55:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/17 16:51:39 | 000,152,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/04/14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:42:10 | 000,270,336 | ---- | C] () -- C:\WINDOWS\ipisumiwumezi.dll
[2008/04/14 06:41:58 | 000,049,156 | ---- | C] () -- C:\WINDOWS\System32\certstore.dat
[2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/17 20:00:00 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\6to4ex.dll
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/12/02 17:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/27 14:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Masterson\Application Data\advantage
[2011/01/20 23:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Masterson\Application Data\BitTorrent
[2011/04/06 22:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Masterson\Application Data\FileZilla
[2010/09/01 12:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Masterson\Application Data\webex
[2011/04/29 12:29:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/04/26 21:36:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\Tasks\RockMeltUpdateTaskUserS-1-5-21-57989841-1580818891-1214440339-1003Core.job
[2011/04/29 12:36:08 | 000,001,034 | ---- | M] () -- C:\WINDOWS\Tasks\RockMeltUpdateTaskUserS-1-5-21-57989841-1580818891-1214440339-1003UA.job
[2011/04/29 12:23:49 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/29 12:42:00 | 000,000,204 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

========== Purity Check ==========



< End of report >


EXTRAS.TXT

OTL Extras logfile created on: 4/29/2011 12:53:59 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Noah Masterson\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 36.07 Gb Free Space | 48.39% Space Free | Partition Type: NTFS

Computer Name: NOAH-5DA1A501AA | User Name: Noah Masterson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Noah Masterson\My Documents\Downloads\BitTorrent-7.2.exe" = C:\Documents and Settings\Noah Masterson\My Documents\Downloads\BitTorrent-7.2.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 23
"{27A92F26-C572-42B4-95C6-FD8C8B9203AB}" = Freedom
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java™ SE Development Kit 6 Update 21
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{530AFAFF-6F0A-48BB-88D0-04F9658322D3}" = Adobe Premiere Elements 3.0
"{6EACDDF4-4220-49A3-9204-984C86852C3D}" = Adobe Premiere Elements 3.0 Templates
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8F41F431-071E-5B44-2EEE-5C51173D6498}" = MozyHome
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
"BitTorrent" = BitTorrent
"DW WLAN Card Utility" = DW WLAN Card Utility
"FileZilla Client" = FileZilla Client 3.3.5.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp deskjet 5100 series_Driver" = hp deskjet 5100 series
"ie8" = Windows Internet Explorer 8
"InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Drivers" = NVIDIA Drivers
"PremElem30" = Adobe Premiere Elements 3.0
"Scrivener 021" = Scrivener
"Scrivener for Windows Beta 1.6" = Scrivener for Windows Beta
"Windows Media Format Runtime" = Windows Media Format Runtime

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Books Uploader (Java Edition)" = Google Books Uploader (Java Edition)
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"RockMelt" = RockMelt

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 29 April 2011 - 11:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there on completion of these runs can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2010/04/15 21:28:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/07/20 10:11:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/19 09:15:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [Tvapolayizajovan] C:\WINDOWS\ipisumiwumezi.dll ()
    O4 - HKCU..\Run: [AdVantage] C:\Documents and Settings\Noah Masterson\Application Data\advantage\AdVantage.exe ()
    O4 - HKCU..\Run: [GHWAUC6NNZ] File not found
    O4 - HKCU..\Run: [Uzumaludejemil] C:\WINDOWS\masylt.dll (CyberLink Corp.)
    O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
    O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
    [2011/04/27 14:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noah Masterson\Application Data\advantage
    [2011/04/29 12:42:00 | 000,000,204 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
    [2011/04/29 12:23:49 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2011/04/29 09:22:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Blivoyex.bin
    [2011/04/28 09:49:19 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ysuyojoq.dat
    [2011/04/28 10:01:59 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\itlnfw32.dll

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#3
noahvail
Posted 29 April 2011 - 11:57 AM

noahvail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Wow, can't believe how quick this response was. Thank you. OTL log below. MWB log will be next.

OTL logfile created on: 4/29/2011 1:52:51 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Noah Masterson\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 38.11 Gb Free Space | 51.13% Space Free | Partition Type: NTFS

Computer Name: NOAH-5DA1A501AA | User Name: Noah Masterson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 12:52:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noah Masterson\My Documents\Downloads\OTL.exe
PRC - [2011/02/08 17:24:02 | 003,600,184 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2010/11/30 15:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/12 20:53:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010/11/11 23:31:10 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Documents and Settings\Noah Masterson\Local Settings\Application Data\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2010/11/11 14:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/16 16:22:13 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/23 17:57:58 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
PRC - [2010/06/23 17:57:58 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
PRC - [2010/06/23 17:57:58 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 12:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/04/29 12:52:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noah Masterson\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2010/11/11 14:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/06/21 22:51:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2011/04/29 13:48:40 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C85D3B34-EB60-4E9B-A0F1-81102A7FB4C2}\MpKsl91835204.sys -- (MpKsl91835204)
DRV - [2011/04/29 13:23:59 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C85D3B34-EB60-4E9B-A0F1-81102A7FB4C2}\MpKsl1fe394c0.sys -- (MpKsl1fe394c0)
DRV - [2009/10/07 17:01:32 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/23 19:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/05/10 12:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/26 12:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/05/13 18:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:4.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {1d682819-bef2-4a75-8ffa-adf3733f5557}:0.4.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {9BA8FB3D-0659-428B-9FA9-F0B6CF49F98D}:1.9.1


FF - HKLM\software\mozilla\Firefox\extensions\\{9BA8FB3D-0659-428B-9FA9-F0B6CF49F98D}: C:\Documents and Settings\Noah Masterson\Local Settings\Application Data\{9BA8FB3D-0659-428B-9FA9-F0B6CF49F98D} [2011/04/27 12:58:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/23 23:26:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 12:31:23 | 000,000,000 | ---D | M]

[2010/07/18 22:45:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Extensions
[2011/04/29 10:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\extensions
[2010/07/27 16:19:22 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/04/20 09:46:44 | 000,000,000 | ---D | M] (HootBar) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2011/02/07 10:50:37 | 000,000,000 | ---D | M] (Instaright!) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\extensions\{1d682819-bef2-4a75-8ffa-adf3733f5557}
[2010/10/01 12:44:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/20 09:46:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/02/07 10:50:12 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\extensions\[email protected]
[2010/10/29 21:36:19 | 000,001,951 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\Application Data\Mozilla\Firefox\Profiles\0wfa713n.default\searchplugins\blekko.xml
[2011/04/29 13:49:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 14:05:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/27 12:58:39 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\NOAH MASTERSON\LOCAL SETTINGS\APPLICATION DATA\{9BA8FB3D-0659-428B-9FA9-F0B6CF49F98D}
[2010/07/20 10:11:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/19 12:30:55 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2011/04/19 12:30:55 | 000,449,848 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2010/09/01 12:57:55 | 000,046,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2010/07/01 13:05:04 | 000,101,760 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/09/01 12:57:49 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/11/12 20:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/29 13:50:53 | 000,000,104 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost਍ഀ
O1 - Hosts: ::1 localhost਍ഀ
O1 - Hosts: ਍
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [RockMelt Update] C:\Documents and Settings\Noah Masterson\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKLM..\RunOnce: [WebVPN_host_file_recovery] C:\HOSTRCVR.BAT ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\Noah Masterson\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Noah Masterson\Start Menu\Programs\Startup\firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/11 15:30:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 13:42:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/29 12:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noah Masterson\My Documents\Version Cue
[2011/04/27 12:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noah Masterson\Local Settings\Application Data\{9BA8FB3D-0659-428B-9FA9-F0B6CF49F98D}
[2011/04/19 10:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noah Masterson\My Documents\2010 Taxes

========== Files - Modified Within 30 Days ==========

[2011/04/29 13:53:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/29 13:50:53 | 000,000,332 | ---- | M] () -- C:\HOSTRCVR.BAT
[2011/04/29 13:50:53 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/29 13:50:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.webvpn
[2011/04/29 13:48:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/29 13:48:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 13:36:01 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\RockMeltUpdateTaskUserS-1-5-21-57989841-1580818891-1214440339-1003UA.job
[2011/04/29 09:30:02 | 000,005,612 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2011/04/29 09:30:02 | 000,004,066 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2011/04/29 09:28:02 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/29 09:28:01 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/28 21:06:11 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1580818891-1214440339-1003UA.job
[2011/04/26 21:36:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\RockMeltUpdateTaskUserS-1-5-21-57989841-1580818891-1214440339-1003Core.job
[2011/04/25 16:08:29 | 000,043,470 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\My Documents\BKrumsiek.jpg
[2011/04/21 21:39:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/21 09:48:58 | 000,222,587 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\Desktop\919.jpg
[2011/04/20 20:37:23 | 000,002,280 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\Desktop\RockMelt.lnk
[2011/04/20 20:37:23 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\Application Data\Microsoft\Internet Explorer\Quick Launch\RockMelt.lnk
[2011/04/18 09:58:26 | 000,180,821 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\My Documents\f4868.pdf
[2011/04/14 10:45:12 | 000,106,818 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\My Documents\ava-charlie-bday.jpg
[2011/04/14 10:32:33 | 000,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 23:36:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/11 14:39:57 | 000,269,258 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\My Documents\Alamo Lamar 4.16.2011. Masterson.pdf
[2011/03/31 10:10:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2011/03/31 10:08:29 | 000,048,467 | ---- | M] () -- C:\Documents and Settings\Noah Masterson\Desktop\Scene.pdf

========== Files Created - No Company Name ==========

[2011/04/29 13:50:53 | 000,000,332 | ---- | C] () -- C:\HOSTRCVR.BAT
[2011/04/28 17:41:23 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/25 16:08:28 | 000,043,470 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\My Documents\BKrumsiek.jpg
[2011/04/21 09:48:58 | 000,222,587 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\Desktop\919.jpg
[2011/04/14 10:45:10 | 000,106,818 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\My Documents\ava-charlie-bday.jpg
[2011/04/11 15:18:08 | 000,180,821 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\My Documents\f4868.pdf
[2011/04/11 14:39:57 | 000,269,258 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\My Documents\Alamo Lamar 4.16.2011. Masterson.pdf
[2011/03/31 10:10:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2011/03/31 10:08:29 | 000,048,467 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\Desktop\Scene.pdf
[2011/02/17 11:44:26 | 000,027,924 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/15 16:58:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/06 14:59:27 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Noah Masterson\Local Settings\Application Data\PUTTY.RND
[2010/07/18 22:56:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2010/07/18 22:45:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/18 22:30:17 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/07/18 22:30:14 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/07/18 22:30:13 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/07/18 11:43:53 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/07/18 11:42:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2010/07/17 22:38:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/17 22:12:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/17 16:55:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/17 16:51:39 | 000,152,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/04/14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/12/02 17:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/20 23:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Masterson\Application Data\BitTorrent
[2011/04/06 22:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Masterson\Application Data\FileZilla
[2010/09/01 12:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Masterson\Application Data\webex
[2011/04/29 13:53:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/04/26 21:36:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\Tasks\RockMeltUpdateTaskUserS-1-5-21-57989841-1580818891-1214440339-1003Core.job
[2011/04/29 13:36:01 | 000,001,034 | ---- | M] () -- C:\WINDOWS\Tasks\RockMeltUpdateTaskUserS-1-5-21-57989841-1580818891-1214440339-1003UA.job

========== Purity Check ==========



< End of report >
  • 0

#4
noahvail
Posted 29 April 2011 - 12:08 PM

noahvail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
MWB log below. It says no malware was discovered. However, Google results are still being redirected to malicious pages. And Microsoft Security Essentials still cannot update its virus definitions.

BTW, I already had Malwarebytes installed and updated it to the latest version before running the scan. That is the only place I strayed from your instructions (did not download anew).

Thanks again!


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6473

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/29/2011 2:04:22 PM
mbam-log-2011-04-29 (14-04-22).txt

Scan type: Quick scan
Objects scanned: 197168
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#5
Essexboy
Posted 29 April 2011 - 01:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that gives me a direction to look :)

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#6
noahvail
Posted 29 April 2011 - 01:51 PM

noahvail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the log. Also, after I ran this Microsoft Security Essentials detected a virus called Trojan:DOS/Alureon.A, which I instructed it to remove.

aswMBR version 0.9.5 Copyright© 2011 AVAST Software
Run date: 2011-04-29 15:47:59
-----------------------------
15:47:59.437 OS Version: Windows 5.1.2600 Service Pack 3
15:47:59.437 Number of processors: 2 586 0xF06
15:47:59.437 ComputerName: NOAH-5DA1A501AA UserName: Noah Masterson
15:48:00.890 Initialize success
15:48:20.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:48:20.218 Disk 0 Vendor: FUJITSU_MHV2080BH 0085002A Size: 76319MB BusType: 3
15:48:20.218 Device \Driver\atapi -> DriverStartIo 8a47a57b
15:48:22.234 Disk 0 MBR read successfully
15:48:22.234 Disk 0 MBR scan
15:48:22.234 Disk 0 TDL4@MBR code has been found
15:48:22.234 Disk 0 MBR hidden
15:48:22.234 Disk 0 MBR [TDL4] **ROOTKIT**
15:48:22.234 Disk 0 trace - called modules:
15:48:22.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a47a730]<<
15:48:22.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4b8ab8]
15:48:22.234 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a52cf18]
15:48:22.234 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a52a030]
15:48:22.234 \Driver\atapi[0x8a44da08] -> IRP_MJ_CREATE -> 0x8a47a730
15:48:22.250 Scan finished successfully
15:48:37.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Noah Masterson\Desktop\MBR.dat"
15:48:38.000 The log file has been saved successfully to "C:\Documents and Settings\Noah Masterson\Desktop\aswMBR.txt"
  • 0

#7
Essexboy
Posted 29 April 2011 - 02:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button
Posted Image



Save the log as before and post in your next reply after rebooting

Then try to update MSE
  • 0

#8
noahvail
Posted 29 April 2011 - 02:29 PM

noahvail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Locked up during reboot a couple times before I got things running. Still cannot update definitions in MSE (and it detected/removed Alureon again). Log is below. Thanks.

aswMBR version 0.9.5 Copyright© 2011 AVAST Software
Run date: 2011-04-29 16:07:46
-----------------------------
16:07:46.515 OS Version: Windows 5.1.2600 Service Pack 3
16:07:46.515 Number of processors: 2 586 0xF06
16:07:46.515 ComputerName: NOAH-5DA1A501AA UserName: Noah Masterson
16:07:48.718 Initialize success
16:07:59.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:07:59.312 Disk 0 Vendor: FUJITSU_MHV2080BH 0085002A Size: 76319MB BusType: 3
16:07:59.312 Device \Driver\atapi -> DriverStartIo 8a47a57b
16:08:01.312 Disk 0 MBR read successfully
16:08:01.312 Disk 0 MBR scan
16:08:01.312 Disk 0 TDL4@MBR code has been found
16:08:01.312 Disk 0 MBR hidden
16:08:01.312 Disk 0 MBR [TDL4] **ROOTKIT**
16:08:01.312 Disk 0 trace - called modules:
16:08:01.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a47a730]<<
16:08:01.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4b8ab8]
16:08:01.328 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a52cf18]
16:08:01.328 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a52a030]
16:08:01.328 \Driver\atapi[0x8a44da08] -> IRP_MJ_CREATE -> 0x8a47a730
16:08:01.343 Scan finished successfully
16:08:07.265 Disk 0 fixing MBR
16:08:17.265 Disk 0 MBR restored successfully
16:08:17.281 Infection fixed successfully - please reboot ASAP
16:08:42.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Noah Masterson\Desktop\MBR.dat"
16:08:42.125 The log file has been saved successfully to "C:\Documents and Settings\Noah Masterson\Desktop\aswMBR2.txt"
  • 0

#9
Essexboy
Posted 29 April 2011 - 02:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you re-run aswmbr please just for a scan initially
  • 0

#10
noahvail
Posted 29 April 2011 - 02:55 PM

noahvail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here it is. And MSE continuing to detect/remove Alureon.

aswMBR version 0.9.5 Copyright© 2011 AVAST Software
Run date: 2011-04-29 16:53:11
-----------------------------
16:53:11.015 OS Version: Windows 5.1.2600 Service Pack 3
16:53:11.015 Number of processors: 2 586 0xF06
16:53:11.015 ComputerName: NOAH-5DA1A501AA UserName: Noah Masterson
16:53:13.500 Initialize success
16:53:17.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:53:17.890 Disk 0 Vendor: FUJITSU_MHV2080BH 0085002A Size: 76319MB BusType: 3
16:53:17.921 Device \Driver\atapi -> DriverStartIo 8a40757b
16:53:19.984 Disk 0 MBR read successfully
16:53:19.984 Disk 0 MBR scan
16:53:19.984 Disk 0 TDL4@MBR code has been found
16:53:19.984 Disk 0 MBR hidden
16:53:19.984 Disk 0 MBR [TDL4] **ROOTKIT**
16:53:19.984 Disk 0 trace - called modules:
16:53:19.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a407730]<<
16:53:19.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4ecab8]
16:53:19.984 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000074[0x8a447f18]
16:53:19.984 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a4c9030]
16:53:19.984 \Driver\atapi[0x8a46fa08] -> IRP_MJ_CREATE -> 0x8a407730
16:53:20.015 Scan finished successfully
16:53:37.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Noah Masterson\Desktop\MBR.dat"
16:53:37.718 The log file has been saved successfully to "C:\Documents and Settings\Noah Masterson\Desktop\aswMBR3.txt"
  • 0

Advertisements

#11
Essexboy
Posted 29 April 2011 - 02:57 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm first time it has failed

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#12
noahvail
Posted 29 April 2011 - 03:07 PM

noahvail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I cannot run TDSKiller. I successfully extracted the files, but each time I try to run the .exe it initializes about 80% and then crashes. I get one of those "send error report to Microsoft" messages. Will be logging off for a bit soon. Thanks for all your help.
  • 0

#13
Essexboy
Posted 29 April 2011 - 03:16 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I now know why ASWMbr could not remove it

I will need you to download and run combofix so that we can get the recovery console installed

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#14
noahvail
Posted 29 April 2011 - 03:17 PM

noahvail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Awesome. Will do so tonight. Off for a bit.
  • 0

#15
Essexboy
Posted 29 April 2011 - 03:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem - this will not cure it - but it will give us the tools to
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP