Your in Danger Virus

View previous topic View next topic Go down

Your in Danger Virus

Post by jhrlng on Tue 08 Mar 2011, 4:03 am

Hello~
I could use some help! This virus has taken over my computer. I downloaded the Rkill and OTL. Here are my results from the scan. Help would be greatly appreciated:)

OTL logfile created on: 3/7/2011 9:51:42 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jess\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 7.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 84.68 Gb Free Space | 62.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.32 Gb Free Space | 53.16% Space Free | Partition Type: NTFS

Computer Name: JESS-PC | User Name: Jess | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/06 21:36:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Desktop\OTL.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/03/29 13:54:52 | 002,343,120 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/06 21:36:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/07/15 10:10:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/21 13:45:24 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 10:10:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/13 10:07:20 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2007/09/27 22:54:48 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/27 22:54:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/07/15 10:10:23 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 10:08:41 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 09:42:08 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/04/02 23:54:42 | 000,014,120 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2008/04/02 23:54:38 | 000,011,048 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2008/04/02 23:54:34 | 000,016,808 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2007/09/27 22:54:56 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/24 03:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/08/17 19:56:46 | 000,059,520 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMWWAN.sys -- (PTDMWWAN)
DRV - [2007/08/17 19:56:40 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMVsp.sys -- (PTDMVsp)
DRV - [2007/08/17 19:56:38 | 000,041,856 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMMdm.sys -- (PTDMMdm)
DRV - [2007/08/17 19:56:34 | 000,029,952 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMBus.sys -- (PTDMBus)
DRV - [2006/11/27 01:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 01:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 01:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 06:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/07/20 19:00:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\extensions
[2009/07/20 19:00:50 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/04/10 20:15:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [lCbKbBj01804] C:\ProgramData\lCbKbBj01804\lCbKbBj01804.exe (Корпорация Майкрософт)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O24 - Desktop WallPaper: C:\Users\Jess\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jess\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/06 21:36:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jess\Desktop\OTL.exe
[2011/03/06 18:07:25 | 000,000,000 | ---D | C] -- C:\Users\Jess\Documents\Junk
[2011/03/06 17:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\lCbKbBj01804
[2011/02/23 03:07:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/23 03:03:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/02/23 03:03:04 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/02/23 03:03:04 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/02/23 03:03:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/02/23 03:03:03 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/02/23 03:03:03 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/02/23 03:02:57 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/02/23 03:02:57 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/02/23 03:02:57 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/02/23 03:02:57 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/02/23 03:02:57 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/02/23 03:02:49 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/02/23 03:02:49 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/02/23 03:02:49 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/02/23 03:02:49 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/02/23 03:02:49 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/02/12 17:17:36 | 000,000,000 | ---D | C] -- C:\e932e3846f55c57f9647
[2011/02/10 08:00:06 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/10 08:00:05 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/10 07:59:59 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/10 07:59:47 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/10 07:59:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/10 07:59:34 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/10 07:59:34 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/10 07:59:33 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/10 07:59:31 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/10 07:59:30 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/10 07:59:30 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/10 07:59:30 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/10 07:59:29 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/10 07:59:29 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/10 07:59:28 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/10 07:59:28 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/10 07:59:28 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/10 07:59:27 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/10 07:59:27 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/10 07:59:25 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/10 07:59:25 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/10 07:59:24 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/10 07:59:24 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/10 07:59:23 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/10 07:59:22 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/10 07:59:21 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/10 07:59:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/10 07:59:17 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/10 07:59:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/10 07:58:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/10 07:58:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/10 07:58:22 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/10 07:58:22 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/10 07:58:21 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/10 07:58:18 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/10 07:58:17 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/10 07:58:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/10 07:58:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/10 07:58:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/10 07:58:14 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/10 07:58:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/10 07:58:12 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/10 07:58:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/10 07:58:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/10 07:58:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/10 07:58:04 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files - Modified Within 30 Days ==========

[2011/03/07 09:51:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-534160066-1174420898-3348599328-1000UA.job
[2011/03/07 09:43:25 | 001,006,747 | ---- | M] () -- C:\Users\Jess\Desktop\eXplorer.exe
[2011/03/07 09:38:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/07 09:38:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/07 09:38:18 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/07 09:38:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/06 21:46:09 | 001,006,747 | ---- | M] () -- C:\Users\Jess\Desktop\iExplore.exe
[2011/03/06 21:45:12 | 001,006,747 | ---- | M] () -- C:\Users\Jess\Desktop\uSeRiNiT.exe
[2011/03/06 21:42:40 | 001,006,747 | ---- | M] () -- C:\Users\Jess\Desktop\rkill.com
[2011/03/06 21:41:28 | 001,006,747 | ---- | M] () -- C:\Users\Jess\Desktop\rkill.scr
[2011/03/06 21:36:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Desktop\OTL.exe
[2011/03/06 21:28:10 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/03/06 21:26:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/06 21:24:24 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/03/06 20:50:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/03/06 17:53:46 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/03/06 17:23:18 | 072,160,149 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/03/06 16:36:24 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-534160066-1174420898-3348599328-1000Core.job
[2011/03/02 20:47:30 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/02 20:47:30 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/02 16:38:12 | 000,002,039 | ---- | M] () -- C:\Users\Jess\Desktop\Google Chrome.lnk
[2011/03/02 16:38:12 | 000,002,001 | ---- | M] () -- C:\Users\Jess\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/21 16:49:56 | 002,727,494 | ---- | M] () -- C:\Users\Jess\Desktop\Transcripts_1.pdf
[2011/02/13 08:02:23 | 000,313,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/03/07 09:43:18 | 001,006,747 | ---- | C] () -- C:\Users\Jess\Desktop\eXplorer.exe
[2011/03/06 21:46:03 | 001,006,747 | ---- | C] () -- C:\Users\Jess\Desktop\iExplore.exe
[2011/03/06 21:45:11 | 001,006,747 | ---- | C] () -- C:\Users\Jess\Desktop\uSeRiNiT.exe
[2011/03/06 21:42:33 | 001,006,747 | ---- | C] () -- C:\Users\Jess\Desktop\rkill.com
[2011/03/06 21:41:22 | 001,006,747 | ---- | C] () -- C:\Users\Jess\Desktop\rkill.scr
[2011/03/06 18:25:58 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/23 03:02:50 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/23 03:02:50 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/23 03:02:50 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/21 16:49:32 | 002,727,494 | ---- | C] () -- C:\Users\Jess\Desktop\Transcripts_1.pdf
[2010/04/11 08:31:18 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/10 19:56:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/10 19:56:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/10 19:56:51 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/10 19:56:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/11 03:08:06 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/08/04 17:29:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/04 17:29:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/10/22 19:40:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/15 09:03:55 | 000,005,864 | ---- | C] () -- C:\Users\Jess\AppData\Local\d3d9caps.dat
[2008/08/14 06:05:26 | 000,012,800 | ---- | C] () -- C:\Windows\System32\EKDeviceServices.dll
[2008/08/13 11:32:03 | 000,038,912 | ---- | C] () -- C:\Users\Jess\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/10 22:02:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2008/01/10 22:02:03 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/01/10 22:02:03 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/01/10 22:02:03 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/01/10 22:01:57 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/10 14:27:02 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/01/10 14:27:01 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/01/10 14:19:50 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/10 07:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 13:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,313,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F59BA980

< End of report >


OTL Extras logfile created on: 3/7/2011 9:51:42 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jess\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 7.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 84.68 Gb Free Space | 62.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.32 Gb Free Space | 53.16% Space Free | Partition Type: NTFS

Computer Name: JESS-PC | User Name: Jess | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FD17AC-B0FC-4CE8-9AB5-AA840D515F49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0D47C931-C613-4A92-94A8-E956A1A342BA}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{1AA3A9EF-CD4F-490B-B804-F993783E773B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{225A651E-7D4B-48E6-9946-F5575CB95899}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{288133CE-7A31-4055-ACEF-6B48222E90D0}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{3D48F12D-9DEE-4DB3-99B6-606E7866372D}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{47DD7158-76B2-4CF0-84BC-92651016F5FA}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{4CC29FAB-26DA-4C7D-8AB3-374EF549276B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4EC9C12C-2113-4FB3-A154-5165B91E7517}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{565BA4C1-820D-4545-AF76-6600D6D7400A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E68EB29-BF4B-4785-9D92-7BF369B019B8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7ED390E0-F010-4EC3-A834-39006CFFA233}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{816548FF-A610-4CF7-84F9-C377C027B363}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{82D4BAA5-8E60-4E49-A89E-F90DAA08E2E0}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{86873286-209E-446D-9E5B-3C4CD9A7453C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{86F15230-CCA6-4B8A-8CF9-B64210F7EA54}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8DD1D315-B920-45A1-81C7-B184123C890E}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{98630EDD-013C-453C-8BA8-724F8E1CB837}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BA2F0669-CB7D-49E4-B38B-DEF2D928CE98}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C477341B-4957-43D3-905D-1E662F905CEB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{209C47D3-BCBA-4DE7-BE07-43F0C53E9CF2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{EC80EF1E-DE90-46C3-BA94-2BACA8B4C2DC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{25BFEB14-1C7A-4F69-B897-86A45546B3FD}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{7CCC8E11-B8B1-445F-86C8-4F66C0A3B563}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{0AAC0AF2-8F53-4B3C-A050-AEDC827EA1CC}" = SMART Product Update
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0C1A76B-AAA0-4010-8E12-9661A9AA1255}" = SMART Install Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29B0066-547B-402c-9C0D-090E2F928A01}" = PANTECH PC USB Modem Software
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F581DF68-CAE9-4064-A6CD-705D95D1C756}" = Notebook Software
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FF7A64AB-214A-47D1-95E7-742BCBA7F6C9}" = SMART Board Drivers
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AVG9Uninstall" = AVG Free 9.0
"Bejeweled 2 Deluxe 1.1.3.2523" = Bejeweled 2 Deluxe 1.1.3.2523
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Free Window Registry Repair" = Free Window Registry Repair
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PowerTalk_is1" = PowerTalk 1.2.13
"Unknown Device Identifier_is1" = Unknown Device Identifier 7.00
"Veetle TV" = Veetle TV 0.9.18
"VZAccess Manager" = VZAccess Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"61240c64869513c2" = Napster Download Manager
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2011 12:24:57 PM | Computer Name = Jess-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/6/2011 12:24:57 PM | Computer Name = Jess-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16770

Error - 3/6/2011 12:24:57 PM | Computer Name = Jess-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16770

Error - 3/6/2011 12:50:56 PM | Computer Name = Jess-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/6/2011 12:50:56 PM | Computer Name = Jess-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1575517

Error - 3/6/2011 12:50:56 PM | Computer Name = Jess-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1575517

Error - 3/6/2011 12:50:57 PM | Computer Name = Jess-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/6/2011 12:50:57 PM | Computer Name = Jess-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1576671

Error - 3/6/2011 12:50:57 PM | Computer Name = Jess-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1576671

Error - 3/6/2011 12:50:59 PM | Computer Name = Jess-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Broadcom Wireless LAN Events ]
Error - 3/24/2010 8:45:43 PM | Computer Name = Jess-PC | Source = WLAN-Tray | ID = 0
Description = 19:45:43, Wed, Mar 24, 10 Error - Unable to gain access to user store


[ OSession Events ]
Error - 7/14/2010 5:25:52 PM | Computer Name = Jess-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2884 seconds with 2160 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 3/6/2011 11:29:11 PM | Computer Name = Jess-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 3/6/2011 11:29:47 PM | Computer Name = Jess-PC | Source = DCOM | ID = 10010
Description =

Error - 3/6/2011 11:29:47 PM | Computer Name = Jess-PC | Source = DCOM | ID = 10010
Description =

Error - 3/6/2011 11:30:19 PM | Computer Name = Jess-PC | Source = DCOM | ID = 10010
Description =

Error - 3/6/2011 11:33:16 PM | Computer Name = Jess-PC | Source = DCOM | ID = 10000
Description =

Error - 3/6/2011 11:33:16 PM | Computer Name = Jess-PC | Source = DCOM | ID = 10010
Description =

Error - 3/6/2011 11:44:12 PM | Computer Name = Jess-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/7/2011 11:40:11 AM | Computer Name = Jess-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 3/7/2011 11:40:42 AM | Computer Name = Jess-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/7/2011 11:40:42 AM | Computer Name = Jess-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

jhrlng

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-03-07
Operating System : 2003 vista

View user profile

Back to top Go down

Re: Your in Danger Virus

Post by DragonMaster Jay on Tue 08 Mar 2011, 5:55 am

Hello.

We're currently training an experienced student whom will be helping you with your computer. He has been trained with authority from GeekPolice Academy.

He will be helping you under the guidance of our teaching team of malware experts.

Please wait and he shall be right with you.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Your in Danger Virus

Post by jhrlng on Tue 08 Mar 2011, 7:38 am

Thanks! Any help would be awesome!

jhrlng

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-03-07
Operating System : 2003 vista

View user profile

Back to top Go down

Re: Your in Danger Virus

Post by Gabethebabe on Tue 08 Mar 2011, 7:56 am

Hi there jhrlng and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end! If your computer starts running better, doesn´t mean it is clean yet!

We´re off to a good start since you´ve been running rkill and OTL, which is exactly how I would have started. Feel free to apply for GeekPolice Academy, you appear to have talent

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:otl
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4 - HKCU..\RunOnce: [lCbKbBj01804] C:\ProgramData\lCbKbBj01804\lCbKbBj01804.exe (Корпорация Майкрософт)

:files
C:\ProgramData\lCbKbBj01804
C:\fsqwr.bmp

:commands
[emptytemp]
[reboot]
  • Then click the Run Fix button at the top.
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)


Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Your in Danger Virus

Post by jhrlng on Tue 08 Mar 2011, 9:24 am

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\lCbKbBj01804 not found.
C:\ProgramData\lCbKbBj01804\lCbKbBj01804.exe moved successfully.
========== FILES ==========
C:\ProgramData\lCbKbBj01804 folder moved successfully.
C:\fsqwr.bmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jess
->Temp folder emptied: 27847728 bytes
->Temporary Internet Files folder emptied: 5145285 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 705 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03072011_161718

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

jhrlng

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-03-07
Operating System : 2003 vista

View user profile

Back to top Go down

Re: Your in Danger Virus

Post by jhrlng on Tue 08 Mar 2011, 9:24 am

Here is the message that I found after the computer rebooted.

jhrlng

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-03-07
Operating System : 2003 vista

View user profile

Back to top Go down

Re: Your in Danger Virus

Post by Gabethebabe on Tue 08 Mar 2011, 8:28 pm

OK - that looks fine. Still some work to do.

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
  • Go to Start > Control Panel
  • Double-click on Add or Remove Programs
  • Look for entries that say Java, Java RunTime Environment or J2SE.
  • Uninstall all of them that are not named Java (TM) 6 Update 24

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 24).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.


====================

You have an old version installed of Adobe Reader. This old version has security issues.
I recommend that you uninstall Adobe Reader through Start > Control Panel > Add or Remove Programs.
After that you should install a PDF reader that is more secure.
Please note that Adobe Reader has a history of security issues and is a prime target for malware writers due to its popularity. You might want to consider installing a non-Adobe PDF reader. Your choice!
  • Adobe Reader 10.0.
  • SumatraPDF. Very small and very light PDF viewer.
  • PDF XChange. Also available in 64-bit version if you have a 64-bit OS. Can be installed as portable.


====================

Time to use ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit this webpage and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Your in Danger Virus

Post by jhrlng on Wed 09 Mar 2011, 2:12 pm

ComboFix 11-03-08.03 - Jess 03/08/2011 20:40:26.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.166 [GMT -6:00]
Running from: c:\users\Jess\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Quicktime\QTTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
.
.
2011-03-09 02:56 . 2011-03-09 02:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-03-09 02:56 . 2011-03-09 02:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-09 01:53 . 2011-03-09 01:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-03-09 01:25 . 2011-03-09 01:25 -------- d-----w- c:\program files\Common Files\Java
2011-03-09 01:17 . 2011-03-09 01:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-09 01:05 . 2011-03-09 01:05 885024 ----a-w- c:\program files\JavaSetup6u24.exe
2011-03-07 16:47 . 2011-03-07 16:47 -------- d-----w- C:\_OTL
2011-02-23 09:03 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-23 09:03 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-23 09:03 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-23 09:03 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-23 09:03 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-23 09:03 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-12 23:17 . 2011-02-12 23:20 -------- d-----w- C:\e932e3846f55c57f9647
2011-02-10 14:00 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-10 14:00 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-10 14:00 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 15:55 . 2011-01-11 21:09 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-11 21:09 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2007-11-13 1052672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-01-26 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-10 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SMART Board Tools.lnk]
backup=c:\windows\pss\SMART Board Tools.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jess^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2007-11-13 15:00 1052672 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-01-26 02:38 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Board Service]
2008-04-03 08:13 2106664 ----a-w- c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMARTSNMPAgent.exe]
2008-04-03 08:14 1008936 ----a-w- c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-15 00:07 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-01-26 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2007-08-18 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2007-08-18 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2007-08-18 39936]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [2007-08-18 59520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-28 73728]
S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\printer\center\KodakSvc.exe [2007-12-13 18944]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2008-04-03 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2008-04-03 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2008-04-03 16808]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
termsvc REG_MULTI_SZ swoko
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-09 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-04-11 19:54]
.
2011-03-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-15 01:04]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 11:34]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 11:34]
.
2011-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534160066-1174420898-3348599328-1000Core.job
- c:\users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 00:45]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534160066-1174420898-3348599328-1000UA.job
- c:\users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 00:45]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-03-08 20:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-08 21:09:32
ComboFix-quarantined-files.txt 2011-03-09 03:09
ComboFix2.txt 2010-04-11 02:26
.
Pre-Run: 88,984,174,592 bytes free
Post-Run: 88,641,818,624 bytes free
.
- - End Of File - - 6387EE866B7A163C56716D5C2E69176D

jhrlng

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-03-07
Operating System : 2003 vista

View user profile

Back to top Go down

Re: Your in Danger Virus

Post by Gabethebabe on Wed 09 Mar 2011, 9:57 pm

Looks pretty good. Lets run a (hopefully) final scan with ESET Online Scanner. Please make sure you are logged in as a user with administrator rights and proceed with the following steps:
  • Use Internet Explorer to browse to the ESET Online Scanner webpage
  • Click the green ESET Online Scanner button
  • A popup window will open
  • Accept the terms of use and click Start
  • Internet Explorer probably informs you that ESET tries to install an add-on. Allow that.
  • UNSELECT the Remove all threats option.
  • Click Start
  • When the scan has finished and threats were found, click List of found threats
  • Click Export to text file and save it as e.g. eset.txt on your desktop
  • Click Back
  • Select Uninstall application on close
  • Click Finish. ESET Online Scanner will now uninstall itself
  • Please post the contents of the eset.txt in your next reply.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Your in Danger Virus

Post by Sponsored content Today at 9:22 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum