Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old May 8th, 2012, 02:17 AM
Jerry56 Jerry56 is offline
Senior Member
 
Join Date: Jul 2007
Posts: 941
Thumbs up Suspect Virus

I have a Dell dimension 2400 with window xp and i suspect that it may have a virus because lately its running slow and i didn't make any changes to it lately.
Reply With Quote


  #2  
Old May 9th, 2012, 12:43 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,513
Hello Jerry56,

Let's take a look.


To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


A lot, but comprehensive, and will make sure we get a good view of everything.
Reply With Quote
  #3  
Old May 9th, 2012, 08:17 AM
Jerry56 Jerry56 is offline
Senior Member
 
Join Date: Jul 2007
Posts: 941
Thumbs up

I am posting result for Old timer Orl because when I ran GMER i got the blue screen of death.
OTL Extras logfile created on: 5/9/2012 1:13:52 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 73.45% Memory free
3.00 Gb Paging File | 2.67 Gb Available in Paging File | 88.94% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 16.47 Gb Free Space | 43.01% Space Free | Partition Type: NTFS
Drive F: | 6.00 Gb Total Space | 4.44 Gb Free Space | 74.09% Space Free | Partition Type: NTFS

Computer Name: DELL-8144AC8668 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-220523388-606747145-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"ShellNext" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"50001:UDP" = 50001:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm. exe
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:Bea rShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:v smon
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:Bea rShare
"C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe: *:EnabledTX broker
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052B-02A4-4627-81F2-1818DA5D550D}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E15C4B8-85FC-4539-94F2-8280C0B213A3}" = LeapFrog Tag Plugin
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{80AAD9DF-7E64-40D2-80D2-BECA41593EEB}" = AMT Media Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{C7DACB79-D0BE-477B-B63F-4BBF33F39B7A}" = TWC Client ActiveX Controls
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EDA40AA1-070C-48D1-9D77-50602BCDA95E}" = Verizon Download Manager
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"123 Free Solitaire_is1" = 123 Free Solitaire 2009 v7.1
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"AVI Codec Pack" = AVI Codec Pack
"Bingo Palace" = Bingo Palace 4.4
"CCleaner" = CCleaner
"CleanMem" = CleanMem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstaCodecs_is1" = InstaCodecs
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1" = Online Armor 5.5
"Picasa 3" = Picasa 3
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"RealPlayer 6.0" = RealPlayer
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UPCShell" = LeapFrog Connect
"VLC media player" = VLC media player 0.9.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update
"Yahtzee_is1" = Yahtzee 1.1.6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-220523388-606747145-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2012 3:53:58 AM | Computer Name = DELL-8144AC8668 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/30/2012 3:53:58 AM | Computer Name = DELL-8144AC8668 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17600156

Error - 4/30/2012 3:53:58 AM | Computer Name = DELL-8144AC8668 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17600156

Error - 4/30/2012 8:26:23 AM | Computer Name = DELL-8144AC8668 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/30/2012 8:26:23 AM | Computer Name = DELL-8144AC8668 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 33945093

Error - 4/30/2012 8:26:23 AM | Computer Name = DELL-8144AC8668 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 33945093

Error - 4/30/2012 6:05:01 PM | Computer Name = DELL-8144AC8668 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00012437.

Error - 5/2/2012 5:28:46 PM | Computer Name = DELL-8144AC8668 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00011053.

Error - 5/2/2012 5:29:29 PM | Computer Name = DELL-8144AC8668 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 5/7/2012 7:17:39 PM | Computer Name = DELL-8144AC8668 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 12.0.0.4493, faulting
module mozalloc.dll, version 12.0.0.4493, fault address 0x00001976.

[ System Events ]
Error - 4/30/2012 1:48:34 PM | Computer Name = DELL-8144AC8668 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SupportSoft Repair Service
(verizondm) service to connect.

Error - 4/30/2012 1:48:34 PM | Computer Name = DELL-8144AC8668 | Source = Service Control Manager | ID = 7000
Description = The SupportSoft Repair Service (verizondm) service failed to start
due to the following error: %%1053

Error - 4/30/2012 5:04:04 PM | Computer Name = DELL-8144AC8668 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{8AAB8BB5-5919-4762-A2FF-5D1DF2DC00FF}. The
backup browser is stopping.

Error - 5/5/2012 11:31:52 AM | Computer Name = DELL-8144AC8668 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IHA_MessageCenter service
to connect.

Error - 5/5/2012 11:31:52 AM | Computer Name = DELL-8144AC8668 | Source = Service Control Manager | ID = 7000
Description = The IHA_MessageCenter service failed to start due to the following
error: %%1053

Error - 5/6/2012 6:34:39 PM | Computer Name = DELL-8144AC8668 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IHA_MessageCenter service
to connect.

Error - 5/6/2012 6:34:39 PM | Computer Name = DELL-8144AC8668 | Source = Service Control Manager | ID = 7000
Description = The IHA_MessageCenter service failed to start due to the following
error: %%1053

Error - 5/6/2012 6:34:39 PM | Computer Name = DELL-8144AC8668 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SupportSoft Repair Service
(verizondm) service to connect.

Error - 5/6/2012 6:34:39 PM | Computer Name = DELL-8144AC8668 | Source = Service Control Manager | ID = 7000
Description = The SupportSoft Repair Service (verizondm) service failed to start
due to the following error: %%1053

Error - 5/8/2012 11:08:52 PM | Computer Name = DELL-8144AC8668 | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.


< End of report >
Reply With Quote
  #4  
Old May 9th, 2012, 08:18 AM
Jerry56 Jerry56 is offline
Senior Member
 
Join Date: Jul 2007
Posts: 941
Thumbs up

OTL logfile created on: 5/9/2012 1:13:52 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 73.45% Memory free
3.00 Gb Paging File | 2.67 Gb Available in Paging File | 88.94% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 16.47 Gb Free Space | 43.01% Space Free | Partition Type: NTFS
Drive F: | 6.00 Gb Total Space | 4.44 Gb Free Space | 74.09% Space Free | Partition Type: NTFS

Computer Name: DELL-8144AC8668 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/08 23:24:37 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/10 15:33:00 | 004,369,208 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2012/02/10 15:33:00 | 002,645,440 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2012/02/10 15:32:58 | 001,167,408 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2012/02/10 15:32:56 | 000,208,472 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2011/12/01 07:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/10/21 17:34:44 | 001,327,104 | ---- | M] (PcWinTech.com) -- C:\Program Files\CleanMem\Mini_Monitor.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/08 15:00:47 | 001,756,160 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12050801\algo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/07 09:31:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/02 11:46:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/10 15:33:00 | 004,369,208 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012/02/10 15:32:56 | 000,208,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMes sageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/12/01 07:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/12/01 07:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/04/16 10:03:12 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [On_Demand | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/02/10 15:33:38 | 000,042,152 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012/02/10 15:33:14 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2012/02/10 15:33:14 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2012/02/10 15:33:12 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/11/10 10:27:06 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/05/26 18:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationT ype=tb50-ie-aim-chromesbox-en-us
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&q={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-220523388-606747145-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/disp...b_id&%language
IE - HKU\S-1-5-21-220523388-606747145-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://excite.com/
IE - HKU\S-1-5-21-220523388-606747145-839522115-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\InprocServer32 File not found
IE - HKU\S-1-5-21-220523388-606747145-839522115-1003\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-220523388-606747145-839522115-1003\..\SearchScopes,DefaultScope = {26C34445-1B29-44FC-827B-98E8BE9022B9}
IE - HKU\S-1-5-21-220523388-606747145-839522115-1003\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationT ype=tb50-ie-aim-chromesbox-en-us
IE - HKU\S-1-5-21-220523388-606747145-839522115-1003\..\SearchScopes\{26C34445-1B29-44FC-827B-98E8BE9022B9}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-220523388-606747145-839522115-1003\..\SearchScopes\{7F13C478-C33A-44F4-B8BF-6CAB69B661AD}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111253,6901, 0,8,0
IE - HKU\S-1-5-21-220523388-606747145-839522115-1003\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80501 &lng=en
IE - HKU\S-1-5-21-220523388-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={s earchTerms}"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Google SSL"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.excite.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: treestyletab@piro.sakura.ne.jp:0.11.2011021901
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: caaphishtoolbar@ca.com:2.0.0.111
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {e50ada55-898b-4ea5-a392-aaeae55710f0}:3.3.2.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_20 2_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npF FApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: F:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1879: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1939: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.872: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/16 12:38:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/02 11:46:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/30 13:46:11 | 000,000,000 | ---D | M]

[2011/12/20 23:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/07/11 02:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/05/07 09:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adswz4t1.default\ext ensions
[2010/04/27 11:58:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adswz4t1.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/20 22:36:06 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adswz4t1.default\ext ensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2009/11/07 22:33:02 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adswz4t1.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/14 10:49:06 | 000,005,719 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adswz4t1.default\sea rchplugins\google-ssl.xml
[2011/12/20 22:35:15 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adswz4t1.default\sea rchplugins\Search_Results.xml
[2012/05/02 11:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/18 21:44:43 | 000,075,035 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ADSWZ4T1.DEFAULT\EXT ENSIONS\EXTENSIONLISTDUMPER@SOGAME.CAT.XPI
[2011/12/17 11:29:36 | 000,032,493 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ADSWZ4T1.DEFAULT\EXT ENSIONS\FANTAPPEREXTENSION@BRANDAFFINITY.NET.XPI
[2012/02/11 14:59:06 | 000,270,435 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ADSWZ4T1.DEFAULT\EXT ENSIONS\TREESTYLETAB@PIRO.SAKURA.NE.JP.XPI
[2012/05/02 11:46:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/29 18:37:35 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/01 14:01:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 22:35:15 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/11/09 13:22:57 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2011/07/19 21:14:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\win corebsdtx.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\win corebsdtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-220523388-606747145-839522115-1003\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKU\S-1-5-21-220523388-606747145-839522115-1003\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKU\S-1-5-21-220523388-606747145-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-21-220523388-606747145-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CleanMem Mini Monitor] C:\Program Files\CleanMem\Mini_Monitor.exe (PcWinTech.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-606747145-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-606747145-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-606747145-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-220523388-606747145-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-606747145-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{8AAB8BB5-5919-4762-A2FF-5D1DF2DC00FF}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/03 19:07:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 23:26:26 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/05/08 23:24:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/05/08 12:25:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/05/07 09:04:20 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/02 11:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/02 11:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/29 18:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/29 18:38:02 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/29 18:38:02 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/29 18:38:01 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/29 18:38:01 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/15 14:04:44 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012/04/12 14:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/04/12 14:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

========== Files - Modified Within 30 Days ==========

[2012/05/09 01:21:01 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Clean System Memory.job
[2012/05/09 00:40:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/08 23:26:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/05/08 23:25:13 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\o976rsxy.exe
[2012/05/08 23:24:37 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/05/08 23:16:20 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/08 12:22:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/05/07 09:31:45 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/07 09:31:45 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/06 18:32:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/05 02:01:05 | 000,039,818 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/05/03 22:45:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/30 13:02:28 | 000,000,499 | RHS- | M] () -- C:\boot.ini
[2012/04/29 18:37:33 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/29 18:37:33 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/29 18:37:32 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/29 18:37:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/29 18:37:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/28 13:14:42 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2012/04/14 17:03:36 | 000,027,909 | ---- | M] () -- C:\BUSINESS.CRD
[2012/04/13 14:34:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/11 09:15:38 | 000,426,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 09:15:37 | 000,065,562 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 08:44:12 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 08:41:27 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/04/11 08:38:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2012/05/08 23:25:12 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\o976rsxy.exe
[2012/05/07 09:04:24 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/28 13:14:42 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat_com.lnk
[2012/04/28 13:14:42 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2012/02/16 00:07:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/20 02:20:23 | 000,042,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/11/20 02:20:19 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/10/02 13:41:13 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/07 15:05:24 | 000,000,020 | ---- | C] () -- C:\WINDOWS\cmm.dat
[2011/05/06 18:45:32 | 001,872,624 | ---- | C] () -- C:\WINDOWS\System32\PUREPC.DLL
[2011/01/10 21:23:42 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\CleanMem.ini
[2010/06/25 07:43:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Owner\My Documents\Sydnie 2a 026.jpg:SummaryInformation

< End of report >
Reply With Quote
  #5  
Old May 10th, 2012, 12:26 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,513
You disabled Avast and Online Armor before the Gmer scan? I assume Online - I see the files, but not the uninstaller. I have seen where Avast and Online are not a good combination, and can cause issues.
Reply With Quote
  #6  
Old May 10th, 2012, 01:53 AM
Jerry56 Jerry56 is offline
Senior Member
 
Join Date: Jul 2007
Posts: 941
Thumbs up

I did disable anti-virus and Firewall before running Gmer but after about an hour the blue screen appear .
I had Alarm Zone fire wall before but someone from Cyber Tech advised me to change same. Do you have any other suggestion for firewall.?
Reply With Quote
  #7  
Old May 10th, 2012, 02:22 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,513
Let's hold off on firewall app suggestions right now. Avast, even the free version, really kinda duplicates a lot of that firewall protection, so if Online is installed, please temp disable all security software and uninstall it, rebooting after.

Just to check on that Gmer crash, navigate (right click My Computer, left click Explore) to the following folder:

c:\windows\minidump

And if one is there, locate in it any recent minidump(date-somenumber).dmp files created, where "date-somenumber" matches dates of any recent crashes there. If they exist, then just zip a copy of it, and send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files - Jerry56/cth/dmp" as the email Subject.

But go ahead and run aswMBR please.
Reply With Quote
  #8  
Old May 10th, 2012, 03:16 AM
Jerry56 Jerry56 is offline
Senior Member
 
Join Date: Jul 2007
Posts: 941
Thumbs up

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-09 21:54:35
-----------------------------
21:54:35.687 OS Version: Windows 5.1.2600 Service Pack 3
21:54:35.687 Number of processors: 1 586 0x209
21:54:35.687 ComputerName: DELL-8144AC8668 UserName: Owner
21:54:36.203 Initialize success
21:54:36.375 AVAST engine defs: 12050900
21:54:44.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:54:44.609 Disk 0 Vendor: Maxtor_2F040L0 VAM51JJ0 Size: 39205MB BusType: 3
21:54:44.609 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
21:54:44.609 Disk 1 Vendor: Maxtor_86480D6 NAVX171F Size: 6149MB BusType: 3
21:54:44.640 Disk 0 MBR read successfully
21:54:44.656 Disk 0 MBR scan
21:54:44.656 Disk 0 Windows XP default MBR code
21:54:44.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39197 MB offset 63
21:54:44.656 Disk 0 scanning sectors +80276805
21:54:44.765 Disk 0 scanning C:\WINDOWS\system32\drivers
21:55:08.859 Service scanning
21:55:41.890 Modules scanning
21:55:56.218 Disk 0 trace - called modules:
21:55:56.250 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
21:55:56.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88bddab8]
21:55:56.265 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x88b73b00]
21:55:56.578 AVAST engine scan C:\WINDOWS
21:56:04.250 AVAST engine scan C:\WINDOWS\system32
21:59:17.984 AVAST engine scan C:\WINDOWS\system32\drivers
21:59:39.250 AVAST engine scan C:\Documents and Settings\Owner
22:05:24.031 AVAST engine scan C:\Documents and Settings\All Users
22:07:01.250 Scan finished successfully
22:07:28.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
22:07:28.500 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
Reply With Quote
  #9  
Old May 11th, 2012, 04:27 PM
Jerry56 Jerry56 is offline
Senior Member
 
Join Date: Jul 2007
Posts: 941
Thumbs up

aswMBR result is above and C:\windows\Minidump didn't have any file.
Reply With Quote
  #10  
Old May 12th, 2012, 12:58 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,513
You have CCleaner installed, which unfortunately is preset to delete dump files. Any chance you ran that recently?

No outright tougher malware shows so far.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

In Firefox, go to Help - Restart with Add-ons Disabled. In that "Firefox Safe Mode" display that opens, place checks next to the following, then click "Make changes and restart".

Reset toolbars and controls

Reset all user preferences to Firefox defaults

Restore default search engines

You can change those later to whatever you prefer, but for now, too many search hijackers have altered things there.

-------------

Then follow the steps here to reset Internet Explorer 8 back to it's default setting. Again just too many search hijacker etc. changes done to it.

------------

And although they shows there, and have likely been run recently, let's check with some follow-up scans.


Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.
Reply With Quote
  #11  
Old May 12th, 2012, 01:15 AM
Jerry56 Jerry56 is offline
Senior Member
 
Join Date: Jul 2007
Posts: 941
Thumbs up

How do i make the adjustment to the following :
1) Reset toolbars and controls. ?

2)Reset all user preferences to Firefox defaults.?

3) Restore default search engines.?
Reply With Quote
  #12  
Old May 12th, 2012, 01:43 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,513
The steps I posted should do all that.
Reply With Quote
  #13  
Old May 12th, 2012, 06:25 AM
Jerry56 Jerry56 is offline
Senior Member
 
Join Date: Jul 2007
Posts: 941
Thumbs up

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.06.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: DELL-8144AC8668 [administrator]

5/11/2012 9:10:54 PM
mbam-log-2012-05-11 (21-10-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205423
Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 943b0e8233237abfe66da1c07357e021 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I mess up with the eset scan
When i ran it 6 threats were found but for some reason when i click "list of found threats" it was not save.
I then ran it second time trying to find the threats again but it didn't show any.
Under " Quarantine" I found the following:
1) C:\Documents and settings\Owner\My Documents\Downloads\intunesmps3.exe
2) C:\Documents and settings\Owner\My Documents\Downloads\musicrockstar-768.exe
3) C:\Documents and settings\Owner\My Documents\Downloads\Softonic Downloader _for_123_free_Solitar...
4) C:\Ge\instacodecs-1290.exe
5) C:\System volume information\_restore(87764440-2F59-41EF-9183-5897467AB919)-RP145\A0037318....
6) F:\GF\dvdburning.exe
Reply With Quote
  #14  
Old May 13th, 2012, 12:51 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,513
You have to save the results of Eset as a text file. But the logs show various adware-bundled installers mostly, and no active infection. What problems are you still having we need to address yet please?
Reply With Quote
  #15  
Old May 13th, 2012, 01:00 AM
Jerry56 Jerry56 is offline
Senior Member
 
Join Date: Jul 2007
Posts: 941
Its still slow
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 09:31 AM.