Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected please help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Infected please help

Unread postby olivia12345 » March 31st, 2011, 8:52 am

Yea the reason why our C drive is full is due to our system backup problems. The computer kept informing us of our limited space on our D drive which was affecting the backups, so we moved everything we had in our D drive into the C drive. This helped for a while, but once again those same messages kept popping up even though we could see that our disk space was more or less empty in the D drive. I can clean up some of the C drive, a lot of those files are old and we dont use half the programs. I will do this later on today.

The OTL logs are below:

========== COMMANDS ==========


OTL by OldTimer - Version 3.2.22.3 log created on 03312011_134813
olivia12345
Regular Member
 
Posts: 17
Joined: March 22nd, 2011, 4:06 am
Advertisement
Register to Remove

Re: Infected please help

Unread postby olivia12345 » March 31st, 2011, 8:52 am

OTL logfile created on: 31/03/2011 13:48:44 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Josy\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 3.46 Gb Free Space | 5.03% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 68.46 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Josy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 13:46:39 | 003,998,544 | ---- | M] (Spotify Ltd) -- C:\Program Files\Spotify\spotify.exe
PRC - [2011/03/31 09:26:37 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Josy\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011/03/30 13:38:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josy\Downloads\OTL.exe
PRC - [2011/03/24 09:47:33 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/05 09:41:42 | 003,313,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgmfapx.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/14 15:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/03/24 16:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/16 16:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 19:06:18 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/03/18 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/03/05 14:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/05 14:15:20 | 000,525,360 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/22 19:14:24 | 000,200,704 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/10 02:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008/01/04 11:21:36 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/12/20 19:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007/12/20 19:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/20 02:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/11/28 02:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/10 15:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/10/09 16:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/10/02 00:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/20 21:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/09/19 22:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2007/09/10 23:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/07 04:35:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/09/06 20:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/09/03 11:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/13 00:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/13 00:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2011/03/30 13:38:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josy\Downloads\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 10:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/03/05 14:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/20 19:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/20 02:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/28 02:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/10/02 00:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/20 21:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/09/19 22:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/09/10 23:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/07/13 00:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/05 01:15:08 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007/12/29 20:05:26 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/08/09 04:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 19:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 18:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/30 15:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/07/03 18:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/03/07 09:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007/01/30 06:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2262017195-3024611900-3053234445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2262017195-3024611900-3053234445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com/ [binary data]
IE - HKU\S-1-5-21-2262017195-3024611900-3053234445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/
IE - HKU\S-1-5-21-2262017195-3024611900-3053234445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2262017195-3024611900-3053234445-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2262017195-3024611900-3053234445-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.searchslate.com/wp.ashx?ref=home&id=170"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cba1ecc&v=6.103.018.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/05 09:30:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/03/25 17:43:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/30 09:10:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 09:47:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 09:47:36 | 000,000,000 | ---D | M]

[2008/11/24 12:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josy\AppData\Roaming\Mozilla\Extensions
[2009/11/26 18:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josy\AppData\Roaming\Mozilla\Firefox\Profiles\bvkafty8.default\extensions
[2011/03/31 09:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/13 14:57:08 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/03/31 09:09:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/05 09:30:18 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/03/30 09:10:17 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/03/25 17:43:56 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/03/31 09:09:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/23 08:56:35 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/02/23 08:56:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/02/23 08:56:37 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/02/23 08:56:37 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/03/31 09:24:40 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2262017195-3024611900-3053234445-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2262017195-3024611900-3053234445-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acer Tour Reminder] File not found
O4 - HKLM..\Run: [ALaunch] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2262017195-3024611900-3053234445-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\Josy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Risk/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/luxr/defaul ... uncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Risk/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Josy\Pictures\2010-08-06 olivia and ebay items\olivia and ebay items 015.JPG
O24 - Desktop BackupWallPaper: C:\Users\Josy\Pictures\2010-08-06 olivia and ebay items\olivia and ebay items 015.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/31 09:14:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/31 09:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/31 09:09:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/31 09:09:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/31 09:09:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/31 09:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/03/30 13:38:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/30 13:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/03/30 13:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/23 09:36:40 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/23 09:36:40 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/09 09:57:09 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 09:57:09 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 09:57:09 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 09:57:09 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/06 09:18:55 | 000,000,000 | ---D | C] -- C:\Users\Josy\Documents\Sony PMB
[2011/03/03 16:28:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/03/03 16:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/03/03 16:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011/03/03 16:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/03/03 16:08:43 | 000,000,000 | ---D | C] -- C:\Users\Josy\Documents\fix computer
[2011/03/03 14:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/03 14:37:44 | 000,000,000 | ---D | C] -- C:\Users\Josy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2008/08/17 07:24:53 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

========== Files - Modified Within 30 Days ==========

[2011/03/31 13:49:07 | 110,468,689 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/03/31 13:45:11 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/31 13:45:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/31 11:26:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/31 11:26:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/31 09:32:37 | 000,695,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/31 09:32:37 | 000,143,192 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/31 09:26:29 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/31 09:26:05 | 2136,981,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/31 09:24:40 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/03/31 09:09:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/03/31 09:09:04 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/31 09:09:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/31 09:09:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/30 13:37:40 | 000,000,917 | ---- | M] () -- C:\Users\Josy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/30 13:37:34 | 000,000,718 | ---- | M] () -- C:\Users\Josy\Desktop\ERUNT.lnk
[2011/03/30 09:10:18 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/03/24 15:23:32 | 000,000,680 | ---- | M] () -- C:\Users\Josy\AppData\Local\d3d9caps.dat
[2011/03/22 17:44:17 | 000,037,376 | ---- | M] () -- C:\Users\Josy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/09 14:57:59 | 000,002,521 | ---- | M] () -- C:\Users\Josy\Desktop\HiJackThis.lnk
[2011/03/03 16:28:27 | 244,824,096 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/03 16:17:11 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/03/03 16:05:24 | 000,000,000 | ---- | M] () -- C:\Users\Josy\defogger_reenable
[2011/03/03 14:21:54 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/03/30 13:37:40 | 000,000,917 | ---- | C] () -- C:\Users\Josy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/30 13:37:34 | 000,000,718 | ---- | C] () -- C:\Users\Josy\Desktop\ERUNT.lnk
[2011/03/03 16:28:27 | 244,824,096 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/03/03 16:17:11 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/03/03 16:05:24 | 000,000,000 | ---- | C] () -- C:\Users\Josy\defogger_reenable
[2011/03/03 14:37:44 | 000,002,521 | ---- | C] () -- C:\Users\Josy\Desktop\HiJackThis.lnk
[2011/02/13 15:00:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/26 15:59:00 | 000,000,000 | ---- | C] () -- C:\Users\Josy\AppData\Local\prvlcl.dat
[2010/04/17 18:14:45 | 000,009,500 | -HS- | C] () -- C:\Users\Josy\AppData\Local\K5OjaYgo0v
[2010/04/17 18:14:45 | 000,009,500 | -HS- | C] () -- C:\ProgramData\K5OjaYgo0v
[2009/10/20 18:55:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 18:55:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/11 19:29:10 | 000,000,680 | ---- | C] () -- C:\Users\Josy\AppData\Local\d3d9caps.dat
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/17 20:17:42 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2009/04/17 20:17:42 | 000,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2009/01/12 22:05:53 | 000,000,000 | ---- | C] () -- C:\Users\Josy\AppData\Roaming\Sampler Files
[2009/01/12 21:49:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
[2009/01/12 20:52:43 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2008/11/26 07:30:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/20 19:54:22 | 000,037,376 | ---- | C] () -- C:\Users\Josy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/20 01:29:17 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2008/11/20 01:25:32 | 000,001,040 | ---- | C] () -- C:\Users\Josy\AppData\Roaming\wklnhst.dat
[2008/08/17 07:54:48 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/08/17 07:54:43 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/08/17 07:24:53 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/03/18 15:50:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/17 19:42:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/03/17 19:36:06 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/03/17 19:13:52 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/03/17 18:44:13 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/03/17 18:44:13 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/03/17 18:44:12 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/03/17 18:44:12 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/03/17 18:40:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,393,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,695,412 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,143,192 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/11/25 16:10:41 | 000,000,000 | -HSD | M] -- C:\Users\Josy\AppData\Roaming\.#
[2008/03/17 20:07:57 | 000,000,000 | ---D | M] -- C:\Users\Josy\AppData\Roaming\Acer GameZone Console
[2011/02/05 09:30:07 | 000,000,000 | ---D | M] -- C:\Users\Josy\AppData\Roaming\AVG10
[2009/04/17 18:45:44 | 000,000,000 | ---D | M] -- C:\Users\Josy\AppData\Roaming\Blitware
[2009/01/13 12:12:28 | 000,000,000 | ---D | M] -- C:\Users\Josy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/28 21:07:41 | 000,000,000 | ---D | M] -- C:\Users\Josy\AppData\Roaming\InterTrust
[2009/01/01 15:17:17 | 000,000,000 | ---D | M] -- C:\Users\Josy\AppData\Roaming\iWin
[2009/04/14 20:52:34 | 000,000,000 | ---D | M] -- C:\Users\Josy\AppData\Roaming\Leadertech
[2009/01/12 22:05:22 | 000,000,000 | ---D | M] -- C:\Users\Josy\AppData\Roaming\Nikon
[2009/01/01 21:16:16 | 000,000,000 | ---D | M] -- C:\Users\Josy\AppData\Roaming\SpinTop
[2011/03/31 13:46:42 | 000,000,000 | ---D | M] -- C:\Users\Josy\AppData\Roaming\Spotify
[2008/11/20 01:25:42 | 000,000,000 | ---D | M] -- C:\Users\Josy\AppData\Roaming\Template
[2011/03/31 09:25:16 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:6B803FAA
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:F59BA980
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3F2F06F2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7715B65F
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3E7393FC

< End of report >
olivia12345
Regular Member
 
Posts: 17
Joined: March 22nd, 2011, 4:06 am

Re: Infected please help

Unread postby Gary R » March 31st, 2011, 9:06 am

Doesn't look as if OTL has removed your excess SR points, so let's do it manually.

  • Click Start
  • In the Search programs and files box type Disk
  • At the top of the list of objects found you'll find Disk Cleanup
  • Clicking on this will start the inbuilt Disk Cleanup utility, which will scan your computer for files that can be removed.
  • When it's finished click on Clean up System Files
  • The utility will scan again and then re-open.
  • Click on the More options tab ...
  • Under the System Restore and Shadow copies section click Clean Up
  • You will be prompted as to whether you want to delete all but the most recent RP, click Delete
  • Now in the main box click OK
  • You will be prompted whether you want to permanently delete the files, click Delete Files
  • The utility will now delete all but your most recent SR point.


Now re-boot your computer.

Next, re scan with OTL and post me just the title block section from the new scan .......

Example ....

OTL logfile created on: 31/03/2011 13:48:44 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Josy\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 3.46 Gb Free Space | 5.03% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 68.46 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Josy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected please help

Unread postby olivia12345 » March 31st, 2011, 10:07 am

OTL logfile created on: 31/03/2011 15:00:22 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Josy\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 5.99 Gb Free Space | 8.72% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 68.46 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Josy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
olivia12345
Regular Member
 
Posts: 17
Joined: March 22nd, 2011, 4:06 am

Re: Infected please help

Unread postby Gary R » March 31st, 2011, 3:03 pm

That looks better.

Obviously you'll still need to remove as many excess files from your machine as you can, to achieve the necessary 15% headroom on your C:\ drive, but you now have almost 9% which is better than it was.

As far as I've been able to see your problems are not Malware related, since most of what we've found are only really orphans I've seen no signs of any full blown infections.

Time to remove the programs we've been using to investigate your computer, then I'll make a few recommendations about security ....

First

Let's clear out OTL and the files and folders it created. This will also remove TDSSKiller and its associated files.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Next

ERUNT can be removed using Control Panel > Programs > Uninstall a program

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

If your computer is running slowly after your clean up, please read.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected please help

Unread postby olivia12345 » April 1st, 2011, 3:49 am

That's great news. Thank you very much for all your help hope we haven't been too much of a waste of time for you.

Thanks.
olivia12345
Regular Member
 
Posts: 17
Joined: March 22nd, 2011, 4:06 am

Re: Infected please help

Unread postby Gary R » April 1st, 2011, 11:09 am

You're welcome, glad we could help. :)

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware