Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: Infected Help! posting DDS notes and Spybot notes

  1. #11
    Junior Member
    Join Date
    Jan 2011
    Posts
    12

    Default new OTL scan

    OTL logfile created on: 1/7/2011 12:22:01 PM - Run 4
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Brandon\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    510.00 Mb Total Physical Memory | 226.00 Mb Available Physical Memory | 44.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 178.52 Gb Free Space | 59.89% Space Free | Partition Type: NTFS

    Computer Name: OWNER-5E65B9396 | User Name: Brandon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Brandon\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
    PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
    PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
    PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
    PRC - C:\WINDOWS\system32\gearsec.exe (GEAR Software)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Brandon\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
    MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)


    ========== Win32 Services (SafeList) ==========

    SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe File not found
    SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
    SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
    SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
    SRV - (GearSecurity) -- C:\WINDOWS\system32\gearsec.exe (GEAR Software)


    ========== Driver Services (SafeList) ==========

    DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
    DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
    DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
    DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
    DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
    DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
    DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
    DRV - (GearAspiSys) -- C:\WINDOWS\system32\drivers\GEARASPISYS.SYS (GEAR Software)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/28 09:20:34 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/01/06 13:14:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
    O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
    O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe File not found
    O4 - HKCU..\Run: [HotkeySearchTool] C:\Program Files\Hotkey Search Tool\SearchTool.exe File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {1C855A0E-34AF-4660-A2FD-66A82A57D14B} http://auctions.liveauctioneers.com/...es/lgbexec.cab (XExcuter Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1196025328265 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1217260651546 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductA...eX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Brandon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brandon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/11/26 04:39:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{02645f47-5a76-11dd-bf2d-001111044a11}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDEULA.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/06 17:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/01/06 13:10:00 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/01/05 23:09:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brandon\Desktop\OTL.exe
    [2011/01/03 00:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2010/12/28 17:11:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2010/12/28 15:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/12/28 15:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/12/28 15:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/12/28 01:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon\Application Data\AVG10
    [2010/12/28 01:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
    [2010/12/28 01:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon\Local Settings\Application Data\PhotoChannel
    [2010/12/28 01:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/12/28 01:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2010/12/28 01:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2010/12/14 14:16:44 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
    [2010/12/14 14:15:25 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
    [2010/12/13 12:33:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/12/13 12:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/12/13 12:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/12/13 12:30:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
    [2010/12/13 12:29:48 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2010/12/13 12:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2 C:\Documents and Settings\Brandon\My Documents\*.tmp files -> C:\Documents and Settings\Brandon\My Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/01/07 11:57:04 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Brandon\Desktop\Microsoft Office Outlook 2003.lnk
    [2011/01/07 11:57:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/07 11:13:23 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Brandon\Desktop\Microsoft Office Word 2003.lnk
    [2011/01/07 09:38:56 | 103,672,065 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/01/06 22:57:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/06 13:17:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/06 13:14:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2011/01/06 13:09:27 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Brandon\My Documents\We speak tons of jibber jabber.doc
    [2011/01/05 23:09:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon\Desktop\OTL.exe
    [2011/01/05 23:01:06 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Brandon\My Documents\Just when you think you.doc
    [2011/01/05 23:01:06 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Brandon\My Documents\~$st when you think you.doc
    [2011/01/05 03:19:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/03 00:29:10 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Brandon\Desktop\Spybot - Search & Destroy.lnk
    [2011/01/01 13:07:56 | 000,000,310 | RHS- | M] () -- C:\boot.ini
    [2010/12/30 14:56:38 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Brandon\My Documents\seized.doc
    [2010/12/30 13:21:17 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Brandon\My Documents\~$seized.doc
    [2010/12/28 15:32:46 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/12/28 09:20:58 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2010/12/22 10:18:49 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Brandon\My Documents\~$izedpropertyauction.doc
    [2010/12/22 10:16:33 | 000,192,000 | ---- | M] () -- C:\Documents and Settings\Brandon\My Documents\seizedpropertyauction.doc
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/16 17:42:31 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2010/12/15 03:28:51 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/12/15 03:10:12 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/12/14 15:38:02 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Brandon\My Documents\Der Treue Husar 1.doc
    [2010/12/14 15:36:36 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Brandon\My Documents\Der Treue Hausar.doc
    [2010/12/14 15:35:19 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Brandon\My Documents\Der true hauser.doc
    [2010/12/08 22:24:34 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Brandon\My Documents\Allyson Joy Henrich1.doc
    [2 C:\Documents and Settings\Brandon\My Documents\*.tmp files -> C:\Documents and Settings\Brandon\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/01/07 09:38:56 | 103,672,065 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/01/06 13:09:21 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Brandon\My Documents\We speak tons of jibber jabber.doc
    [2011/01/05 23:01:06 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Brandon\My Documents\~$st when you think you.doc
    [2011/01/05 23:01:01 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Brandon\My Documents\Just when you think you.doc
    [2011/01/03 00:29:10 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Brandon\Desktop\Spybot - Search & Destroy.lnk
    [2010/12/30 13:21:17 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Brandon\My Documents\~$seized.doc
    [2010/12/30 13:21:16 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Brandon\My Documents\seized.doc
    [2010/12/28 15:32:46 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/12/22 10:18:49 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Brandon\My Documents\~$izedpropertyauction.doc
    [2010/12/14 15:38:02 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Brandon\My Documents\Der Treue Husar 1.doc
    [2010/12/14 15:36:36 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Brandon\My Documents\Der Treue Hausar.doc
    [2010/12/14 15:35:19 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Brandon\My Documents\Der true hauser.doc
    [2010/12/13 12:32:50 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2010/12/08 21:59:57 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Brandon\My Documents\Allyson Joy Henrich1.doc
    [2009/03/15 16:51:55 | 000,000,109 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/01/25 17:10:22 | 000,136,788 | ---- | C] () -- C:\Documents and Settings\Brandon\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
    [2009/01/25 17:10:22 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
    [2009/01/25 17:10:13 | 000,002,097 | ---- | C] () -- C:\Documents and Settings\Brandon\Application Data\HPSU_48BitScanUpdate.log
    [2009/01/25 17:10:13 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2009/01/25 17:04:21 | 000,266,165 | ---- | C] () -- C:\Documents and Settings\Brandon\Application Data\Update_HP_RedboxHprblog_HPSU.log
    [2009/01/25 17:04:20 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
    [2008/09/05 15:52:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2008/07/31 16:16:09 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/07/31 15:26:14 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Brandon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/07/27 19:00:54 | 000,038,483 | ---- | C] () -- C:\Documents and Settings\Brandon\Application Data\Comma Separated Values (Windows).ADR
    [2008/07/27 14:09:43 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2008/07/23 16:54:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/11/26 04:59:41 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2007/11/25 23:27:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/11/25 16:10:16 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
    [2003/01/26 23:23:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/07/19 05:35:00 | 000,880,640 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
    [2002/07/19 05:35:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
    [2002/07/19 05:34:00 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2002/07/19 05:34:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
    [2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== Files - Unicode (All) ==========
    [2009/01/04 19:39:52 | 000,022,528 | ---- | M] ()(C:\Documents and Settings\Brandon\My Documents\???????? ????? in Russian.doc) -- C:\Documents and Settings\Brandon\My Documents\Материал парка in Russian.doc
    [2009/01/04 19:39:51 | 000,022,528 | ---- | C] ()(C:\Documents and Settings\Brandon\My Documents\???????? ????? in Russian.doc) -- C:\Documents and Settings\Brandon\My Documents\Материал парка in Russian.doc

    < End of report >

  2. #12
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Log looks fine

    A few things you need to do

    Update your Java

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.






    Clear old infected Restore Points



    System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

    Please follow the steps below to create a clean restore point:
    1. Click Start > Run > copy and paste the following into the run box:
      %SystemRoot%\System32\restore\rstrui.exe
    2. Press OK. Choose Create a Restore Point then click Next.
    3. Name it (something you'll remember) and click Create.
    4. When the confirmation screen shows the restore point has been created click Close.


    Then remove all previous Restore Points
    1. Click Start > Run > copy and paste the following into the run box:
      cleanmgr
    2. Choose to scan drive C:\ (if C:\ is your main drive).
    3. At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
    4. Click on the Yes button.
    5. When finished, click on Cancel button to exit.



    Open up OTL and click on Cleanup and it will remove tools used to clean your system along with there backups








    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •