1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Windows Update Blocked

Discussion in 'Malware and Virus Removal Archive' started by Aldakoopa, 2010/09/28.

Page 2 of 2
  1. 2010/09/29
    Aldakoopa

    Aldakoopa Inactive Thread Starter

    Joined:
    2010/09/28
    Messages:
    21
    Likes Received:
    0
    OTL Extras logfile created on: 9/29/2010 8:32:35 AM - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Chessie\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.96 Gb Total Space | 50.30 Gb Free Space | 33.77% Space Free | Partition Type: NTFS
    Drive D: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ALDAKOOPA
    Current User Name: Chessie
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1886:TCP" = 1886:TCP:*:Disabled:Genieo

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
    "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
    "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
    "C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
    "C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
    "C:\Program Files\Steam\SteamApps\common\star trek online\Star Trek Online.exe" = C:\Program Files\Steam\SteamApps\common\star trek online\Star Trek Online.exe:*:Enabled:Star Trek Online - Free Trial -- ()
    "C:\Program Files\Steam\SteamApps\common\bioshock\Builds\Release\Bioshock.exe" = C:\Program Files\Steam\SteamApps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:BioShock -- ()
    "C:\Program Files\Steam\SteamApps\common\fallout 3 goty\FalloutLauncher.exe" = C:\Program Files\Steam\SteamApps\common\fallout 3 goty\FalloutLauncher.exe:*:Enabled:Fallout 3 - Game of the Year Edition -- (Bethesda Softworks)
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
    "C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
    "C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
    "C:\Program Files\Ubisoft\XIII\system\XIII.exe" = C:\Program Files\Ubisoft\XIII\system\XIII.exe:*:Enabled:XIII -- ()
    "C:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
    "C:\Program Files\Steam\SteamApps\common\left 4 dead 2\srcds.exe" = C:\Program Files\Steam\SteamApps\common\left 4 dead 2\srcds.exe:*:Enabled:Left 4 Dead 2 Dedicated Server -- ()
    "C:\Program Files\Steam\SteamApps\common\left 4 dead 2\bin\SDKLauncher.exe" = C:\Program Files\Steam\SteamApps\common\left 4 dead 2\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead 2 Authoring Tools -- ()
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader -- (America Online, Inc.)
    "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Disabled:LimeWire -- (FrostWire Group)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
    "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
    "{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
    "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
    "{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
    "{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
    "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
    "{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate(TM) II - Throne of Bhaal (TM)
    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
    "{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
    "{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R)
    "{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
    "{DC1EBED4-B5A0-4F55-8B12-14CE39A8235B}" = TaxCut Standard + Efile 2008
    "{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
    "{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "3D Rad_is1" = 3D Rad v6.38
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AVG9Uninstall" = AVG Free 9.0
    "click_random_01" = click_random_01 Wallpaper
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
    "DoughnutScreensaver" = DoughnutScreensaver
    "EA Download Manager" = EA Download Manager
    "Google Desktop" = Google Desktop
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
    "InterActual Player" = InterActual Player
    "Keeper" = Dungeon Keeper
    "Lite-C" = Lite-C
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "marshyscreensaver" = marshyscreensaver
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
    "MS Access 97 SP2" = MS Access 97 SP2
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "PhoTagsExpress" = PhoTags Express
    "RealPlayer 6.0" = RealPlayer Basic
    "SearchAssist" = SearchAssist
    "SimCity 3000 Unlimited" = SimCity 3000 Unlimited
    "SpaghettiAndMeatballs" = SpaghettiAndMeatballs Screen Saver
    "Starcraft" = Starcraft
    "Steam App 22370" = Fallout 3 - Game of the Year Edition
    "Steam App 550" = Left 4 Dead 2
    "Steam App 560" = Left 4 Dead 2 Dedicated Server
    "Steam App 563" = Left 4 Dead 2 Authoring Tools
    "Steam App 564" = Left 4 Dead 2 Add-on Support
    "Steam App 7670" = BioShock
    "Steam App 9920" = Star Trek Online - Free Trial
    "SystemRequirementsLab" = System Requirements Lab
    "UnityWebPlayer" = Unity Web Player
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Extras" = Yahoo! Browser Services
    "Yahoo! Mail" = Yahoo! Internet Mail
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "Flux" = F.lux

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/28/2010 6:43:00 PM | Computer Name = ALDAKOOPA | Source = Application Error | ID = 1000
    Description = Faulting application , version 0.0.0.0, faulting module unknown, version
    0.0.0.0, fault address 0x0e99ed11.

    Error - 9/28/2010 7:22:52 PM | Computer Name = ALDAKOOPA | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid.

    Error - 9/28/2010 7:22:53 PM | Computer Name = ALDAKOOPA | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 9/28/2010 7:22:53 PM | Computer Name = ALDAKOOPA | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid.

    Error - 9/28/2010 7:22:53 PM | Computer Name = ALDAKOOPA | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 9/28/2010 7:51:49 PM | Computer Name = ALDAKOOPA | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

    Error - 9/28/2010 9:24:38 PM | Computer Name = ALDAKOOPA | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid.

    Error - 9/28/2010 9:24:39 PM | Computer Name = ALDAKOOPA | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 9/28/2010 9:24:39 PM | Computer Name = ALDAKOOPA | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid.

    Error - 9/28/2010 9:24:39 PM | Computer Name = ALDAKOOPA | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    [ System Events ]
    Error - 9/28/2010 8:00:17 PM | Computer Name = ALDAKOOPA | Source = Ftdisk | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
    a page file on the boot partition and that is large enough to contain all physical
    memory.

    Error - 9/28/2010 8:01:53 PM | Computer Name = ALDAKOOPA | Source = Service Control Manager | ID = 7022
    Description = The Automatic Updates service hung on starting.

    Error - 9/28/2010 11:12:54 PM | Computer Name = ALDAKOOPA | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 9/28/2010 11:12:55 PM | Computer Name = ALDAKOOPA | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2

    Error - 9/28/2010 11:13:09 PM | Computer Name = ALDAKOOPA | Source = Ftdisk | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.

    Error - 9/28/2010 11:13:09 PM | Computer Name = ALDAKOOPA | Source = Ftdisk | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
    a page file on the boot partition and that is large enough to contain all physical
    memory.

    Error - 9/28/2010 11:30:47 PM | Computer Name = ALDAKOOPA | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 9/28/2010 11:49:02 PM | Computer Name = ALDAKOOPA | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 9/29/2010 12:31:54 AM | Computer Name = ALDAKOOPA | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 9/29/2010 8:16:04 AM | Computer Name = ALDAKOOPA | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126


    < End of report >
     
    Aldakoopa,
    #21
  2. 2010/09/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm860OSUS&fl=0&ptb=mPNV0KBCiz9YZLuYc.H4sQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
FF - prefs.js..browser.search.defaultengine:  "Ask.com "
FF - prefs.js..browser.search.defaultenginename:  "Ask.com "
FF - prefs.js..keyword.URL:  "http://search.search-tab.com/?sid=10101058100&s= "
FF - user.js..keyword.URL:  "http://search.search-tab.com/?sid=10101058100&s= "
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Chessie\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O24 - Desktop Components:0 () - http://www.belfordhighschool.com/ima...rsespagebg.gif
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2008/09/12 19:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chessie\Application Data\Viewpoint


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
    broni,
    #22


  3. to hide this advert.

  4. 2010/09/29
    Aldakoopa

    Aldakoopa Inactive Thread Starter

    Joined:
    2010/09/28
    Messages:
    21
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Service SymIMMP stopped successfully!
    Service SymIMMP deleted successfully!
    File C:\WINDOWS\System32\DRIVERS\SymIM.sys not found.
    Service SymIM stopped successfully!
    Service SymIM deleted successfully!
    File C:\WINDOWS\System32\DRIVERS\SymIM.sys not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultUrl| /E : value set successfully!
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.defaultenginename
    Prefs.js: "http://search.search-tab.com/?sid=10101058100&s=" removed from keyword.URL
    C:\Documents and Settings\Chessie\Application Data\Mozilla\FireFox\Profiles\n2hmp2ey.default\user.js moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
    File http://www.belfordhighschool.com/ima...rsespagebg.gif not found.
    C:\WINDOWS\002713_.tmp deleted successfully.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3d.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dara.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dchs.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dcht.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dcsy.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3ddan.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3ddeu.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dell.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3deng.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3desm.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3desn.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dfin.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dfra.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dheb.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dhun.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dita.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3djpn.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dkor.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dnld.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dnor.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dplk.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dptb.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dptg.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3drus.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dsky.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dslv.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dsve.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dtha.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nv3dtrk.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcpl.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplara.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplchs.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplcht.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplcsy.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcpldan.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcpldeu.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplell.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcpleng.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplesm.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplesn.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplfin.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplfra.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplheb.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplhun.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplita.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcpljpn.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplkor.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplnld.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplnor.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplplk.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplptb.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplptg.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplrus.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplsky.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplslv.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcplsve.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcpltha.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvcpltrk.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdsp.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspara.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspchs.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspcht.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspcsy.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspdan.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspdeu.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspell.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspeng.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspesm.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspesn.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspfin.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspfra.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspheb.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdsphun.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspita.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspjpn.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspkor.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspnld.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspnor.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspplk.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspptb.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspptg.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdsprus.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspsky.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspslv.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdspsve.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdsptha.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvdsptrk.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmob.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobara.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobchs.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobcht.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobcsy.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobdan.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobdeu.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobell.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobeng.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobesm.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobesn.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobfin.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobfra.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobheb.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobhun.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobita.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobjpn.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobkor.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobnld.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobnor.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobplk.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobptb.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobptg.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobrus.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobsky.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobslv.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobsve.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobtha.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP\nvmobtrk.chm deleted successfully.
    C:\WINDOWS\NV35763980.TMP folder deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\Documents and Settings\Chessie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\Chessie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\Chessie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\Chessie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\Chessie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\Chessie\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\Chessie\Application Data\Viewpoint folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 2836 bytes

