Jump to content

trojan.bho.h; cannot access internet explorer;

kristen
 Share

Recommended Posts

kristen

kristen

Posted
Posted

I have been attempting to rid my computer of a trojan for about 2 weeks using malwarebytes. It began as "antispyware soft." I believe that is gone, however, I cannot delete this trojan. I have scanned and scanned and each time, a trojan is found and I select delete. It tells me it is deleted but, the next time I start my computer and scan, it is back again.

I have scanned in normal mode, safe mode and safe mode with networking. No difference. I updated Malware as well.

I cannot access the internet with either IE or Chrome. I can use Firefox, however, cannot download anything. I have downloaded all of the basic steps listed in the pinned post on a flash drive and can run them from the flash drive. I ran a scan with AVIRA and posted the log here.

My log from the last malware scan:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4175

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18904

6/7/2010 11:43:23 AM

mbam-log-2010-06-07 (11-43-23).txt

Scan type: Quick scan

Objects scanned: 126899

Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Kristen\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> Quarantined and deleted successfully.

My log from the last avira scan:

Avira AntiVir Personal

Report file date: Monday, June 07, 2010 15:57

Scanning for 1990003 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista x64

Windows version : (Service Pack 1) [6.0.6001]

Boot mode : Normally booted

Username : Kristen

Computer name : KRISTEN-LAPTOP

Version information:

BUILD.DAT : 10.0.0.567 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03

VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 16:29:03

VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 16:29:03

VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 16:29:03

VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 16:29:03

VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 16:29:03

VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 16:29:03

VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 16:29:03

VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 16:29:03

VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 20:43:21

VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 20:24:21

VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 22:41:40

VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 14:25:53

VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 14:39:58

VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 18:01:24

VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 15:24:56

VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 12:04:23

VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 14:23:02

VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 22:47:50

VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 00:11:22

VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 22:53:48

VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 18:56:47

VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 10:56:20

VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 14:43:55

VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 14:59:22

VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 17:43:17

VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 17:43:17

VBASE031.VDF : 7.10.6.62 17408 Bytes 4/12/2010 17:43:17

Engineversion : 8.2.1.210

AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 17:16:21

AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 21:05:26

AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 23:38:41

AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 16:09:47

AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 16:09:47

AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51

AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 16:09:46

AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 23:43:13

AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25

AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 21:05:25

AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 14:04:22

AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 21:05:25

AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 17:15:06

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:

Jobname.............................: Local Drives

Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:, F:, E:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: Intelligent file selection

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Monday, June 07, 2010 15:57

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'hpwuschd2.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned

Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned

Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned

Scan process 'QPService.exe' - '1' Module(s) have been scanned

Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned

Scan process 'SSScheduler.exe' - '1' Module(s) have been scanned

Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Master boot sector HD1

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Boot sector 'D:\'

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Boot sector 'F:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '762' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\Users\Kristen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\52393bc5-684cce98

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/OpenStre.ibs.3 Java virus

--> myf/y/AppletX.class

[DETECTION] Contains recognition pattern of the JAVA/OpenStre.ibs.3 Java virus

--> myf/y/DznegdF.class

[DETECTION] Contains recognition pattern of the JAVA/OpenStre.ibs.2 Java virus

--> myf/y/LoaderX.class

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.ibs Java virus

Begin scan in 'D:\' <HP_RECOVERY>

Begin scan in 'F:\' <UDISK>

Begin scan in 'E:\' <Jun 03 2010>

Beginning disinfection:

C:\Users\Kristen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\52393bc5-684cce98

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.ibs Java virus

[NOTE] The file was moved to the quarantine directory under the name '4812c7ee.qua'.

End of the scan: Monday, June 07, 2010 17:22

Used time: 1:23:20 Hour(s)

The scan has been done completely.

37240 Scanned directories

562251 Files were scanned

3 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

562248 Files not concerned

3767 Archives were scanned

0 Warnings

1 Notes

My Log from DDS

DDS (Ver_10-03-17.01) - NTFSX64

Run by Kristen at 23:06:15.71 on Mon 06/07/2010

Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_12

Microsoft

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)

Link to post
Share on other sites
kristen

kristen

Posted
  • Author
Posted

Elise, thank you so much for responding. I appreciate any advice/help you can offer.

My computer has a trojan that I simply cannot get rid of. About 2 weeks ago, I was infected with "antispyware soft." I believe that is gone, however, I cannot delete this trojan. I have scanned and scanned and each time, a trojan is found and I select delete. It tells me it is deleted but, the next time I start my computer and scan, it is back again.

I have scanned in normal mode, safe mode and safe mode with networking. No difference. I updated Malware several times as well.

I cannot access the internet with either IE or Chrome. I can use Firefox. I was unable previously to download through firefox, however, this morning, I could download and run the otl program you listed in your response. I have downloaded all of the basic steps listed in the pinned post on a flash drive and can run them from the flash drive. I ran a scan with AVIRA and posted the log here.

My log from the last malware scan:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4175

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18904

6/7/2010 11:43:23 AM

mbam-log-2010-06-07 (11-43-23).txt

Scan type: Quick scan

Objects scanned: 126899

Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Kristen\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> Quarantined and deleted successfully.

My log from the last avira scan:

Avira AntiVir Personal

Report file date: Monday, June 07, 2010 15:57

Scanning for 1990003 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista x64

Windows version : (Service Pack 1) [6.0.6001]

Boot mode : Normally booted

Username : Kristen

Computer name : KRISTEN-LAPTOP

Version information:

BUILD.DAT : 10.0.0.567 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03

VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 16:29:03

VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 16:29:03

VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 16:29:03

VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 16:29:03

VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 16:29:03

VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 16:29:03

VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 16:29:03

VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 16:29:03

VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 20:43:21

VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 20:24:21

VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 22:41:40

VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 14:25:53

VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 14:39:58

VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 18:01:24

VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 15:24:56

VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 12:04:23

VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 14:23:02

VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 22:47:50

VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 00:11:22

VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 22:53:48

VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 18:56:47

VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 10:56:20

VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 14:43:55

VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 14:59:22

VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 17:43:17

VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 17:43:17

VBASE031.VDF : 7.10.6.62 17408 Bytes 4/12/2010 17:43:17

Engineversion : 8.2.1.210

AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 17:16:21

AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 21:05:26

AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 23:38:41

AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 16:09:47

AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 16:09:47

AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51

AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 16:09:46

AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 23:43:13

AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25

AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 21:05:25

AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 14:04:22

AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 21:05:25

AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 17:15:06

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:

Jobname.............................: Local Drives

Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:, F:, E:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: Intelligent file selection

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Monday, June 07, 2010 15:57

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'hpwuschd2.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned

Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned

Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned

Scan process 'QPService.exe' - '1' Module(s) have been scanned

Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned

Scan process 'SSScheduler.exe' - '1' Module(s) have been scanned

Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Master boot sector HD1

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Boot sector 'D:\'

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Boot sector 'F:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '762' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\Users\Kristen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\52393bc5-684cce98

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/OpenStre.ibs.3 Java virus

--> myf/y/AppletX.class

[DETECTION] Contains recognition pattern of the JAVA/OpenStre.ibs.3 Java virus

--> myf/y/DznegdF.class

[DETECTION] Contains recognition pattern of the JAVA/OpenStre.ibs.2 Java virus

--> myf/y/LoaderX.class

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.ibs Java virus

Begin scan in 'D:\' <HP_RECOVERY>

Begin scan in 'F:\' <UDISK>

Begin scan in 'E:\' <Jun 03 2010>

Beginning disinfection:

C:\Users\Kristen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\52393bc5-684cce98

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.ibs Java virus

[NOTE] The file was moved to the quarantine directory under the name '4812c7ee.qua'.

End of the scan: Monday, June 07, 2010 17:22

Used time: 1:23:20 Hour(s)

The scan has been done completely.

37240 Scanned directories

562251 Files were scanned

3 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

562248 Files not concerned

3767 Archives were scanned

0 Warnings

1 Notes

My Log from DDS

DDS (Ver_10-03-17.01) - NTFSX64

Run by Kristen at 23:06:15.71 on Mon 06/07/2010

Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_12

Microsoft

ark___Shortcut.zip

Attach___Shortcut.zip

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello again,

Lets first cleanup some malware leftovers and questionable programs. When done with the steps below see if you can use Internet explorer.

Please uninstall Dealio Toolbar using Add/Remove programs.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    IE - HKU\S-1-5-21-73090619-4073369351-446672036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-73090619-4073369351-446672036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-73090619-4073369351-446672036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\Kristen\AppData\Local\Temp\low\CouponBarIE.dll File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    [2010/05/23 15:10:11 | 000,000,000 | ---D | C] -- C:\Users\Kristen\AppData\Local\djvumilwi

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites
kristen

kristen

Posted
  • Author
Posted

Elise, thank you for the continued help!

I unistalled Dealio toolbar, then ran the fix in OTL. IE is working again.

OTL Log:

All processes killed

========== OTL ==========

HKU\S-1-5-21-73090619-4073369351-446672036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-21-73090619-4073369351-446672036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\S-1-5-21-73090619-4073369351-446672036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

C:\Users\Kristen\AppData\Local\djvumilwi folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Kristen

->Temp folder emptied: 31295358 bytes

->Temporary Internet Files folder emptied: 333096 bytes

->Java cache emptied: 111048912 bytes

->FireFox cache emptied: 38954157 bytes

->Google Chrome cache emptied: 63772338 bytes

->Flash cache emptied: 434 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 22016 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2869365365 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 14133111 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 7623836 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 232832789 bytes

Total Files Cleaned = 3,213.00 mb

OTL by OldTimer - Version 3.2.5.3 log created on 06082010_105910

Files\Folders moved on Reboot...

C:\Users\Kristen\AppData\Local\Temp\ehmsas.txt moved successfully.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLSUK6V5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZT1I5QD\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGQ8PJBU\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GVK5HCTK\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Please let me know how things are running now.

Please rerun OTL, and copy paste the following text into the "custom scan/fix" field. Click the NONE button and then RUN SCAN. Post me the resulting log.

/md5start
iastor.sys
usbvideo.sys
sdbus.sys 
/md5stop

Link to post
Share on other sites
kristen

kristen

Posted
  • Author
Posted

Re-ran OTL

Log file:

OTL logfile created on: 6/8/2010 11:20:27 AM - Run 2

OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Kristen\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.23 Gb Total Space | 157.20 Gb Free Space | 55.11% Space Free | Partition Type: NTFS

Drive D: | 12.86 Gb Total Space | 2.46 Gb Free Space | 19.13% Space Free | Partition Type: NTFS

Drive E: | 4.38 Gb Total Space | 4.37 Gb Free Space | 99.88% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: KRISTEN-LAPTOP

Current User Name: Kristen

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Custom Scans ==========

< MD5 for: IASTOR.SYS >

[2007/09/29 19:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\SWSetup\Drivers\ITM\Winall\Driver64\IaStor.sys

[2008/04/15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2007/09/29 19:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\SWSetup\Drivers\ITM\Winall\Driver\IaStor.sys

< MD5 for: SDBUS.SYS >

[2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=B42EE50F7D24F837F925332EB349ECA5 -- C:\Windows\winsxs\amd64_sdbus.inf_31bf3856ad364e35_6.0.6001.18000_none_ce01584782b48310\sdbus.sys

[2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=BE100BC2BE2513314C717BB2C4CFFF10 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_sdbus.inf_31bf3856ad364e35_6.0.6002.18005_none_cfecd1537fd64e5c\sdbus.sys

< MD5 for: USBVIDEO.SYS >

[2008/01/20 22:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) MD5=FC33099877790D51B0927B7039059855 -- C:\Windows\winsxs\amd64_usbvideo.inf_31bf3856ad364e35_6.0.6001.18000_none_8a1a8c0872f13b76\usbvideo.sys

< End of report >

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Can you please let me know how things are running now. I see some very strange things and I am not sure if it is malware related or not.

UPLOAD A FILE

--------------------

We need to check a file. Please click this link VirusTotal

When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.

C:\Windows\SysNative\DRIVERS\iaStor.sys

If you get the message that the file has already been scanned before, please click Reanalyse file now.

Please post back the results of the scan in your next post.

Link to post
Share on other sites
kristen

kristen

Posted
  • Author
Posted

Ouch, not what I was hoping to hear. Thank you for sticking with me though!

I ran malwarebytes and it again found the trojan. I deleted, restarted my computer and ran it again. It is still there.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4177

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18904

6/8/2010 12:38:28 PM

mbam-log-2010-06-08 (12-38-28).txt

Scan type: Quick scan

Objects scanned: 126637

Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Kristen\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> Quarantined and deleted successfully.

I attempted to upload the file you listed using Virus Total. I was unable to. My system does not have a folder named C:\Windows\SysNative\DRIVERS\iaStor.sys

I do have

C:\Windows\system (no driver files in this folder)

C:\Windows\System32 (driver and driver store files in this folder but, no file labled 'iastor.sys')

C:\Windows\SysWOW64 (driver and driver store files in this folder but, no file labled 'iastor.sys')

I searched my computer for the term 'iastor.sys' using the start menu search function. The only place it appears is in the OTL log.

As far as your question regarding how the computer is running, it seems to be running ok right now. I dont have the pop ups anymore and I was able to open and use IE as well.

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hi, its not necessarily malware I'm seeing, just something weird. As you said, no Sysnative folder, however OTL sees drivers running from this folder.

I would like to have a deeper look here.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

Link to post
Share on other sites
kristen

kristen

Posted
  • Author
Posted

I must be doing something wrong. I cannot do the last instructions either.

I downloaded the otlpenet.exe file onto a blank cd. I rebooted and the REATOGO-X-PE desktop appeared. However, double clicking on the otlpe icon produces the following:

4682797447_f96cdd8efb.jpg

Sorry for the iphone photo... I couldnt do a screen shot and cannot access the internet through the laptop.

So, there are no options to "Automatically load all remaining users."

When I click on any of the options here and select OK (hoping it would bring me to the screen you talked about) I get one of two responses: 1. No Windows installation found. 2. Target is not Windows 2000 or later.

Link to post
Share on other sites
kristen

kristen

Posted
  • Author
Posted

Ha! I must have clicked all the others but that one...figures ;)

Again, I appreciate the help so far!

here is the otl.txt log

OTL logfile created on: 6/9/2010 9:22:16 AM - Run

OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE

64bit-Windows Vista Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.23 Gb Total Space | 157.14 Gb Free Space | 55.09% Space Free | Partition Type: NTFS

Drive D: | 12.86 Gb Total Space | 2.46 Gb Free Space | 19.16% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2006/11/02 07:16:35 | 000,051,200 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\bthserv.dll -- (BthServ)

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008/11/30 23:59:04 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/07/27 14:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/08/31 12:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/08/23 15:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [On_Demand] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)

SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)

SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2008/04/15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2008/01/20 22:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)

DRV:64bit: - [2008/01/20 22:47:27 | 000,185,912 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV:64bit: - [2008/01/20 22:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)

DRV:64bit: - [2008/01/20 22:47:26 | 000,078,392 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV:64bit: - [2008/01/20 22:47:25 | 000,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV:64bit: - [2008/01/20 22:47:01 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV:64bit: - [2008/01/20 22:47:00 | 000,091,192 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV:64bit: - [2008/01/20 22:46:59 | 000,397,368 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV:64bit: - [2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV:64bit: - [2008/01/20 22:46:59 | 000,047,672 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV:64bit: - [2008/01/20 22:46:59 | 000,035,896 | ---- | M] (LSI Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV:64bit: - [2008/01/20 22:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTDPV6.SYS -- (HSF_DPV)

DRV:64bit: - [2008/01/20 22:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTCNXT6.SYS -- (winachsf)

DRV:64bit: - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTAZL6.SYS -- (HSFHWAZL)

DRV:64bit: - [2008/01/20 22:46:56 | 000,438,328 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV:64bit: - [2008/01/20 22:46:56 | 000,284,728 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV:64bit: - [2008/01/20 22:46:56 | 000,146,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G6032E.sys -- (E1G60) Intel®

DRV:64bit: - [2008/01/20 22:46:56 | 000,105,016 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2008/01/20 22:46:54 | 000,342,584 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV:64bit: - [2008/01/20 22:46:54 | 000,128,056 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV:64bit: - [2008/01/20 22:46:54 | 000,126,520 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV:64bit: - [2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV:64bit: - [2008/01/20 22:46:53 | 000,486,456 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV:64bit: - [2008/01/20 22:46:52 | 001,221,176 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV:64bit: - [2008/01/20 22:46:52 | 000,174,696 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV:64bit: - [2008/01/20 22:46:52 | 000,090,680 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV:64bit: - [2008/01/20 22:46:52 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2008/01/20 22:46:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Dot4Scan.sys -- (Dot4Scan)

DRV:64bit: - [2008/01/20 22:46:51 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV:64bit: - [2008/01/20 22:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)

DRV:64bit: - [2008/01/20 22:46:50 | 000,018,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV:64bit: - [2008/01/20 22:46:50 | 000,018,024 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV:64bit: - [2008/01/20 22:46:50 | 000,015,976 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV:64bit: - [2008/01/18 07:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2007/09/17 19:17:46 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2007/09/13 11:27:10 | 007,041,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2007/07/11 13:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)

DRV:64bit: - [2007/06/28 11:09:56 | 003,148,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v64.sys -- (NETw4v64) Intel®

DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2007/03/26 22:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2007/03/19 15:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2007/03/12 20:31:08 | 001,054,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTKVHD64.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV:64bit: - [2007/02/27 19:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2007/01/17 09:48:30 | 001,455,616 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV:64bit: - [2006/11/02 08:03:03 | 000,051,816 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV:64bit: - [2006/11/02 08:02:52 | 000,049,256 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV:64bit: - [2006/11/02 08:02:47 | 000,048,232 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV:64bit: - [2006/11/02 08:02:39 | 000,044,648 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV:64bit: - [2006/11/02 08:02:37 | 000,044,648 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV:64bit: - [2006/11/02 08:02:24 | 000,039,016 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV:64bit: - [2006/11/02 08:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV:64bit: - [2006/11/02 08:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV:64bit: - [2006/11/02 07:50:54 | 000,148,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV:64bit: - [2006/11/02 07:50:27 | 000,124,008 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV:64bit: - [2006/11/02 07:50:06 | 000,088,168 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV:64bit: - [2006/11/02 04:43:25 | 000,086,528 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV:64bit: - [2006/11/02 01:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)

DRV:64bit: - [2006/10/09 22:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm60x64.sys -- (NVENETFD)

DRV:64bit: - [2006/10/06 22:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XV)

DRV:64bit: - [2006/09/19 07:42:33 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV:64bit: - [2006/09/18 17:30:18 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV:64bit: - [2006/09/18 17:30:18 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV:64bit: - [2006/09/18 17:30:15 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV:64bit: - [2006/09/18 17:30:15 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2008/11/20 10:38:36 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Kristen_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE - HKU\Kristen_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\Kristen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Kristen_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKU\Kristen_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\Kristen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {50DC701A-B9AD-4CEA-BC14-6803E5292123}:1.9.1

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

[2008/12/17 10:56:19 | 000,000,000 | ---D | M] -- C:\Users\Kristen\AppData\Roaming\Mozilla\Extensions

[2010/06/07 18:49:07 | 000,000,000 | ---D | M] -- C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\87y62yml.default\extensions

[2009/10/24 08:51:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\87y62yml.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/08/18 18:54:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/06/08 11:00:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

[2010/06/08 11:00:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\search@searchsettings.com

[2010/03/12 22:33:24 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\Kristen\AppData\Local\Temp\low\COUPON~1.DLL File not found

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\5.0.375.62\npchrome_frame.dll (Google Inc.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3:64bit: - HKU\Kristen_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\Kristen_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpqSRMon] File not found

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QlbCtrl] File not found

O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\Kristen_ON_C..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\LocalService_ON_C..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - Startup: C:\Users\Kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O8:64bit: - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm ()

O8:64bit: - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm ()

O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pnimedia.com/upload/acti...veX_Control.cab (Photo Upload Plugin Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\cf - No CLSID value found

O18:64bit: - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\cf - No CLSID value found

O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\5.0.375.62\npchrome_frame.dll (Google Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Pictures\white linen.jpg

O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Pictures\white linen.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{172554f2-e240-11de-a678-001e689bcae4}\Shell\AutoRun\command - "" = F:\Installer.exe -- File not found

O33 - MountPoints2\{3be7f8cb-c0e6-11dd-b658-001e689bcae4}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe -- File not found

O33 - MountPoints2\{e47f21db-6f33-11df-9d66-001e689bcae4}\Shell - "" = AutoRun

O33 - MountPoints2\{e47f21db-6f33-11df-9d66-001e689bcae4}\Shell\AutoRun\command - "" = G:\DTVP_Launcher.exe -- File not found

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found

64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/08 16:25:34 | 126,850,486 | ---- | C] (Igor Pavlov) -- C:\Users\Kristen\Desktop\OTLPENet.exe

[2010/06/08 10:59:10 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/06/08 09:06:51 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Kristen\Desktop\OTL.exe

[2010/06/07 15:56:24 | 000,000,000 | ---D | C] -- C:\Users\Kristen\AppData\Roaming\Avira

[2010/06/07 15:52:53 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2010/06/07 15:52:53 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2010/06/07 15:52:53 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys

[2010/06/07 15:52:53 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys

[2010/06/07 15:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2010/06/05 16:39:00 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kristen\Desktop\test.exe

[2010/05/13 08:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2010/05/10 15:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/05/10 15:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/05/10 15:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010/05/10 15:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010/05/10 14:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/01/26 22:06:18 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfserv.dll

[2010/01/26 22:06:18 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfusb1.dll

[2010/01/26 22:06:18 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfhbn3.dll

[2010/01/26 22:06:18 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomc.dll

[2010/01/26 22:06:18 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpmui.dll

[2010/01/26 22:06:18 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbflmpm.dll

[2010/01/26 22:06:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomm.dll

[2010/01/26 22:06:18 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfinpa.dll

[2010/01/26 22:06:18 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfiesc.dll

[2010/01/26 22:06:18 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfprox.dll

[2010/01/26 22:06:18 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpplc.dll

[2 C:\Users\Kristen\Documents\*.tmp files -> C:\Users\Kristen\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/08 16:32:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/08 16:32:24 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/08 16:32:24 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/08 16:32:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/06/08 16:32:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/08 16:32:18 | 002,034,519 | -H-- | M] () -- C:\Users\Kristen\AppData\Local\IconCache.db

[2010/06/08 16:30:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-73090619-4073369351-446672036-1000UA.job

[2010/06/08 16:25:34 | 126,850,486 | ---- | M] (Igor Pavlov) -- C:\Users\Kristen\Desktop\OTLPENet.exe

[2010/06/08 13:36:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/08 12:32:06 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/06/08 12:32:06 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/06/08 12:32:06 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/06/08 12:27:19 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/08 12:26:56 | 4284,932,096 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/08 09:30:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-73090619-4073369351-446672036-1000Core.job

[2010/06/08 09:06:54 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Kristen\Desktop\OTL.exe

[2010/06/08 00:09:05 | 000,000,473 | ---- | M] () -- C:\Users\Kristen\Desktop\ark - Shortcut.zip

[2010/06/08 00:08:48 | 000,000,492 | ---- | M] () -- C:\Users\Kristen\Desktop\Attach - Shortcut.zip

[2010/06/08 00:06:21 | 000,000,493 | ---- | M] () -- C:\Users\Kristen\Desktop\ark - Shortcut.lnk

[2010/06/07 23:23:41 | 000,000,512 | ---- | M] () -- C:\Users\Kristen\Desktop\Attach - Shortcut.lnk

[2010/06/07 23:22:33 | 000,000,493 | ---- | M] () -- C:\Users\Kristen\Desktop\DDS - Shortcut.lnk

[2010/06/07 23:04:19 | 000,016,257 | ---- | M] () -- C:\Users\Kristen\Documents\malware.docx

[2010/06/07 10:11:09 | 000,005,864 | ---- | M] () -- C:\Users\Kristen\AppData\Local\d3d9caps.dat

[2010/06/05 10:50:52 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kristen\Desktop\test.exe

[2010/06/03 15:39:48 | 000,010,240 | ---- | M] () -- C:\Users\Kristen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/03 13:33:10 | 000,002,052 | ---- | M] () -- C:\Users\Kristen\Desktop\Google Chrome.lnk

[2010/05/28 16:30:30 | 000,000,732 | ---- | M] () -- C:\Users\Kristen\AppData\Local\d3d9caps64.dat

[2 C:\Users\Kristen\Documents\*.tmp files -> C:\Users\Kristen\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/08 00:09:05 | 000,000,473 | ---- | C] () -- C:\Users\Kristen\Desktop\ark - Shortcut.zip

[2010/06/08 00:08:48 | 000,000,492 | ---- | C] () -- C:\Users\Kristen\Desktop\Attach - Shortcut.zip

[2010/06/08 00:06:21 | 000,000,493 | ---- | C] () -- C:\Users\Kristen\Desktop\ark - Shortcut.lnk

[2010/06/07 23:23:41 | 000,000,512 | ---- | C] () -- C:\Users\Kristen\Desktop\Attach - Shortcut.lnk

[2010/06/07 23:22:33 | 000,000,493 | ---- | C] () -- C:\Users\Kristen\Desktop\DDS - Shortcut.lnk

[2010/06/07 19:07:35 | 4284,932,096 | -HS- | C] () -- C:\hiberfil.sys

[2010/06/07 17:29:39 | 000,016,257 | ---- | C] () -- C:\Users\Kristen\Documents\malware.docx

[2010/06/07 15:49:22 | 000,428,018 | ---- | C] () -- C:\Users\Kristen\AppData\Local\dd_vcredistMSI0C4A.txt

[2010/06/07 15:49:22 | 000,011,670 | ---- | C] () -- C:\Users\Kristen\AppData\Local\dd_vcredistUI0C4A.txt

[2010/05/28 16:30:30 | 000,000,732 | ---- | C] () -- C:\Users\Kristen\AppData\Local\d3d9caps64.dat

[2010/04/24 15:04:27 | 000,000,120 | ---- | C] () -- C:\Users\Kristen\AppData\Local\Vruwukedomigiv.dat

[2010/04/24 15:04:27 | 000,000,000 | ---- | C] () -- C:\Users\Kristen\AppData\Local\Oqexub.bin

[2010/04/24 15:02:33 | 000,000,020 | ---- | C] () -- C:\Users\Kristen\AppData\Roaming\kcmdte.dat

[2010/01/26 22:06:18 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbfutil.dll

[2010/01/26 22:06:18 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBFinst.dll

[2009/11/16 15:51:21 | 000,024,226 | ---- | C] () -- C:\Users\Kristen\AppData\Roaming\UserTile.png

[2008/12/13 20:15:13 | 000,005,864 | ---- | C] () -- C:\Users\Kristen\AppData\Local\d3d9caps.dat

[2008/12/02 23:20:19 | 000,010,240 | ---- | C] () -- C:\Users\Kristen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/29 23:38:58 | 000,000,000 | ---- | C] () -- C:\Users\Kristen\AppData\Local\QSwitch.txt

[2008/11/29 23:38:58 | 000,000,000 | ---- | C] () -- C:\Users\Kristen\AppData\Local\DSwitch.txt

[2008/11/29 23:38:58 | 000,000,000 | ---- | C] () -- C:\Users\Kristen\AppData\Local\AtStart.txt

[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2007/09/13 11:25:52 | 001,238,832 | ---- | C] () -- C:\Windows\SysWow64\igmedkrn.dll

[2007/09/13 11:25:52 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll

[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll

========== LOP Check ==========

[2010/04/19 17:19:04 | 000,000,000 | ---D | M] -- C:\Users\Kristen\AppData\Roaming\Amazon

[2010/01/22 17:48:18 | 000,000,000 | ---D | M] -- C:\Users\Kristen\AppData\Roaming\com.StudioCloud.Desktop.3.F2DAE273367737D97F8409B8C86CCCEDC39FC38E.1

[2010/03/12 22:33:24 | 000,000,000 | ---D | M] -- C:\Users\Kristen\AppData\Roaming\E-centives

[2009/06/07 16:55:44 | 000,000,000 | ---D | M] -- C:\Users\Kristen\AppData\Roaming\GetRightToGo

[2009/05/02 16:10:54 | 000,000,000 | ---D | M] -- C:\Users\Kristen\AppData\Roaming\MSNInstaller

[2009/11/16 15:51:21 | 000,000,000 | ---D | M] -- C:\Users\Kristen\AppData\Roaming\PeerNetworking

[2010/06/08 16:32:24 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello there,

That looks good. All drivers that seemed unsigned on an earlier scan, look perfectly fine here ;)

The only thing is the coupon toolbar that needs taken care of.

Please reboot from the OTLPE CD and start OTLPE. If asked select your Windows folder.

Copy/paste the following text into the "custom scan/fix" field and click Run Fix.

:otl
O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\Kristen\AppData\Local\Temp\low\COUPON~1.DLL File not found

:commands
[emptytemp]

When done reboot normally and run an MBAM quick scan. Post me the results.

Link to post
Share on other sites
kristen

kristen

Posted
  • Author
Posted

Thank you SO much! I really do appreciate your help and you sticking with me through my stupidity!

You didnt ask for it but, in case you need it,

my otl log before rebooting in normal mode:

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Kristen

->Temp folder emptied: 38419 bytes

->Temporary Internet Files folder emptied: 723249 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 434 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 1.00 mb

OTLPE by OldTimer - Version 3.1.39.0 log created on 06092010_162928

And, my malwarebytes log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4177

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18904

6/9/2010 4:56:11 PM

mbam-log-2010-06-09 (16-56-11).txt

Scan type: Quick scan

Objects scanned: 126634

Time elapsed: 11 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hi again, that is looking good now :)

Lets do a few final things to make sure everything is updated and a last double check for any malware leftovers.

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    2. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    3. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    4. Check esetAcceptTerms.png
    5. Click the esetStart.png button.
    6. Accept any security warnings from your browser.
    7. Check esetScanArchives.png
    8. Push the Start button.
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, push esetListThreats.png
    11. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    12. Push the esetBack.png button.
    13. Push esetFinish.png


      Finally, visit the Windows Update site and install all latest updates for your Vista installation, including Service Pack 2.
      When done, let me know if you have any issues left.
Link to post
Share on other sites
Elise

Elise

Posted
Posted

Well done :)

That ESET detection is nothing to worry about. Unless you have any problems left, you are good to go!

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Run OTL and click the Cleanup button. Allow a reboot. This will remove all tools and logs we used during the fix.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept