Solved SAS is repeatedly finding Broken.FileAssociationh [1 items]

broni · 2011/06/05

Please, proceed in order.
Start with Java update, then OTL fix and so on.

broni · 2011/06/05

That's incorrect log.
You clicked on "Scan" button, instead of "Fix" button.

bellisimo · 2011/06/05

There is one more scan result I need to send. I did it before I noticed the java problem and have so many of these icons on me desktop. I'll have to run it again because it found threats on my secondary Erive. I forget which one it is. Can you please help me with this. It was the scan that scanned everything on both my hard drives and took about an hour. Can you tell me which one it is? Thank you.

bellisimo · 2011/06/05

It was the Eset scan. Do I need to do it with my Internet connection disabled?

bellisimo · 2011/06/05

Please disregard my previous question. I'll disconnect from the Internet to be sure.

broni · 2011/06/05

No.
Please, read my reply #24.
You posted incorrect OTL log.

bellisimo · 2011/06/05

Here is the properly done OTL fix log: Does this just leave the Eset scan?

All processes killed
========== OTL ==========
Error: No service named szserver was found to stop!
Service\Driver key szserver not found.
File C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e not found.
File C:\Documents and Settings\All Users.WINDOWS\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e not found.
File C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Application Data\j638u7q3443b5j not found.
File C:\Documents and Settings\All Users.WINDOWS\Application Data\j638u7q3443b5j not found.
Folder C:\Documents and Settings\All Users\Application Data\Alwil Software\ not found.
Folder C:\Documents and Settings\All Users\Application Data\STOPzilla!\ not found.
Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.BERT-0E6A4E71AA
->Temp folder emptied: 0 bytes

User: Administrator.BERT-143294EC7D
->Temp folder emptied: 0 bytes

User: Administrator.BERT-143294EC7D.000
->Temp folder emptied: 0 bytes

User: Administrator.BERT-143294EC7D.001
->Temp folder emptied: 0 bytes

User: Administrator.BERT-143294EC7D.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Bert Bell
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: Bert Bell.BERT-143294EC7D
->Temp folder emptied: 368 bytes
->Temporary Internet Files folder emptied: 381785 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: BERTBE~1~BER

User: Default User
->Temp folder emptied: 0 bytes

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38550 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.BERT-0E6A4E71AA

User: Administrator.BERT-143294EC7D

User: Administrator.BERT-143294EC7D.000

User: Administrator.BERT-143294EC7D.001

User: Administrator.BERT-143294EC7D.002
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Bert Bell

User: Bert Bell.BERT-143294EC7D
->Flash cache emptied: 0 bytes

User: BERTBE~1~BER

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06052011_221616

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2011/06/05

If you updated Java, yes.

bellisimo · 2011/06/05

I ran the Eset scan and it found two infections in my secondary hard drive E Drive. I'm pretty sure they are false positives. But when it finished there was only one option and that was to click on finish. When I did that, there was no log on my desktop that I can send you. What should I do?

I'm sorry if I've made a mistake. I appreciate all the work you've put into this.

There was no option to push List of found threats or Export to text file.

I'll run it again. I'm very sorry I must have not checked something I was supposed to.

broni · 2011/06/05

That's OK.

Try to run this one. It should be faster.

Please run a BitDefender Online Scan

Disable your antivirus program.

Click Start Scanner button.

Click Free scan now button

Allow browser plug-in to be installed when prompted.

Click I Agree to agree to the EULA.

Please refrain from using the computer until the scan is finished.

When the scan is finished, click on View report.

Notepad will open with scan results.

Save the report to your desktop and post its content in your next reply.

bellisimo · 2011/06/05

This is the ESETScan. I know these files and I'm sure they are harmles false positives.

E:\My Documents\Downloads\livesnooker_bq269.exe multiple threats
E:\My Documents\Sony Sound Forge\Crack\keygen.exe a variant of Win32/Keygen.AQ application

broni · 2011/06/05

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
E:\My Documents\Downloads\livesnooker_bq269.exe 
E:\My Documents\Sony Sound Forge\Crack\keygen.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

bellisimo · 2011/06/05

Here is the BitDefender Online Scan:

QuickScan Beta 32-bit v0.9.9.96
-------------------------------
Scan date: Mon Jun 06 00:45:22 2011
Machine ID: CCC7FBF2

No infection found.
-------------------

Processes
---------
ATI External Event Utility for Windows 300 C:\WINDOWS\system32\ati2evxx.exe
ATI External Event Utility for Windows 1476 C:\WINDOWS\system32\ati2evxx.exe
AVG Internet Security 3072 C:\Program Files\AVG\AVG10\avgam.exe
AVG Internet Security 760 C:\Program Files\AVG\AVG10\avgcsrvx.exe
AVG Internet Security 3744 C:\Program Files\AVG\AVG10\avgcsrvx.exe
AVG Internet Security 528 C:\Program Files\AVG\AVG10\avgfws.exe
AVG Internet Security 3140 C:\Program Files\AVG\AVG10\avgnsx.exe
AVG Internet Security 2920 C:\Program Files\AVG\AVG10\avgtray.exe
AVG Internet Security 548 C:\Program Files\AVG\AVG10\avgwdsvc.exe
AVG Internet Security 2716 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
AVG Internet Security 996 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
AVG Internet Security 2096 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
AVGIDSMonitor.exe 3684 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
Canon Camera Access Library 8 3024 C:\Program Files\Canon\CAL\CALMAIN.exe
Diskeeper (TM) Disk Defragmenter 608 C:\Program Files\Executive Software\Diskeeper\DkService.exe
Fighters 2576 C:\Program Files\Fighters\FighterSuiteService.exe
Java(TM) Platform SE 6 U25 992 C:\Program Files\Java\jre6\bin\jqs.exe
Messenger 3232 C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System 4480 C:\WINDOWS\system32\notepad.exe
Microsoft® Windows® Operating System 208 C:\WINDOWS\system32\spoolsv.exe
RealPlayer (32-bit) 2884 C:\Program Files\Real\RealPlayer\Update\realsched.exe
ReflectS Application 1696 C:\Program Files\Macrium\Reflect\ReflectService.exe
RichVideo Module 2064 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SPAMfighter 2872 C:\Program Files\Fighters\SPAMfighter\sfagent.exe
SPAMfighter 2492 C:\Program Files\Fighters\SPAMfighter\sfus.exe
(verified) Google Update 1260 C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Microsoft® Windows® Operating System 1776 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3960 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 1180 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 3200 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 1296 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 1284 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1496 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1920 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1720 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1584 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1604 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1876 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2548 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1236 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 680 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 1984 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 4360 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 5576 C:\Program Files\Internet Explorer\iexplore.exe

Network activity
----------------
Process iexplore.exe (5576) connected on port 80 (HTTP) --> 96.7.46.80
Process iexplore.exe (5576) connected on port 80 (HTTP) --> 96.7.46.80
Process iexplore.exe (5576) connected on port 80 (HTTP) --> 96.7.46.80
Process iexplore.exe (5576) connected on port 80 (HTTP) --> 96.7.46.107
Process iexplore.exe (5576) connected on port 80 (HTTP) --> 96.7.46.107
Process iexplore.exe (5576) connected on port 80 (HTTP) --> 96.7.46.107
Process iexplore.exe (5576) connected on port 80 (HTTP) --> 96.7.46.107
Process iexplore.exe (5576) connected on port 80 (HTTP) --> 74.125.226.83
Process iexplore.exe (5576) connected on port 80 (HTTP) --> 69.171.224.11
Process iexplore.exe (5576) connected on port 80 (HTTP) --> 74.125.226.74

Process DkService.exe (608) listens on ports: 31038
Process svchost.exe (1584) listens on ports: 135 (RPC)

Autoruns and critical files
---------------------------
ATI External Event Utility for Windows C:\WINDOWS\system32\ati2evxx.dll
AVG Internet Security C:\Program Files\AVG\AVG10\avgtray.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
QuickTime C:\Program Files\QuickTime\qttask.exe
RealPlayer (32-bit) C:\Program Files\Real\RealPlayer\Update\realsched.exe
RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe
SPAMfighter C:\Program Files\Fighters\SPAMfighter\sfagent.exe
SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
Adobe PDF Toolbar for IE c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
AVG Internet Security c:\program files\avg\avg10\avgssie.dll
AVG Security Toolbar C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Conduit Toolbar C:\Program Files\ConduitEngine\ConduitEngine.dll
Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
Java Deployment Toolkit 6.0.250.6 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U25 C:\Program Files\Java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U25 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java(TM) Platform SE 6 U25 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
RealNetworks(tm) RealPlayer Chrome Back C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
RealPlayer Download and Record Plugin C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
RealPlayer Version Plugin c:\program files\real\realplayer\Netscape6\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
RealPlayer(tm) G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll
RealPlayer(tm) HTML5VideoShim Plug-In ( C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll
(verified) Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Scan
----
MD5: c2591e7bcacbde2eb6d15cff5d7432be C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
MD5: e638c845403ab63112673a0c72c07789 C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
MD5: 0c316a33bbe35cd1097936393a177656 C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: feb19e3f7631088cb36b883a392f8d2e C:\Program Files\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu.dll
MD5: 61b1a2bbfc9bf4ae7fc5c6d845fcd87f C:\Program Files\AVG\AVG10\avgam.exe
MD5: e175a3a80d3626a3eb01a378d758df8c C:\Program Files\AVG\AVG10\avgcclix.dll
MD5: 1e9839fd8f51e4836a219abcbdcbea6b C:\Program Files\AVG\AVG10\avgcertx.dll
MD5: ac7e2d24a082bea90b3a884647fedff5 C:\Program Files\AVG\AVG10\avgcfgx.dll
MD5: db359d68d8b5d7e1c0a1961916bba905 C:\Program Files\AVG\AVG10\avgchclx.dll
MD5: 72f6bf24912bbca20c8a07277461c64f C:\Program Files\AVG\AVG10\avgchjwx.dll
MD5: 9efad1acc1f1e7cb3f495161f94854ff C:\Program Files\AVG\AVG10\avgchsvx.exe
MD5: 3ba76d87e531fde361574e32c3fa3b88 C:\Program Files\AVG\AVG10\avgclitx.dll
MD5: 440fc644e6906aa3dd660b580548fdcc C:\Program Files\AVG\AVG10\avgcorex.dll
MD5: 2fe694541c5d0d2a874ccc222bbfc7d0 C:\Program Files\AVG\AVG10\avgcsrvx.exe
MD5: 2f0c5ae2352f22b587edc2829c971262 C:\Program Files\AVG\AVG10\avgfws.exe
MD5: 199f9addb1c1e633169b9f6cb40d7724 C:\Program Files\AVG\AVG10\avglngx.dll
MD5: 3fa61ef87e49fface4ed58c4f1a98eb1 C:\Program Files\AVG\AVG10\avglogx.dll
MD5: 0da06277aa7f458211dfc59329949193 C:\Program Files\AVG\AVG10\avgnsx.exe
MD5: a5f0605634dd7f3a1b1564db021bc7c6 C:\Program Files\AVG\AVG10\avgrsx.exe
MD5: 6fbfa21869a09ede8f3a2427baebcbdb C:\Program Files\AVG\AVG10\avgse.dll
MD5: 76f5b96e8233f7676f7d32f794914115 c:\program files\avg\avg10\avgssie.dll
MD5: c6efbcf67f55041ee331203a59937676 C:\Program Files\AVG\AVG10\avgtbapi.dll
MD5: 140f771cada8724200434c39918f2ea0 C:\Program Files\AVG\AVG10\avgtray.exe
MD5: fc2bc51120a945f7c70376495e4e7737 C:\Program Files\AVG\AVG10\avgwdsvc.exe
MD5: 9dcab4627fa1e359a0b443bfde869d3e C:\Program Files\AVG\AVG10\avgxpl.dll
MD5: 37dff4cee590b6d081efe18fb2c377db C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
MD5: 350a0c2cc411a6b0982604c8893c3e93 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MD5: d9fa8d52b752f963cf9eacd2ec42e65e C:\Program Files\AVG\AVG10\imsdk32.dll
MD5: 208169e3dbbd83a1ed683f45594cabfe C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
MD5: 124d235185004f699faf115ebd85733e C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
MD5: 8ef654045e518ac00e52e7a1e2d3ad70 C:\Program Files\Canon\CAL\CALMAIN.exe
MD5: c1eb9968ec89fba5f3a264e2e57923ab C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
MD5: d6e20d676e78e73241ebad787195bc7c c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
MD5: f31208835709a62ecc5d45211d89c772 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: d85ccc817541fa8121790b19cfdcd35d C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: 13b19dd5ebeb6fddbd11dd77490a3585 C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 2a2935ce273513f881439d2feca78e51 C:\Program Files\Conduit\Community Alerts\Alert.dll
MD5: d9a0ce26ada5bd15b1b03a752ddf14a6 C:\Program Files\ConduitEngine\ConduitEngine.dll
MD5: 7311559324200f45218890b53b8eaa48 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
MD5: 513f2f17860214e3a2545fb5bc0afa35 C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: 981707626da8a85e32152e6c9a7f9dfd C:\Program Files\Executive Software\Diskeeper\1033\DkRes.dll
MD5: 2f650490f839ff117c6070beeac5f33b C:\Program Files\Executive Software\Diskeeper\DkLib.dll
MD5: e2afd2e1fe8f9360139fa4425eb72136 C:\Program Files\Executive Software\Diskeeper\DkService.exe
MD5: 1995b95feed15641d3663ce1e8cbe5f4 C:\Program Files\Executive Software\Diskeeper\DkTabProvider.dll
MD5: 1e51bd4c135ed53c3929df6aa48f01b9 C:\Program Files\Executive Software\Diskeeper\GetFATExtents.dll
MD5: 4a6e0621b0db7edb64f9099893c4436f C:\Program Files\Executive Software\Diskeeper\Tab.dll
MD5: aa74d4ec978e0e35fcb8108f4d2db16a C:\Program Files\Fighters\FighterSuiteService.exe
MD5: 443910cf50506833da0b0d28a086aa44 C:\Program Files\Fighters\SPAMfighter\core.dll
MD5: bf059e911b1046cf52954f2cb92bee36 C:\Program Files\Fighters\SPAMfighter\lazymail.dll
MD5: 5945ff26096aa0e2878297c75a78a46d C:\Program Files\Fighters\SPAMfighter\sfagent.exe
MD5: 88705be1566e8bdf5aea65ed690ee908 C:\Program Files\Fighters\SPAMfighter\sfoe0001.dll
MD5: 0f8db856cbcd993a59436c95af8f4574 C:\Program Files\Fighters\SPAMfighter\sfse.dll
MD5: 16e96c5e84e0e1572810baf5d4e6f05b C:\Program Files\Fighters\SPAMfighter\sfsg.dll
MD5: 062637f56696f6d9b6610da3ecd6fe5b C:\Program Files\Fighters\SPAMfighter\sfus.exe
MD5: 28dfb457a392e782baa80e780552a8f7 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: 070d588ceeb2f486a949a9b0895fc7b7 C:\Program Files\Google\Update\1.3.21.57\goopdate.dll
MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
MD5: 4b4a063542f603906d4a0cc5365475bd C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 2b08bde2472d6e422e48d0609d37e050 C:\Program Files\Internet Explorer\xpshims.dll
MD5: ec48890b04d283371dc2cadac40ad5b5 C:\Program Files\Java\jre6\bin\jp2ssv.dll
MD5: 11c3efb4bac41175d03b1595db1a4a4f C:\Program Files\Java\jre6\bin\jqs.exe
MD5: ed5394c852ae873d5a67e14e8049881d C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 0db5b013e0abcb6502f4cc9516872d29 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: 01535ff2e4f8df7b6fb8413ceecc4335 C:\Program Files\Macrium\Reflect\ReflectService.exe
MD5: 1365bb2a78db638870337422b54ddbac C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
MD5: 6f4a1768798fe5f6792eebb76fab9454 C:\Program Files\Messenger\msgsc.dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: a8e9027c3fc4eb12f8ed2badde4e0ed4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 700cc8a0ca98e056f7a951d0ab9f856b C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: 4e8238ca1046d97636e63abf173772cd C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 56b73e1adfd768e80369c4a2e68f35df C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
MD5: e7856c9b1ae2ded52c98e69497308083 C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe
MD5: 4e8238ca1046d97636e63abf173772cd c:\program files\real\realplayer\Netscape6\nppl3260.dll
MD5: 56b73e1adfd768e80369c4a2e68f35df c:\program files\real\realplayer\Netscape6\nprjplug.dll
MD5: e7856c9b1ae2ded52c98e69497308083 c:\program files\real\realplayer\Netscape6\nprpjplug.dll
MD5: b114db354d13a21c1ac2b1807ee2f500 C:\Program Files\Real\RealPlayer\Update\realsched.exe
MD5: fd8dcae8aae888d8bad0e6c2daaafb6d C:\Program Files\Real\RealUpgrade\realupgrade.exe
MD5: d617404d119b1db10366692447d8a648 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
MD5: ecd5517a6633826057d4f050927ddf56 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MD5: c1e85829f9392cf3b2766cbf849afb02 C:\Program Files\WinZip\WZCAB3.DLL
MD5: e59e43976b6712ceea1472293b72c5ab C:\Program Files\WinZip\wzshlex1.dll
MD5: 1cf44c567058d1bf7708da8beba7ca8a C:\Program Files\WinZip\wzshlstb.dll
MD5: 9efad1acc1f1e7cb3f495161f94854ff C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
MD5: a5f0605634dd7f3a1b1564db021bc7c6 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 632e0ce38fbcadeaae28077f4c9c45d5 C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: e1a1206a4fb19b675e947b29ccd25fba C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: fd62e257bf1a940415197fb964315ba6 C:\WINDOWS\system32\Ati2edxx.dll
MD5: 50d2bedfef6800a3b64f032a67053738 C:\WINDOWS\system32\ati2evxx.dll
MD5: 281d26df656e53dab568214ee282ec46 C:\WINDOWS\system32\ati2evxx.exe
MD5: 99614fbca72663859f97ec3461d6d6a8 C:\WINDOWS\system32\ati2sgag.exe
MD5: 6110008ab366b98c4c364dd155d8ff55 C:\WINDOWS\system32\atiadlxx.dll
MD5: f90349d713ff9da761465ea5fac105e0 C:\WINDOWS\system32\atipdlxx.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 7618d5218f2a614672ec61a80d854a37 C:\WINDOWS\System32\drivers\afd.sys
MD5: c2b6f2161abd498d2b453050ffc81812 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
MD5: 590724416c5a6aa6fbc1f8ee75131afc C:\WINDOWS\system32\drivers\AtiHdmi.sys
MD5: 0c5941af0b6bf2fdf378937392865217 C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
MD5: c403e7f715bb0a851a9dfae16ec4ae42 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
MD5: 1af676db3f3d4cc709cfab2571cf5fc3 C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
MD5: 4c51e233c87f9ec7598551de554bc99d C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
MD5: c3fc426e54f55c1cc3219e415b88e10c C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
MD5: 4e796d3d2c3182b13b3e3b5a2ad4ef0a C:\WINDOWS\system32\DRIVERS\avgldx86.sys
MD5: 5639de66b37d02bd22df4cf3155fba60 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
MD5: d1baf652eda0ae70896276a1fb32c2d4 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
MD5: aaf0ebcad95f2164cffb544e00392498 C:\WINDOWS\system32\DRIVERS\avgtdix.sys
MD5: c995c0e8b4503fac38793bb0236ad246 C:\WINDOWS\system32\DRIVERS\JGOGO.sys
MD5: 8f55efd8b7d99465c16d06b345d50ca9 C:\WINDOWS\system32\DRIVERS\jraid.sys
MD5: f43673d97b9df66999c3dfa6e538ef5b C:\WINDOWS\system32\DRIVERS\l151x86.sys
MD5: 0ea4d8ed179b75f8afa7998ba22285ca C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 52e5e76c927a44957de7e7671e1f7e35 C:\WINDOWS\system32\DRIVERS\pssnap.sys
MD5: cbddab14249b2f05407fc09ab8fffb88 C:\WINDOWS\system32\drivers\RtkHDAud.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 0414ac712b915d153bb3bbc0f7ba69c3 C:\WINDOWS\system32\EBPMON24.DLL
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: 170e5758469d83e269ced8aadf8b5b90 C:\WINDOWS\system32\gotomon.dll
MD5: 22a978e7fe5e3b35b42c7bc7c14e2875 C:\WINDOWS\system32\IEFRAME.dll
MD5: a082a9b4fa6802f83d60b67ccee908e2 C:\WINDOWS\system32\iepeers.dll
MD5: 590a6247d56a8420898e6c4de0983f5c C:\WINDOWS\system32\iertutil.dll
MD5: e106233b925adbe99cb26d548fc98def C:\WINDOWS\system32\inetcomm.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 57348ed5916cf4a8d55680b31a482b35 C:\WINDOWS\system32\Macromed\Flash\Flash10q.ocx
MD5: 5006b5dba7979cdc3481e24dd0c03802 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MD5: 6c320f6bbe8eec1cf43a04ce3cf71269 C:\WINDOWS\system32\msfeeds.dll
MD5: c2ef2335f1b6c2be20a67d9098f6c9a1 C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\System32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\System32\netshell.dll
MD5: 5e28284f9b5f9097640d58a73d38ad4c C:\WINDOWS\system32\notepad.exe
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: c1f032c90579b2f820af5f25206093aa C:\WINDOWS\System32\spool\PRTPROCS\W32X86\GoToPrintProcessor.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll
MD5: 5fa52d59734cef1e2f3943d67ce37125 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: f192d49eefe297fa858b2c774ba2291d C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 7facb452456ef5c053af3ee4b228fe0d C:\WINDOWS\system32\XPOB2RES.DLL
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll

No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.02 MB sent, 0.66 KB recvd
Scanned 583 files and modules - 15 seconds

==============================================================================

broni · 2011/06/05

I saw it already
Go ahead with my previous reply.

bellisimo · 2011/06/05

New OTL report:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.BERT-0E6A4E71AA
->Temp folder emptied: 0 bytes

User: Administrator.BERT-143294EC7D
->Temp folder emptied: 0 bytes

User: Administrator.BERT-143294EC7D.000
->Temp folder emptied: 0 bytes

User: Administrator.BERT-143294EC7D.001
->Temp folder emptied: 0 bytes

User: Administrator.BERT-143294EC7D.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Bert Bell
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: Bert Bell.BERT-143294EC7D
->Temp folder emptied: 187766 bytes
->Temporary Internet Files folder emptied: 5285178 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 566 bytes

User: BERTBE~1~BER

User: Default User
->Temp folder emptied: 0 bytes

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38550 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 103520 bytes

Total Files Cleaned = 5.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.BERT-0E6A4E71AA

User: Administrator.BERT-143294EC7D

User: Administrator.BERT-143294EC7D.000

User: Administrator.BERT-143294EC7D.001

User: Administrator.BERT-143294EC7D.002
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Bert Bell

User: Bert Bell.BERT-143294EC7D
->Flash cache emptied: 0 bytes

User: BERTBE~1~BER

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.23.0 log created on 06062011_005138

Files\Folders moved on Reboot...
C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temp\config.dat moved successfully.
File\Folder C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temp\~DFCE98.tmp not found!
File\Folder C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temp\~DFCEA5.tmp not found!
File\Folder C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temp\~DFCF13.tmp not found!
File\Folder C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temp\~DFCF20.tmp not found!
File\Folder C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temp\~DFCF52.tmp not found!
File\Folder C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temp\~DFCF5F.tmp not found!
C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temporary Internet Files\Content.IE5\6BGCKV6K\99234-active-sas-repeatedly-finding-broken-fileassociationh-1-items-3[1].html moved successfully.
C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

broni · 2011/06/06

That's step 1, but I don't see any log from OTL fix to remove these two files:
E:\My Documents\Downloads\livesnooker_bq269.exe
E:\My Documents\Sony Sound Forge\Crack\keygen.exe
You may want to remove them manually, if you don't want to re-run OTL.

bellisimo · 2011/06/06

Thanks you so much. I don't know if there were andy Trojans. Do you? Also, does this mean we are done?

bellisimo · 2011/06/06

I'll look for it. If I can't find it I'll run it again. It was pretty fast. I do know that it said I was clean, but I'd better do it again to be sure.

broni · 2011/06/06

You didn't have any trojans.

Going to bed, so when you're done with all final steps, give me a final word about your computer.

bellisimo · 2011/06/06

Thank you. Here's the OTL Report:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.BERT-0E6A4E71AA
->Temp folder emptied: 0 bytes

User: Administrator.BERT-143294EC7D
->Temp folder emptied: 0 bytes

User: Administrator.BERT-143294EC7D.000
->Temp folder emptied: 0 bytes

User: Administrator.BERT-143294EC7D.001
->Temp folder emptied: 0 bytes

User: Administrator.BERT-143294EC7D.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Bert Bell
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: Bert Bell.BERT-143294EC7D
->Temp folder emptied: 186062 bytes
->Temporary Internet Files folder emptied: 617423 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: BERTBE~1~BER

User: Default User
->Temp folder emptied: 0 bytes

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 37183 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.BERT-0E6A4E71AA

User: Administrator.BERT-143294EC7D

User: Administrator.BERT-143294EC7D.000

User: Administrator.BERT-143294EC7D.001

User: Administrator.BERT-143294EC7D.002
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Bert Bell

User: Bert Bell.BERT-143294EC7D
->Flash cache emptied: 0 bytes

User: BERTBE~1~BER

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.23.0 log created on 06062011_010606

Files\Folders moved on Reboot...
C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temp\config.dat moved successfully.
File\Folder C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temp\~DF2868.tmp not found!
File\Folder C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temp\~DF2875.tmp not found!
File\Folder C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temp\~DF28E3.tmp not found!
File\Folder C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temp\~DF28F8.tmp not found!
File\Folder C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temp\~DF2A12.tmp not found!
File\Folder C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temp\~DF2A1F.tmp not found!
C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temporary Internet Files\Content.IE5\TT8EUC3J\99234-active-sas-repeatedly-finding-broken-fileassociationh-1-items-3[1].html moved successfully.
C:\Documents and Settings\Bert Bell.BERT-143294EC7D\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Log in or Sign up

Solved SAS is repeatedly finding Broken.FileAssociationh [1 items]

broni Moderator Malware Analyst

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

bellisimo Well-Known Member Thread Starter

bellisimo Well-Known Member Thread Starter

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

bellisimo Well-Known Member Thread Starter

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved SAS is repeatedly finding Broken.FileAssociationh [1 items]

broni Moderator Malware Analyst

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

bellisimo Well-Known Member Thread Starter

bellisimo Well-Known Member Thread Starter

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

bellisimo Well-Known Member Thread Starter

broni Moderator Malware Analyst

bellisimo Well-Known Member Thread Starter

Share This Page

Useful Searches