    User: All Users

    User: Chessie
    ->Temp folder emptied: 9315291 bytes
    ->Temporary Internet Files folder emptied: 444378 bytes
    ->Java cache emptied: 199574897 bytes
    ->FireFox cache emptied: 49328701 bytes
    ->Google Chrome cache emptied: 856432 bytes
    ->Flash cache emptied: 928053 bytes

    User: Default User
    ->Temp folder emptied: 49152 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 41620 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 2097286 bytes
    ->Flash cache emptied: 57842 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 18749 bytes
    ->Flash cache emptied: 99641 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1739004 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 535061 bytes
    RecycleBin emptied: 156329 bytes

    Total Files Cleaned = 253.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Chessie
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.14.1 log created on 09292010_181857

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    Aldakoopa,
    #23
  5. 2010/09/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on....
     
    broni,
    #24
  6. 2010/09/29
    Aldakoopa

    Aldakoopa Inactive Thread Starter

    Joined:
    2010/09/28
    Messages:
    21
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    AVG Free 9.0
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 21
    Adobe Flash Player 10.1.53.64
    Adobe Reader 9
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.5.6) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
    Aldakoopa,
    #25
  7. 2010/09/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Update Firefox

    2. Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button
     
    broni,
    #26
  8. 2010/09/29
    Aldakoopa

    Aldakoopa Inactive Thread Starter

    Joined:
    2010/09/28
    Messages:
    21
    Likes Received:
    0
    I was planning on installing and using Google Chrome again after this was cleared up. If it still doesn't work, then I'll update and continue using Firefox.
     
    Aldakoopa,
    #27
  9. 2010/09/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    All installed programs should be up to date, no matter, if you use them, or not.
    If you don't use Firefox, uninstall it.
     
    broni,
    #28
  10. 2010/09/29
    Aldakoopa

    Aldakoopa Inactive Thread Starter

    Joined:
    2010/09/28
    Messages:
    21
    Likes Received:
    0
    C:\Documents and Settings\Chessie\My Documents\My Music\random\Duke Ellington - Hit Me with a Hot Note and Watch Me Bounce.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Documents and Settings\Chessie\Shared\Foo Fighters - DOA.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Documents and Settings\Chessie\Shared\nver let you down verve pipe hot new track.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ftdisk.sys.vir Win32/Olmarik.ZC trojan
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000037.sys Win32/Olmarik.ZC trojan
     
    Aldakoopa,
    #29
  11. 2010/09/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    As you can see from the above scan, you have to be really careful, what you download.
    If you can't live without P2P programs, make sure, you scan EVERY SINGLE FILE, you download.

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL

:Services

:Reg

:Files
C:\Documents and Settings\Chessie\My Documents\My Music\random\Duke Ellington - Hit Me with a Hot Note and Watch Me Bounce.mp3 
C:\Documents and Settings\Chessie\Shared\Foo Fighters - DOA.mp3 
C:\Documents and Settings\Chessie\Shared\nver let you down verve pipe hot new track.mp3

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    Two other files will be cleared in our next step.

    =============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
    broni,
    #30
  12. 2010/09/29
    Aldakoopa

    Aldakoopa Inactive Thread Starter

    Joined:
    2010/09/28
    Messages:
    21
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Documents and Settings\Chessie\My Documents\My Music\random\Duke Ellington - Hit Me with a Hot Note and Watch Me Bounce.mp3 moved successfully.
    C:\Documents and Settings\Chessie\Shared\Foo Fighters - DOA.mp3 moved successfully.
    C:\Documents and Settings\Chessie\Shared\nver let you down verve pipe hot new track.mp3 moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Chessie
    ->Temp folder emptied: 936964 bytes
    ->Temporary Internet Files folder emptied: 1094470 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 7972167 bytes
    ->Flash cache emptied: 2222 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 12592864 bytes

    Total Files Cleaned = 22.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Chessie
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.14.1 log created on 09292010_205715

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    Aldakoopa,
    #31
  13. 2010/09/29
    Aldakoopa

    Aldakoopa Inactive Thread Starter

    Joined:
    2010/09/28
    Messages:
    21
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Chessie
    ->Temp folder emptied: 545 bytes
    ->Temporary Internet Files folder emptied: 35883 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 7089830 bytes
    ->Flash cache emptied: 343 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 7.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Chessie
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.14.1 log created on 09292010_210511

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    Aldakoopa,
    #32
  14. 2010/09/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on and give me some final word on your computer behavior.
     
    broni,
    #33
  15. 2010/09/29
    Aldakoopa

    Aldakoopa Inactive Thread Starter

    Joined:
    2010/09/28
    Messages:
    21
    Likes Received:
    0
    It is as good as new. Cleared up nearly 10% of useless files off my hard drive, Windows update works, Google Chrome works, the svchost in question is now only running at 4-5000K, and I'm not letting my wife/roommate use any torrents anymore.

    Thank you so much!
     
    Aldakoopa,
    #34
  16. 2010/09/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Hahahaha....

    Good news :)

    Good luck and stay safe :)
     
    broni,
    #35
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...