infection OTL report

View previous topic View next topic Go down

infection OTL report

Post by Twist154 on 13th March 2011, 11:24 pm

OTL logfile created on: 3/13/2011 7:08:29 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Anthony Kalman\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456.59 Gb Total Space | 370.70 Gb Free Space | 81.19% Space Free | Partition Type: NTFS

Computer Name: ANTHONYKALMAN | User Name: Anthony Kalman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/13 19:04:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Anthony Kalman\Downloads\OTL.com
PRC - [2011/03/03 14:16:33 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/09 20:48:12 | 000,885,536 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Anthony Kalman\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
PRC - [2011/01/27 11:51:06 | 002,008,952 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Desktop.exe
PRC - [2011/01/27 11:51:05 | 007,626,104 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/01/27 11:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/01/27 11:28:38 | 000,108,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/03/13 19:04:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Anthony Kalman\Downloads\OTL.com
MOD - [2011/01/27 11:28:38 | 000,050,552 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\tv_w32.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 21:15:07 | 000,149,019 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crtdll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/13 23:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 23:28:54 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/10/13 23:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 22:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/07/17 13:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 16:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV - [2011/01/27 11:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/13 23:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 23:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 23:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 23:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/07/17 13:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 13:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 16:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 23:26:10 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/03 15:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/20 15:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 20:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/13 18:54:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/13 19:06:12 | 000,000,000 | ---D | M]

[2011/03/13 18:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony Kalman\AppData\Roaming\Mozilla\Extensions
[2011/01/31 21:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony Kalman\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/13 18:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony Kalman\AppData\Roaming\Mozilla\Firefox\Profiles\lnob3rdu.default\extensions
[2011/03/13 19:06:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/13 19:06:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101114122823.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101114122823.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.77.134 68.87.72.134
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ac8efe83-3cbe-11e0-b456-002564816c09}\Shell - "" = AutoRun
O33 - MountPoints2\{ac8efe83-3cbe-11e0-b456-002564816c09}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{cc53ad8d-0d44-11e0-9e38-002564816c09}\Shell - "" = AutoRun
O33 - MountPoints2\{cc53ad8d-0d44-11e0-9e38-002564816c09}\Shell\AutoRun\command - "" = E:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/13 19:09:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/03/13 19:06:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/03/13 19:06:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/03/13 19:06:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/03/13 18:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/13 18:53:03 | 000,000,000 | ---D | C] -- C:\Users\Anthony Kalman\AppData\Roaming\Malwarebytes
[2011/03/13 18:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/13 18:52:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/03/13 18:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/13 18:52:54 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/03/13 18:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/13 18:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/03/02 22:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\eBmGaPo06521
[2011/02/25 14:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/02/25 14:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/02/24 21:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2011/02/24 21:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2011/02/24 20:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011/02/24 20:45:47 | 000,000,000 | ---D | C] -- C:\Users\Anthony Kalman\AppData\Roaming\TeamViewer
[2011/02/22 19:24:06 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/22 19:24:06 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/22 19:24:06 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/22 19:24:06 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/13 21:23:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/13 19:14:37 | 000,000,000 | ---D | C] -- C:\Users\Anthony Kalman\AppData\Local\Microsoft Games
[2011/02/13 14:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2011/03/13 19:07:07 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/13 18:54:51 | 000,001,965 | ---- | M] () -- C:\Users\Anthony Kalman\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/13 18:54:51 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/13 18:54:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/13 18:54:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/13 18:53:54 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/13 18:53:54 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/13 18:53:54 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/13 18:52:58 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/13 18:47:15 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/13 18:46:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/13 18:46:50 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/26 00:48:18 | 000,416,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/24 21:45:22 | 000,001,212 | ---- | M] () -- C:\Users\Anthony Kalman\Desktop\IsoBuster.lnk
[2011/02/24 20:57:48 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/02/19 19:43:30 | 000,010,439 | ---- | M] () -- C:\Users\Anthony Kalman\Documents\v1home_offline.mht
[2011/02/19 19:43:21 | 000,842,768 | ---- | M] (Interactive Frontiers, Inc. ) -- C:\Users\Anthony Kalman\Documents\v1update.exe
[2011/02/13 21:23:21 | 376,110,271 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/03/13 18:54:51 | 000,001,965 | ---- | C] () -- C:\Users\Anthony Kalman\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/13 18:54:51 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/13 18:52:58 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/24 21:45:22 | 000,001,212 | ---- | C] () -- C:\Users\Anthony Kalman\Desktop\IsoBuster.lnk
[2011/02/24 20:57:48 | 000,001,176 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/02/24 20:57:48 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/02/13 21:23:21 | 376,110,271 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/16 12:26:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/19 13:33:07 | 000,005,632 | ---- | C] () -- C:\Users\Anthony Kalman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/06 10:13:43 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/10/06 10:13:43 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/10/06 10:13:43 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/10/06 10:13:41 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

Twist154
Novice
Novice

Posts Posts : 39
Joined Joined : 2009-08-29
Gender Gender : Male
OS OS : 7 Ultimate
Points Points : 26994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infection OTL report

Post by Crush on 14th March 2011, 1:51 am

Hi,

Are you having issues with this machine? Just posting an OTL doesn't tell us much. Unfortunately my crystal ball is broken so my mind reading powers aren't what they used to be

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum