Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bot Google Notification, Blue Screen, Malware - Novice

Started by thunderabsolute , Dec 17 2012 08:45 AM

  • Please log in to reply

#16
thunderabsolute
Posted 21 December 2012 - 09:43 PM

thunderabsolute

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I haven't received the warning since I ran the OTL RUN FIX. I'll keep checking to see if it presents itself again.

Not sure if hit something just as this program started to run. Not sure why it would have an error. Should I rerun it?


Here is the OTL RUN FIX log:

Error: Unable to interpret < > in the current context!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{eeb020a9-50f1-405d-920c-d91a1ebc3cee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eeb020a9-50f1-405d-920c-d91a1ebc3cee}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1658D3A1-9E13-4196-A82A-D70D70880F36}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1658D3A1-9E13-4196-A82A-D70D70880F36}\ deleted successfully.
C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ef64538-8b54-4573-b48f-4d34b0238ab2}\ deleted successfully.
C:\Program Files (x86)\AOL Toolbar\aoltb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\ not found.
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ deleted successfully.
C:\Program Files (x86)\Inbox Toolbar\Inbox.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
File C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}\ deleted successfully.
File C:\Program Files (x86)\AOL Toolbar\aoltb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ deleted successfully.
File C:\Program Files (x86)\Inbox Toolbar\Inbox.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
File C:\Program Files (x86)\Inbox Toolbar\Inbox.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdvanceWare Updater.lnk moved successfully.
C:\Program Files (x86)\AdvanceWare\AdvanceWare Updater\AdvWUpdater.exe moved successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload &with BitComet\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all with BitComet\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload &with BitComet\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all with BitComet\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File C:\Program Files (x86)\Inbox Toolbar\Inbox.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\inbox\ deleted successfully.
File C:\Program Files (x86)\Inbox Toolbar\Inbox.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tbr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}\ deleted successfully.
File {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll File not found not found.
C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job moved successfully.
C:\Windows\Tasks\ReclaimerUpdateFiles_Owner.job moved successfully.
C:\Windows\Tasks\RGames Updater.job moved successfully.
C:\Windows\Tasks\ReclaimerUpdateXML_Owner.job moved successfully.
ADS C:\Users\Owner\Desktop\Lawrence Holiday Card.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== FILES ==========
< at /c >
There are no entries in the list.
C:\Users\Owner\Desktop\Malware & Virus Programs\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\Malware & Virus Programs\cmd.txt deleted successfully.
File\Folder C:\Windows\tasks\At*.job not found.
File\Folder C:\Windows\assembly\GAC\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
File\Folder C:\Users\\Owner\AppData\Local\Temp\*.exe not found.
File move failed. C:\Users\\Owner\AppData\Local\Temp\dxtmsft.dll scheduled to be moved on reboot.
File move failed. C:\Users\\Owner\AppData\Local\Temp\dxtrans.dll scheduled to be moved on reboot.
File move failed. C:\Users\\Owner\AppData\Local\Temp\ieframe.dll scheduled to be moved on reboot.
File move failed. C:\Users\\Owner\AppData\Local\Temp\iepeers.dll scheduled to be moved on reboot.
File move failed. C:\Users\\Owner\AppData\Local\Temp\msxml3.dll scheduled to be moved on reboot.
File move failed. C:\Users\\Owner\AppData\Local\Temp\scrrun.dll scheduled to be moved on reboot.
< sfc.exe /scanfile=c:\windows\explorer.exe /c >
Windows Resource Protection could not start the repair service.
C:\Users\Owner\Desktop\Malware & Virus Programs\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\Malware & Virus Programs\cmd.txt deleted successfully.
File\Folder C:\Windows\svchost.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56468 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 58839 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Owner
->Java cache emptied: 608145 bytes

User: Public

Total Java Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12212012_164056

Files\Folders moved on Reboot...
File move failed. C:\Users\\Owner\AppData\Local\Temp\dxtmsft.dll scheduled to be moved on reboot.
File move failed. C:\Users\\Owner\AppData\Local\Temp\dxtrans.dll scheduled to be moved on reboot.
File move failed. C:\Users\\Owner\AppData\Local\Temp\ieframe.dll scheduled to be moved on reboot.
File move failed. C:\Users\\Owner\AppData\Local\Temp\iepeers.dll scheduled to be moved on reboot.
File move failed. C:\Users\\Owner\AppData\Local\Temp\msxml3.dll scheduled to be moved on reboot.
File move failed. C:\Users\\Owner\AppData\Local\Temp\scrrun.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements

#17
thunderabsolute
Posted 21 December 2012 - 09:48 PM

thunderabsolute

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I was able to clear logs and run VEW again.

Here is the log:


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/12/2012 10:46:29 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#18
RKinner
Posted 21 December 2012 - 11:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Run VEW again but this time have it look for Application errors.

Also I don't see the farbar service scanner log.


Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#19
thunderabsolute
Posted 23 December 2012 - 04:40 PM

thunderabsolute

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I'm not sure why sometimes post disappear after I post them but here is the Farbar Scan results again. Sorry! I'll run the VEW again now. Thank you!



Farbar Service Scanner Version: 10-12-2012
Ran by Owner (administrator) on 21-12-2012 at 08:57:07
Running from "C:\Users\Owner\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#20
thunderabsolute
Posted 23 December 2012 - 04:52 PM

thunderabsolute

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
There seems to be no Application errors/warnings in VEW. Please see attached log.



Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/12/2012 5:48:03 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#21
RKinner
Posted 23 December 2012 - 07:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Looking pretty good.

Have you ever done an Avast Boot-Time scan? This is something I like to run while I sleep since it takes so long. (Mute your speakers so Windows doesn't wake you up when it starts.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find? C:\ProgramData\Avast Software\Avast\report\aswboot.txt is where they used to hide a text version which you can copy and paste. They tell you where it is when the scan first starts so pay attention.
  • 0

#22
thunderabsolute
Posted 27 December 2012 - 12:44 PM

thunderabsolute

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Ron,

Sorry for the delay in responding, buried in Christmas activities. I hope you and your family had a wonderful holiday. I will run the Avast Boot-Time Scan tonight before bed. Thank you again for all of your tremendous help. I greatly appreciate it. Heidi
  • 0

#23
RKinner
Posted 27 December 2012 - 01:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
No problem. We went over to Victoria, BC on Vancouver Island for Xmas so wasn't on-line anyway.
  • 0

#24
thunderabsolute
Posted 28 December 2012 - 01:08 PM

thunderabsolute

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sounds like a nice holiday! Here is the latest from Avast Boot-Time Scan. As you asked, I've moved all quarantines it to Chest. Do I need to do anything further with them?



11/12/2012 15:18
Scan of all local drives

File C:\Data Backup Geek Squad\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL is infected by Win32:Mywebsearch-Q [PUP], Deleted
File C:\Data Backup Geek Squad\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL is infected by Win32:FunWeb-B [PUP], Deleted
File C:\Data Backup Geek Squad\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL is infected by Win32:PUP-gen [PUP], Deleted
File C:\Data Backup Geek Squad\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL is infected by Win32:FunWeb-B [PUP], Deleted
File C:\Data Backup Geek Squad\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE is infected by Win32:FunWeb-B [PUP], Deleted
File C:\Data Backup Geek Squad\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL is infected by Win32:FunWeb-B [PUP], Deleted
File C:\Data Backup Geek Squad\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL is infected by Win32:PUP-gen [PUP], Deleted
File C:\Data Backup Geek Squad\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL is infected by Win32:Mywebsearch-S [PUP], Deleted
File C:\Data Backup Geek Squad\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE is infected by Win32:PUP-gen [PUP], Deleted
File C:\Data Backup Geek Squad\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Data Backup Geek Squad\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Data Backup Geek Squad\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL is infected by Win32:Mywebsearch-Q [PUP], Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#MWSOEPLG.DLL] is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#MWSOESTB.DLL] is infected by Win32:Mywebsearch-R [PUP], Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3SKIN.DLL] is infected by Win32:Mywebsearch-S [PUP], Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#NPMYWEBS.DLL] is infected by Win32:Mywebsearch-Q [PUP], Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3POPSWT.DLL] is infected by Win32:PUP-gen [PUP], Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3HTMLMU.DLL] is infected by Win32:FunWeb-B [PUP], Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3REPROX.DLL] is infected by Win32:FunWeb-B [PUP], Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3SCRCTR.DLL] is infected by Win32:FunWeb-B [PUP], Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3SCHMON.EXE] is infected by Win32:FunWeb-B [PUP], Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3SLSRCH.EXE] is infected by Win32:PUP-gen [PUP], Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3SRCHMN.EXE] is infected by Win32:PUP-gen [PUP], Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3HKSTUB.DLL] is infected by Win32:Mywebsearch-Q [PUP], Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3AUXSTB.DLL] is infected by Win32:PUP-gen [PUP], Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe|>mwsSetup.CommonCodebase.exe is infected by Win32:Malware-gen, Deleted
File C:\Data Backup Geek Squad\Users\Heidi\AppData\LocalLow\FunWebProducts\Installr\Cache\27EDC7D2.exe is infected by Win32:Mywebsearch-X [PUP], Deleted
File C:\ProgramData\Microsoft\Windows\DRM\A3B3.tmp.dat is infected by Win32:Alureon-AWX [Trj], Deleted
File C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000072|>{cf}\ZugoInstaller.exe is infected by Win32:PUP-gen [PUP], Deleted
File C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd\npRivalGamingGC.dll is infected by Win32:Gamevance-DY [PUP], Deleted
File C:\Users\Owner\AppData\Local\RivalGaming\RivalGaming.dll is infected by Win32:Gamevance-DY [PUP], Deleted
File C:\Users\Owner\AppData\Local\vmn3_5dn\data\121018080355-m.list is infected by HTML:Script-inf, Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8BAR.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8PLUGIN.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#NPT8STUB.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8HIGHIN.EXE] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8MEDINT.EXE] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8SRCHMN.EXE] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8BARSVC.EXE] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8BRMON.EXE] is infected by Win32:PUP-gen [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8BRSTUB.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8SRCAS.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8REGHK.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8HKSTUB.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8MSG.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8DYN.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8REGIET.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8REGFFT.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8HTML.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8HTMLMU.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8HTTPCT.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8DATACT.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8AUXSTB.DLL] is infected by Win32:PUP-gen [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8DLGHK.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8IDLE.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8SKIN.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8SKPLAY.EXE] is infected by Win32:PUP-gen [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8RADIO.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8MLBTN.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8FEEDMG.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8SCRIPT.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8UABTN.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8TPINST.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8IEOVR.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8RES.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe|>[Embedded_R#T8PATCH.DLL] is infected by Win32:FunWeb-K [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe|>4mSetup.exe is infected by Win32:Mywebsearch-AB [PUP], Deleted
File C:\Users\Owner\AppData\LocalLow\ChristmasHolidayLaughs_4mEI\Installr\Cache\198E5C96.exe is infected by Win32:Mywebsearch-AD [PUP], Deleted
File C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\xpcomponent.dll is infected by Win32:Gamevance-DL [PUP], Deleted
File C:\Users\Owner\Documents\Funny\Retrogamer.exe|>f3EzSetp.Retrogamer.dll is infected by Win32:FunWeb [PUP], Deleted
File C:\Users\Owner\Documents\Funny\Retrogamer.exe is infected by Win32:Adware-gen [Adw], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\2Z1MACMN\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\2Z1MACMN\1352016289788_13755011954457[2].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\2Z1MACMN\1352016289788_13755011954457[3].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\2Z1MACMN\ Error 0xC000000D {An invalid parameter was passed to a service or function.}
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\4Z7I8Z4F\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7UTQRUR4\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\7UTQRUR4\1352016289788_13755011954457[2].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\AYOOAREW\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\B5XHR8BB\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\BOR4LDT2\1352016289788_13755011954457[2].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\BY4JB78B\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\BY4JB78B\1352016289788_13755011954457[2].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\BY4JB78B\1352016289788_13755011954457[3].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\BY4JB78B\1352016289788_13755011954457[4].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\BY4JB78B\1352016289788_13755011954457[5].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\BY4JB78B\drxwgdvmpt-crime-its-something-we-take-for-granted[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\DD1Y8L0Y\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\E3NMGRT2\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\I9EC24MX\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\JK1B9GNQ\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\JK1B9GNQ\1352016289788_13755011954457[2].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\JM9FBCCL\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\LB09STSU\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\LB09STSU\1352016289788_13755011954457[2].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\LB09STSU\1352016289788_13755011954457[3].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\M8Y22NR1\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\M8Y22NR1\1352016289788_13755011954457[2].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\M8Y22NR1\but-i-was-with-him-the-whole-time[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\M8Y22NR1\fpi[2].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\M8Y22NR1\search[1].htm is infected by HTML:RedirME-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\OHLC380G\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\RP07Q6AB\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\RP07Q6AB\1352016289788_13755011954457[2].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\RP07Q6AB\1352016289788_13755011954457[3].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\S0DAA37H\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\SKKGC63Y\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\SKKGC63Y\1352016289788_13755011954457[2].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\V50BZ7BV\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\V50BZ7BV\1352016289788_13755011954457[2].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\V50BZ7BV\fpi[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\VRITS8ZO\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\VXQW329N\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\XMQK9J1B\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\XMQK9J1B\1352016289788_13755011954457[2].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\XX47B1KT\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\Y9PX4MCA\1352016289788_13755011954457[1].htm is infected by JS:ScriptIP-inf [Trj], Deleted
Number of searched folders: 78263
Number of tested files: 2880244
Number of infected files: 116

----------------------------------------
12/27/2012 23:38
Scan of all local drives

File C:\TDSSKiller_Quarantine\20.12.2012_17.42.20\mbr0000\mbr0000\tsk0000.dta is infected by MBR:Pihar-D [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\20.12.2012_17.42.20\mbr0000\mbr0000\tsk0001.dta is infected by MBR:Pihar-D [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\20.12.2012_17.42.20\mbr0000\tdlfs0000\tsk0004.dta is infected by MBR:Alureon-B [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\20.12.2012_22.15.39\tdlfs0000\tsk0002.dta is infected by Win32:Rootkit-gen [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\20.12.2012_22.15.39\tdlfs0000\tsk0003.dta is infected by MBR:Pihar-D [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\20.12.2012_22.15.39\tdlfs0000\tsk0006.dta is infected by MBR:Alureon-B [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\20.12.2012_22.15.39\tdlfs0000\tsk0007.dta is infected by Win32:Rootkit-gen [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\20.12.2012_22.15.39\tdlfs0000\tsk0008.dta is infected by Win64:Alureon-B@mbr [Rtk], Moved to chest
File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEHSCZMM\iTunes64[1].msi|>iTunes.cab Error 42144 {OLE archive is corrupted.}
File C:\Users\Owner\AppData\Local\RivalGaming\Updater.exe is infected by Win32:Gamevance-ED [PUP], Moved to chest
Number of searched folders: 79139
Number of tested files: 2876868
Number of infected files: 9
  • 0

#25
RKinner
Posted 28 December 2012 - 01:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I would manually delete this file:

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEHSCZMM\iTunes64[1].msi

since Avast says it is corrupt.

Otherwise it looks good. How is it running now? Any problems?
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP