-
Ah ok, thanks for the clear up! Teatimer was already disabled, but I went through the steps just to make sure and it was already unchecked. Here's the OTL fix before I run OTL again:
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.WINXP_HOME
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: alle
->Temp folder emptied: 7405568 bytes
->Temporary Internet Files folder emptied: 99464611 bytes
->Java cache emptied: 33374934 bytes
->FireFox cache emptied: 60650508 bytes
->Flash cache emptied: 36453 bytes
User: charles
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 1015 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: sylve
->Temp folder emptied: 3804114 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 19432305 bytes
->FireFox cache emptied: 4773184 bytes
->Flash cache emptied: 53196 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2240559 bytes
%systemroot%\System32 .tmp files removed: 8561603 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 135715242 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 358.00 mb
OTL by OldTimer - Version 3.2.26.5 log created on 08222011_123937
Files\Folders moved on Reboot...
File\Folder C:\windows\temp\Perflib_Perfdata_5e0.dat not found!
Registry entries deleted on Reboot...
-
Go ahead and run a new scan with OTL and post the log
-
OTL logfile created on: 8/22/2011 12:57:27 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\alle\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.94 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 73.38% Memory free
2.44 Gb Paging File | 2.01 Gb Available in Paging File | 82.17% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.42 Gb Total Space | 49.49 Gb Free Space | 68.33% Space Free | Partition Type: NTFS
Computer Name: WINXP_HOME | User Name: alle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\alle\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110821.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110821.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110819.030\IDSXpx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx86.sys (Symantec Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\windows\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (viaagp1) -- C:\windows\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
IE - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 9D A7 16 D3 07 1C 40 B7 E5 3B 6E B0 B6 EF 11 [binary data]
IE - HKU\S-1-5-21-3151372477-303091292-839091910-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3151372477-303091292-839091910-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/08/17 10:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 11:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/28 09:10:57 | 000,000,000 | ---D | M]
[2008/12/28 14:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alle\Application Data\Mozilla\Extensions
[2011/08/20 21:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions
[2011/01/24 18:22:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/21 21:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/20 16:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8545daff-ad1e-493f-a37e-eed1ac79682b}
File not found (No name found) --
[2011/08/17 10:11:12 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YDGD2GDN.DEFAULT\EXTENSIONS\{D364076C-3592-462F-8238-10667957D069}
[2011/06/28 11:39:15 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/21 21:59:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/08/22 12:39:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O4 - HKLM..\Run: [SoundMan] C:\windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O15 - HKU\S-1-5-21-3151372477-303091292-839091910-1006\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1220280676984 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3151372477-303091292-839091910-1006 Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\alle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\alle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/11 05:11:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3ae2d98c-f8d2-11d9-84cf-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3ae2d98c-f8d2-11d9-84cf-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ae2d98c-f8d2-11d9-84cf-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{a5e42ec6-82b1-11dd-972e-0013d31758cf}\Shell - "" = AutoRun
O33 - MountPoints2\{a5e42ec6-82b1-11dd-972e-0013d31758cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a5e42ec6-82b1-11dd-972e-0013d31758cf}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/08/22 09:31:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/21 18:03:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\alle\Desktop\OTL.exe
[2011/08/20 21:49:36 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/08/20 21:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/20 21:49:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/08/20 21:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/20 21:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alle\Desktop\GooredFix Backups
[2011/08/20 21:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSNDynFiles
[2011/08/15 16:26:14 | 002,558,968 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\alle\Desktop\NPE.exe
[2011/08/13 18:40:43 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rdpwd.sys
[2011/08/13 18:31:37 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndistapi.sys
[1 C:\Documents and Settings\alle\Desktop\*.tmp files -> C:\Documents and Settings\alle\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\alle\*.tmp files -> C:\Documents and Settings\alle\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/08/22 12:41:30 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/22 12:39:38 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/08/21 21:29:26 | 000,000,026 | ---- | M] () -- C:\windows\ulead32.ini
[2011/08/21 18:03:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alle\Desktop\OTL.exe
[2011/08/20 21:49:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/20 21:15:33 | 000,012,598 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/08/15 16:26:14 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\alle\Desktop\NPE.exe
[2011/08/14 09:34:06 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/08/13 18:53:50 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2011/07/29 16:47:15 | 000,000,082 | ---- | M] () -- C:\windows\System32\316413642
[2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtml.dll
[1 C:\Documents and Settings\alle\Desktop\*.tmp files -> C:\Documents and Settings\alle\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\alle\*.tmp files -> C:\Documents and Settings\alle\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/20 21:49:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/18 17:56:32 | 000,002,940 | ---- | C] () -- C:\Documents and Settings\alle\Application Data\5E76.86D
[2010/12/07 15:20:56 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2010/11/09 19:52:27 | 000,032,396 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2010/10/05 17:55:35 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\alle\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/04/02 00:29:28 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\alle\Local Settings\Application Data\PUTTY.RND
[2008/12/28 14:48:02 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2008/04/06 13:22:33 | 000,000,026 | ---- | C] () -- C:\windows\ulead32.ini
[2008/04/04 15:11:38 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2007/09/01 20:52:51 | 000,000,288 | ---- | C] () -- C:\windows\ODBC.INI
[2006/12/11 17:27:43 | 000,000,047 | ---- | C] () -- C:\windows\JMAN.INI
[2006/12/11 17:23:49 | 000,000,072 | ---- | C] () -- C:\windows\filog.ini
[2006/10/16 14:38:05 | 000,000,004 | ---- | C] () -- C:\windows\System32\proc1395793746.bin
[2006/07/19 17:42:57 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\alle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/19 18:55:03 | 000,006,550 | ---- | C] () -- C:\windows\jautoexp.dat
[2006/04/11 21:35:32 | 000,000,000 | ---- | C] () -- C:\windows\QuickInstall.INI
[2006/03/13 18:23:38 | 000,000,038 | ---- | C] () -- C:\windows\TLTitleData.ini
[2006/02/10 19:49:52 | 000,286,720 | ---- | C] () -- C:\windows\System32\sndp2022.dll
[2006/02/10 19:49:52 | 000,229,376 | ---- | C] () -- C:\windows\System32\sndp2023.dll
[2006/02/10 19:49:52 | 000,224,640 | ---- | C] () -- C:\windows\System32\drivers\sndp202.sys
[2006/02/10 19:49:52 | 000,045,056 | ---- | C] () -- C:\windows\System32\dsndp202.dll
[2006/02/10 19:49:52 | 000,015,581 | ---- | C] () -- C:\windows\sndp202.ini
[2006/02/10 19:49:44 | 000,036,864 | ---- | C] () -- C:\windows\System32\vsndp202.dll
[2006/02/10 19:49:44 | 000,020,480 | ---- | C] () -- C:\windows\dsndp202.exe
[2006/02/10 19:47:36 | 000,000,071 | ---- | C] () -- C:\windows\pex.INI
[2006/01/20 23:31:04 | 000,000,004 | ---- | C] () -- C:\windows\System32\msvcf5bf.sys
[2005/12/19 15:50:04 | 000,000,017 | ---- | C] () -- C:\windows\Missing.ini
[2005/12/13 21:10:59 | 000,000,169 | ---- | C] () -- C:\windows\RtlRack.ini
[2005/12/13 20:54:39 | 000,079,674 | ---- | C] () -- C:\windows\hpfins05.dat
[2005/12/13 20:54:39 | 000,001,350 | ---- | C] () -- C:\windows\hpfmdl05.dat
[2005/12/09 22:08:40 | 000,001,087 | ---- | C] () -- C:\windows\eReg.dat
[2005/12/09 21:12:44 | 000,000,112 | ---- | C] () -- C:\windows\ActiveSkin.INI
[2005/12/09 20:51:26 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2005/12/09 20:49:25 | 000,000,345 | ---- | C] () -- C:\windows\hegames.ini
[2005/09/07 11:08:06 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2005/09/07 11:07:49 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2005/09/07 11:07:49 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2005/09/07 11:07:31 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2005/09/07 11:06:56 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2005/09/07 11:06:55 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2005/09/07 11:05:32 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2005/09/07 11:04:57 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin
[2005/07/22 00:17:22 | 000,036,864 | ---- | C] () -- C:\windows\System32\UnAudioNT.dll
[2005/07/20 23:55:20 | 000,000,060 | ---- | C] () -- C:\windows\System32\SYSDRV.DAT
[2005/06/11 09:24:49 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2005/06/11 05:17:58 | 000,000,164 | ---- | C] () -- C:\windows\avrack.ini
[2005/06/11 05:17:56 | 000,155,648 | ---- | C] () -- C:\windows\System32\RTLCPAPI.dll
[2005/06/11 05:16:15 | 000,003,359 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2005/06/11 05:16:14 | 000,005,824 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2005/06/11 05:13:36 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2005/06/11 05:09:48 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2005/06/11 01:01:57 | 000,004,346 | ---- | C] () -- C:\windows\ODBCINST.INI
[2005/06/11 01:01:00 | 000,167,504 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2005/04/27 14:38:00 | 000,372,736 | ---- | C] () -- C:\windows\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 000,077,824 | ---- | C] () -- C:\windows\System32\hpzids01.dll
[2005/01/13 18:19:23 | 000,000,436 | ---- | C] () -- C:\windows\System32\OEMINFO.INI
[2002/04/20 18:03:52 | 000,004,514 | ---- | C] () -- C:\windows\System32\oembios.dat
[2002/04/20 18:03:48 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
< End of report >
-
I am going to look over your log in a bit, at work and dont know how much longer I will have internet access , may not get back to you until late afternoon.
In the meantime, see if this makes sense to you
Hosts file info
This address is just made up to show you how it works. All web pages are assigned an address. So when you enter bobshoes.com in your address bar, windows converts it to the numbers, why, as humans its easier to tell some one you went online and bought those shoes at bobs shoes rather then tell them you got them at 126.117.214.165
Lets say goodsite.com is assigned IP address of 146.214.123.214, everytime you enter goodsite.com in your address bar, windows converts it 146.214.123.214 and it goes out and finds it and the page loads. What happens is sometimes malware infectes the hosts file and changes those numbers
Example
goodsite.com- 146.214.123.214 <--Remember this is made up but lets say its legit
Malware can do this
goodsite.com - 277.213.124.215 <-- converted the number to there own malware site
So when you enter goodsite.com it takes you to there malware site instead of goodsite where you wanted to go
Your log shows entries for sexlinks with a number of 127.0.0.1 <-- This was put there by Spybot so that if you should wander into sexlinks.com it will take you to your own computer, when it cant find the website it just goes away, its another layer of protection
Hang in, be back as soon as I can
-
It all makes sense now, Spybot works wonders! It's interesting to see that it managed to change the numbers in the hosts file to my computer in order to prevent more redirects. Thanks for the explanation, I would've never thought of it!
-
Looks fine, any redirects or unwanted popup windows ?
Please download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
- Open JavaRa.exe again and select Search For Updates.
- Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Please run this free online virus scanner from ESET
- Note: You will need to use Internet explorer for this scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
-
No problems so far! Just a question: Does it matter if I download the Windows x64 or x86 version? How do I find out which one is mine? Thanks in advance!
(From here: http://www.oracle.com/technetwork/ja...ad-432155.html )
-
Your system is 32 bit so you need the x86 version
-
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=f6c2c02d4f72cc45969ed05f52e9d2ce
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-23 03:57:17
# local_time=2011-08-22 11:57:17 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 76310441 76310441 0 0
# compatibility_mode=3584 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=79645
# found=3
# cleaned=3
# scan_time=3634
C:\Documents and Settings\sylve\Application Data\Mozilla\Firefox\Profiles\6zpdq4fl.default\extensions\{d364076c-3592-462f-8238-10667957d069}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Downloaded Program Files\vzbb.dll.old Win32/Adware.MegaSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08222011_093107\C_Documents and Settings\alle\Desktop\GooredFix Backups\C\Documents and Settings\alle\Application Data\Mozilla\Firefox\Profiles\ydgd2gdn.default\extensions\{d364076c-3592-462f-8238-10667957d069}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Just some additional info: I downloaded the online version of the x86 (there was a choice between online and offline on that link above so I went for online). Also: At the end of the ESET scan, I had both "Uninstall application on close" and "Delete quarantined files" checked - but if we need to use it again, I'll get it again.
-
Looks like your good to go.
Malwarebytes is the free version and yours to keep, the pro version offers a protection moduale that will block access to known bad sites, the cost is minimal, I believe around $25 , a one time fee, not yearly, but this of course is up to you.
Any tools we used that OTL does not remove, you can just drag them to the trash
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
Safe Surfn
Ken
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
