Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Laptop infected by ohtnoenriga.com

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My Laptop infected by ohtnoenriga.com

Unread postby tripleamp » April 20th, 2010, 9:48 am

My firefox and IE search browser like google brings me to ohtnoenriga.com and i am then redirected to some random site

appended below is my hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:05 AM, on 4/20/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mazlan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Fuyekgbjlh] rundll32 "C:\Users\Mazlan\AppData\Roaming\iscsiwmi1.dll",Xesod
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/re ... den-my.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66EA9E30-E666-4C7D-8159-5E604BC7FD40}: NameServer = 10.98.180.2,210.187.41.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{66EA9E30-E666-4C7D-8159-5E604BC7FD40}: NameServer = 10.98.180.2,210.187.41.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12114 bytes


Uninstall_list.txt

AC3Filter (remove only)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11
Advanced Audio FX Engine
Advanced Video FX Engine
AOL Install
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Browser Address Error Redirector
CamStudio Lossless Codec v1.4
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell Best of Web
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card Utility
Dell-eBay
Digital Line Detect
DivX Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
EDocs
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Lame ACM MP3 Codec
Laptop Integrated Webcam Driver (1.03.02.0719)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
OutlookAddinSetup
PowerDVD
QuickSet
QuickTime
RealPlayer
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Skype web features
Skype™ 4.1
Smart Menus (Windows Live Toolbar)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.16
WavePad Sound Editor
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
WinRAR archiver
Xvid 1.2.1 final uninstall
Yahoo! Messenger

APPRECIATE IT IF YOU COULD IDENTIFY MY PROBLEM.

TQ

tripleamp
tripleamp
Active Member
 
Posts: 6
Joined: April 20th, 2010, 9:35 am
Advertisement
Register to Remove

Re: My Laptop infected by ohtnoenriga.com

Unread postby MWR 3 day Mod » April 24th, 2010, 2:31 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: My Laptop infected by ohtnoenriga.com

Unread postby Dakeyras » April 25th, 2010, 7:35 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Hi tripleamp and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Scan with GMER:

Please download GMER Rootkit Scanner from here.

  • Right-click on the .exe file and select Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image

    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Scan with OTL:

  • Please download OTL and save it to your Desktop.
    Make sure that OTL.exe is on the your Desktop before running the application!
  • Close all other open windows, then right-click OTL.exe and select Run as Administrator to start the application.
  • Under Output, ensure that Minimal Output is selected.
  • Under the Standard Registry box change it to All
  • Check the following:
      Scan all users.
      Lop check.
      Purity check
  • Copy the text in the code box below and paste it into the Custom Scans/Fixes box:
    Code: Select all
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys 
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys 
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
  • Click Quick Scan in upper left of window.
  • When the scan is finished, two Notepad files will open:
      OTListIt.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these two Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Gmer Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: My Laptop infected by ohtnoenriga.com

Unread postby tripleamp » April 26th, 2010, 11:17 pm

How is my computer performing now?

After i follow all the instruction and check my laptop, it seems like it perform ok. I tried to search thru google using my firefox and it did not divert to other website.

My Gmer Log :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-26 22:36:24
Windows 6.0.6002 Service Pack 2
Running: 3t7r6fvk.exe; Driver: C:\Users\Mazlan\AppData\Local\Temp\uxryypod.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtCreateFile + 6 77A343DA 4 Bytes [28, 00, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtCreateFile + B 77A343DF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtMapViewOfSection + 6 77A34B2A 1 Byte [28]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtMapViewOfSection + 6 77A34B2A 4 Bytes [28, 03, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtMapViewOfSection + B 77A34B2F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtOpenFile + 6 77A34BBA 4 Bytes [68, 00, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtOpenFile + B 77A34BBF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtOpenProcess + 6 77A34C3A 4 Bytes [A8, 01, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtOpenProcess + B 77A34C3F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtOpenProcessToken + B 77A34C4F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtOpenProcessTokenEx + 6 77A34C5A 4 Bytes [A8, 02, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtOpenProcessTokenEx + B 77A34C5F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtOpenThread + 6 77A34CAA 4 Bytes [68, 01, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtOpenThread + B 77A34CAF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtOpenThreadToken + 6 77A34CBA 4 Bytes [68, 02, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtOpenThreadToken + B 77A34CBF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtOpenThreadTokenEx + B 77A34CCF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtQueryAttributesFile + 6 77A34D5A 4 Bytes [A8, 00, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtQueryAttributesFile + B 77A34D5F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtQueryFullAttributesFile + B 77A34E0F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtSetInformationFile + 6 77A352EA 4 Bytes [28, 01, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtSetInformationFile + B 77A352EF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtSetInformationThread + 6 77A3533A 4 Bytes [28, 02, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtSetInformationThread + B 77A3533F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtUnmapViewOfSection + 6 77A355DA 1 Byte [68]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtUnmapViewOfSection + 6 77A355DA 4 Bytes [68, 03, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[292] ntdll.dll!NtUnmapViewOfSection + B 77A355DF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtCreateFile + 6 77A343DA 4 Bytes [28, 00, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtCreateFile + B 77A343DF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtMapViewOfSection + 6 77A34B2A 1 Byte [28]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtMapViewOfSection + 6 77A34B2A 4 Bytes [28, 03, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtMapViewOfSection + B 77A34B2F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenFile + 6 77A34BBA 4 Bytes [68, 00, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenFile + B 77A34BBF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcess + 6 77A34C3A 4 Bytes [A8, 01, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcess + B 77A34C3F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessToken + B 77A34C4F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessTokenEx + 6 77A34C5A 4 Bytes [A8, 02, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessTokenEx + B 77A34C5F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThread + 6 77A34CAA 4 Bytes [68, 01, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThread + B 77A34CAF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadToken + 6 77A34CBA 4 Bytes [68, 02, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadToken + B 77A34CBF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadTokenEx + B 77A34CCF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryAttributesFile + 6 77A34D5A 4 Bytes [A8, 00, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryAttributesFile + B 77A34D5F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryFullAttributesFile + B 77A34E0F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationFile + 6 77A352EA 4 Bytes [28, 01, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationFile + B 77A352EF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationThread + 6 77A3533A 4 Bytes [28, 02, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationThread + B 77A3533F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtUnmapViewOfSection + 6 77A355DA 1 Byte [68]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtUnmapViewOfSection + 6 77A355DA 4 Bytes [68, 03, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtUnmapViewOfSection + B 77A355DF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtCreateFile + 6 77A343DA 4 Bytes [28, 00, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtCreateFile + B 77A343DF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtMapViewOfSection + 6 77A34B2A 1 Byte [28]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtMapViewOfSection + 6 77A34B2A 4 Bytes [28, 03, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtMapViewOfSection + B 77A34B2F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtOpenFile + 6 77A34BBA 4 Bytes [68, 00, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtOpenFile + B 77A34BBF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtOpenProcess + 6 77A34C3A 4 Bytes [A8, 01, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtOpenProcess + B 77A34C3F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtOpenProcessToken + B 77A34C4F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtOpenProcessTokenEx + 6 77A34C5A 4 Bytes [A8, 02, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtOpenProcessTokenEx + B 77A34C5F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtOpenThread + 6 77A34CAA 4 Bytes [68, 01, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtOpenThread + B 77A34CAF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtOpenThreadToken + 6 77A34CBA 4 Bytes [68, 02, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtOpenThreadToken + B 77A34CBF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtOpenThreadTokenEx + B 77A34CCF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtQueryAttributesFile + 6 77A34D5A 4 Bytes [A8, 00, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtQueryAttributesFile + B 77A34D5F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtQueryFullAttributesFile + B 77A34E0F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtSetInformationFile + 6 77A352EA 4 Bytes [28, 01, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtSetInformationFile + B 77A352EF 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtSetInformationThread + 6 77A3533A 4 Bytes [28, 02, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtSetInformationThread + B 77A3533F 1 Byte [E2]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtUnmapViewOfSection + 6 77A355DA 1 Byte [68]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtUnmapViewOfSection + 6 77A355DA 4 Bytes [68, 03, 0F, 00]
.text C:\Users\Mazlan\AppData\Local\Google\Chrome\Application\chrome.exe[5408] ntdll.dll!NtUnmapViewOfSection + B 77A355DF 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
tripleamp
Active Member
 
Posts: 6
Joined: April 20th, 2010, 9:35 am

Re: My Laptop infected by ohtnoenriga.com

Unread postby tripleamp » April 26th, 2010, 11:18 pm

My OTL.txt :

OTL logfile created on: 4/26/2010 10:49:38 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Mazlan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 62.25 Gb Free Space | 28.25% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.73 Gb Free Space | 57.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAZLAN-PC
Current User Name: Mazlan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Mazlan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)


========== Modules (SafeList) ==========

MOD - C:\Users\Mazlan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=3081007
IE - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/21 23:14:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/21 23:14:00 | 000,000,000 | ---D | M]

[2008/10/15 22:08:00 | 000,000,000 | ---D | M] -- C:\Users\Mazlan\AppData\Roaming\Mozilla\Extensions
[2010/04/25 11:48:06 | 000,000,000 | ---D | M] -- C:\Users\Mazlan\AppData\Roaming\Mozilla\Firefox\Profiles\wl6chap2.default\extensions
[2009/07/02 00:26:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mazlan\AppData\Roaming\Mozilla\Firefox\Profiles\wl6chap2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/23 22:11:38 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Mazlan\AppData\Roaming\Mozilla\Firefox\Profiles\wl6chap2.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/10/28 23:29:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Mazlan\AppData\Roaming\Mozilla\Firefox\Profiles\wl6chap2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/02/09 20:09:16 | 000,000,000 | ---D | M] -- C:\Users\Mazlan\AppData\Roaming\Mozilla\Firefox\Profiles\wl6chap2.default\extensions\moveplayer@movenetworks.com
[2010/04/21 23:14:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000..\Run: [Fuyekgbjlh] C:\Users\Mazlan\AppData\Roaming\iscsiwmi1.DLL ()
O4 - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Mazlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Mazlan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mazlan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\Shell\AutoPlay\command - "" = wscript.exe \manz_shidah.js
O33 - MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\Shell\Explore\command - "" = wscript.exe \manz_shidah.js -Clicked
O33 - MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\Shell\Open\command - "" = wscript.exe \manz_shidah.js
O33 - MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\Shell\Scan for Viruses\command - "" = wscript.exe \manz_shidah.js
O33 - MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\Shell\Scan with AVG\command - "" = wscript.exe \manz_shidah.js
O33 - MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\Shell\Scan with Norton AntiVirus\command - "" = wscript.exe \manz_shidah.js
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 22:46:39 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 90 Days ==========

[2010/04/26 22:46:26 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\Mazlan\Desktop\OTL.exe
[2010/04/26 22:37:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/21 19:25:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/04/21 19:25:01 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/04/21 19:25:01 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/04/21 19:25:01 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/04/21 19:25:01 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/04/21 19:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/04/21 19:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/20 20:02:58 | 000,000,000 | ---D | C] -- C:\Users\Mazlan\AppData\Local\CrashDumps
[2010/04/20 12:51:56 | 000,000,000 | ---D | C] -- C:\Users\Mazlan\AppData\Local\Adobe
[2010/04/20 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\Mazlan\AppData\Local\Apple Computer
[2010/04/20 12:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/04/20 12:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/04/20 00:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/04/12 10:04:51 | 000,000,000 | ---D | C] -- C:\Users\Mazlan\Office Genuine Advantage
[2010/04/12 08:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/04/02 19:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/03/25 21:37:13 | 000,000,000 | ---D | C] -- C:\Users\Mazlan\AppData\Roaming\Python-Eggs
[2010/03/17 18:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/03/08 13:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2010/03/02 14:16:04 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/02/06 22:51:01 | 000,000,000 | ---D | C] -- C:\My Music

========== Files - Modified Within 90 Days ==========

[2010/04/26 22:52:14 | 003,932,160 | -HS- | M] () -- C:\Users\Mazlan\NTUSER.DAT
[2010/04/26 22:47:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2112397957-2103889864-3715030320-1000UA.job
[2010/04/26 22:46:26 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Mazlan\Desktop\OTL.exe
[2010/04/26 22:42:09 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/26 22:42:09 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/26 22:42:09 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/26 22:38:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/26 22:37:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 22:37:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 22:37:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/26 22:37:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/26 22:37:27 | 398,289,118 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/26 22:11:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/25 22:05:38 | 000,524,288 | -HS- | M] () -- C:\Users\Mazlan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/04/25 22:05:38 | 000,065,536 | -HS- | M] () -- C:\Users\Mazlan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/04/25 18:47:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2112397957-2103889864-3715030320-1000Core.job
[2010/04/24 16:30:07 | 000,094,720 | ---- | M] () -- C:\Users\Mazlan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/24 00:56:12 | 003,431,424 | -H-- | M] () -- C:\Users\Mazlan\AppData\Local\IconCache.db
[2010/04/21 23:14:02 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/21 19:25:13 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/20 12:44:29 | 000,058,126 | ---- | M] () -- C:\Users\Mazlan\Desktop\firefoxbookmarks.html
[2010/04/20 09:29:33 | 000,001,876 | ---- | M] () -- C:\Users\Mazlan\Desktop\HijackThis.lnk
[2010/04/20 00:06:45 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/04/19 19:44:29 | 000,070,656 | RHS- | M] () -- C:\Users\Mazlan\AppData\Roaming\iscsiwmi1.dll
[2010/04/14 07:35:26 | 000,033,280 | ---- | M] () -- C:\Users\Mazlan\Documents\Profiles.doc
[2010/04/11 23:30:09 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/03/31 23:10:58 | 000,002,049 | ---- | M] () -- C:\Users\Mazlan\Desktop\Google Chrome.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/29 21:30:54 | 000,031,006 | ---- | M] () -- C:\Users\Mazlan\Desktop\US Company Database 2010.xlsx
[2010/03/29 20:17:24 | 000,025,088 | ---- | M] () -- C:\Users\Mazlan\Documents\JM PF.doc
[2010/03/26 23:31:19 | 000,085,888 | ---- | M] () -- C:\Users\Mazlan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/26 23:30:35 | 000,341,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/25 21:57:10 | 000,001,397 | ---- | M] () -- C:\Users\Mazlan\Desktop\DivX Movies.lnk
[2010/03/25 21:56:44 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/03/23 20:22:57 | 000,038,400 | ---- | M] () -- C:\Users\Mazlan\Desktop\Additional MIDA New York budget YAB PM visit to DC and NY 2010_230310.doc
[2010/03/23 20:12:36 | 000,030,720 | ---- | M] () -- C:\Users\Mazlan\Desktop\MIDA New York budget YAB PM visit to DC and NY 2010.doc
[2010/03/12 23:42:57 | 000,064,000 | ---- | M] () -- C:\Users\Mazlan\Desktop\CV_Azlilawati_Zakaria_2010.doc
[2010/03/11 18:47:14 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
[2010/03/08 13:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2010/03/02 14:16:04 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2010/04/26 22:37:27 | 398,289,118 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/21 23:14:02 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/21 19:25:13 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/20 12:44:29 | 000,058,126 | ---- | C] () -- C:\Users\Mazlan\Desktop\firefoxbookmarks.html
[2010/04/20 00:06:45 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/04/19 19:44:29 | 000,070,656 | RHS- | C] () -- C:\Users\Mazlan\AppData\Roaming\iscsiwmi1.dll
[2010/04/14 07:35:25 | 000,033,280 | ---- | C] () -- C:\Users\Mazlan\Documents\Profiles.doc
[2010/04/11 23:30:09 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/03/29 21:30:48 | 000,031,006 | ---- | C] () -- C:\Users\Mazlan\Desktop\US Company Database 2010.xlsx
[2010/03/28 21:37:25 | 000,025,088 | ---- | C] () -- C:\Users\Mazlan\Documents\JM PF.doc
[2010/03/25 21:56:44 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/03/23 20:21:32 | 000,038,400 | ---- | C] () -- C:\Users\Mazlan\Desktop\Additional MIDA New York budget YAB PM visit to DC and NY 2010_230310.doc
[2010/03/23 20:12:32 | 000,030,720 | ---- | C] () -- C:\Users\Mazlan\Desktop\MIDA New York budget YAB PM visit to DC and NY 2010.doc
[2010/03/12 23:42:56 | 000,064,000 | ---- | C] () -- C:\Users\Mazlan\Desktop\CV_Azlilawati_Zakaria_2010.doc
[2009/08/18 19:27:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/31 17:35:22 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/31 17:35:21 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/10/14 17:17:44 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/07 02:36:32 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/10/07 02:36:32 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/10/07 02:36:32 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/10/07 02:36:32 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/10/07 02:36:32 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/10/07 02:36:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/10/07 00:02:06 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/11/16 15:37:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ahook.dll

========== LOP Check ==========

[2008/12/27 22:10:02 | 000,000,000 | ---D | M] -- C:\Users\Mazlan\AppData\Roaming\NCH Swift Sound
[2010/03/25 21:42:09 | 000,000,000 | ---D | M] -- C:\Users\Mazlan\AppData\Roaming\Python-Eggs
[2008/10/18 21:29:58 | 000,000,000 | ---D | M] -- C:\Users\Mazlan\AppData\Roaming\tmp
[2010/04/07 21:06:47 | 000,000,000 | ---D | M] -- C:\Users\Mazlan\AppData\Roaming\uTorrent
[2010/04/25 22:05:48 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 22:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/10/07 02:29:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/10/07 02:29:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/10/07 02:29:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/09/06 12:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys
[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/06 12:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/06 12:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/09/06 12:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
[2007/03/21 13:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 22:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 22:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 22:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/20 22:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/07/03 09:42:04 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 07:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 07:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 07:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/02/18 10:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 07:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Mazlan\Documents\212333.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Mazlan\Documents\205526.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Mazlan\Documents\133439.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Mazlan\Documents\123716.avi:TOC.WMV
< End of report >
tripleamp
Active Member
 
Posts: 6
Joined: April 20th, 2010, 9:35 am

Re: My Laptop infected by ohtnoenriga.com

Unread postby tripleamp » April 26th, 2010, 11:19 pm

My Extra.txt

OTL Extras logfile created on: 4/26/2010 10:49:38 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Mazlan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 62.25 Gb Free Space | 28.25% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.73 Gb Free Space | 57.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAZLAN-PC
Current User Name: Mazlan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2112397957-2103889864-3715030320-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015D794F-33A7-4129-89F2-1C33AF19D890}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E3881F1D-1B8D-4855-AAD5-359E47E64979}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C1521F-01BC-4DAD-BB30-04678AC6E127}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{144944B1-BEA3-4282-85E4-F797DACC6559}" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{25464C42-5657-4F98-902C-CAD937123BB2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{28B6471A-5C18-4FDF-9E38-9461BC47B755}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{3A378D04-B044-487D-8D27-42249F39A6AD}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{3C6AACD0-784A-4A01-987B-D87A3F2C46F4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4AEEB1D8-6481-49B6-9D16-C1F0003868C9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4F0E58EA-F919-4C7C-BE04-54379601AFBB}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{4F94AE57-B05C-473D-8FE3-736587B9570B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6528D2BA-E60B-4477-9576-6C5EC2A4546D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C08A591-797D-4532-A231-74CF37F0F924}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{7C972274-FFAC-4755-8B0F-1131ACC85F01}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7F003019-CC0A-47DC-B690-E80E1208E1C8}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7F6A0A4F-9DF5-4309-8036-8B3E972F43B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A363A1CF-E163-4E64-A7E4-A2B9EBDF1E45}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A53DDED5-B90C-407E-B83C-D308FAED9946}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BE3649BC-4954-4C55-8607-54F3E08A4892}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{C158567C-435E-4029-94EB-ECFCE2B0D7BD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C39BF542-2AAF-453F-8AA9-A68807D893DA}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{C6458D8F-7745-4B7D-8D13-9747B0915BF2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CE08CF22-5171-4043-BE29-D9004B8C254B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E3E3D1D5-FC1C-4EF2-A99A-E09BB3EC8FA2}" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E88E57F5-A20F-4A83-82CD-5C8F8B63AFC2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF098D1B-A2E8-4D67-A5EB-FE2E0FD488D2}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"TCP Query User{12541907-8FE5-4B73-9841-1C3B562680BB}C:\program files\moovida\moovida.exe" = protocol=6 | dir=in | app=c:\program files\moovida\moovida.exe |
"TCP Query User{57794EC7-C6D9-4CD8-81C1-8D9F61E4CDB6}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A6EBE14C-DB59-4292-9360-42E4FA07D3AC}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{D634C372-CCD7-4CEB-A680-63141FFCC87F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{0AAB61FC-DB24-46D3-A48C-4A503E308228}C:\program files\moovida\moovida.exe" = protocol=17 | dir=in | app=c:\program files\moovida\moovida.exe |
"UDP Query User{1848C534-1AD7-4D3E-A0A1-66BF247C01DA}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{1CECD5F3-7FDE-4271-A7FD-1D9FEAC8B3F8}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{7CC80522-EE20-4C3E-8D08-4FF8244E21EC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"RealPlayer 12.0" = RealPlayer
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2112397957-2103889864-3715030320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2010 5:56:57 PM | Computer Name = Mazlan-PC | Source = Google Update | ID = 20
Description =

Error - 4/19/2010 8:57:23 PM | Computer Name = Mazlan-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3743 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1174 Start Time: 01cae01abb98cfb0 Termination Time: 211

Error - 4/19/2010 9:03:00 PM | Computer Name = Mazlan-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/19/2010 9:28:30 PM | Computer Name = Mazlan-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/20/2010 12:45:44 PM | Computer Name = Mazlan-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00066739, process id 0xfa8, application
start time 0x01cae09ea04c9320.

Error - 4/20/2010 12:56:02 PM | Computer Name = Mazlan-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/20/2010 2:18:08 PM | Computer Name = Mazlan-PC | Source = EventSystem | ID = 4621
Description =

Error - 4/20/2010 7:49:04 PM | Computer Name = Mazlan-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/20/2010 8:02:51 PM | Computer Name = Mazlan-PC | Source = Application Error | ID = 1000
Description = Faulting application Safari.exe, version 5.31.22.7, time stamp 0x4b8f94fa,
faulting module objc.dll, version 1.435.14.1, time stamp 0x4b7390a3, exception
code 0xc0000005, fault offset 0x00008374, process id 0x11a4, application start time
0x01cae0e43b266431.

Error - 4/21/2010 12:02:24 AM | Computer Name = Mazlan-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 6/2/2009 9:34:36 PM | Computer Name = Mazlan-PC | Source = DCOM | ID = 10016
Description =

Error - 6/4/2009 6:41:44 PM | Computer Name = Mazlan-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 6/5/2009 11:45:13 PM | Computer Name = Mazlan-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 6/7/2009 8:56:43 PM | Computer Name = Mazlan-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 6/10/2009 12:17:41 AM | Computer Name = Mazlan-PC | Source = DCOM | ID = 10010
Description =

Error - 6/10/2009 6:58:36 PM | Computer Name = Mazlan-PC | Source = HTTP | ID = 15016
Description =

Error - 6/10/2009 6:59:23 PM | Computer Name = Mazlan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/11/2009 7:29:50 PM | Computer Name = Mazlan-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 6/18/2009 11:16:22 PM | Computer Name = Mazlan-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 6/22/2009 7:24:25 PM | Computer Name = Mazlan-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
tripleamp
Active Member
 
Posts: 6
Joined: April 20th, 2010, 9:35 am

Re: My Laptop infected by ohtnoenriga.com

Unread postby Dakeyras » April 27th, 2010, 7:46 am

Hi. :)

After i follow all the instruction and check my laptop, it seems like it perform ok. I tried to search thru google using my firefox and it did not divert to other website.
OK and thanks for the update.

Reset Vista SP2 Firewall:

Click on Start(Vista Orb) >> Run... and cut/paste in the following and click on OK
Code: Select all
firewall.cpl
Or Start(Vista Orb) >> Control Panel >> Windows Firewall

Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK

Now click back on Change Settings again >> General >> and select On(recommended) >> Apply >> OK.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by right-clicking on the desktop icon and running in admin mode or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000..\Run: [Fuyekgbjlh] C:\Users\Mazlan\AppData\Roaming\iscsiwmi1.DLL ()
O15 - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2112397957-2103889864-3715030320-1000\..Trusted Ranges: GD ([http] in Local intranet)
O33 - MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\Shell\AutoPlay\command - "" = wscript.exe \manz_shidah.js
O33 - MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\Shell\Explore\command - "" = wscript.exe \manz_shidah.js -Clicked
O33 - MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\Shell\Open\command - "" = wscript.exe \manz_shidah.js
O33 - MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\Shell\Scan for Viruses\command - "" = wscript.exe \manz_shidah.js
O33 - MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\Shell\Scan with AVG\command - "" = wscript.exe \manz_shidah.js
O33 - MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\Shell\Scan with Norton AntiVirus\command - "" = wscript.exe \manz_shidah.js
[2010/04/20 12:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
2010/04/20 12:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/04/07 21:06:47 | 000,000,000 | ---D | M] -- C:\Users\Mazlan\AppData\Roaming\uTorrent
@Alternate Data Stream - 64 bytes -> C:\Users\Mazlan\Documents\212333.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Mazlan\Documents\205526.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Mazlan\Documents\133439.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Mazlan\Documents\123716.avi:TOC.WMV

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=dword:00000000
"AntiSpywareOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"VistaSp1"=hex(b):18,c8,d1,c6,d8,89,c8,01
"VistaSp2"=hex(b):5f,28,9f,1f,b5,de,c9,01
[-HKEY_USERS\S-1-5-21-2112397957-2103889864-3715030320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent]

:Commands
[ResetHosts]
[EmptyTemp]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform a Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • OTL Log.
  • Malwarebytes Anti-Malware Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: My Laptop infected by ohtnoenriga.com

Unread postby tripleamp » April 28th, 2010, 3:12 pm

1. How my laptop performing?
My laptop perform normal. When i search thru google using firefox and i click the result it did not divert to other website.


2. OTL log

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2112397957-2103889864-3715030320-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Fuyekgbjlh deleted successfully.
C:\Users\Mazlan\AppData\Roaming\iscsiwmi1.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-2112397957-2103889864-3715030320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2112397957-2103889864-3715030320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2186b07d-fafc-11dd-a915-00219beb7ebe}\ not found.
File wscript.exe \manz_shidah.js not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2186b07d-fafc-11dd-a915-00219beb7ebe}\ not found.
File wscript.exe \manz_shidah.js -Clicked not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2186b07d-fafc-11dd-a915-00219beb7ebe}\ not found.
File wscript.exe \manz_shidah.js not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2186b07d-fafc-11dd-a915-00219beb7ebe}\ not found.
File wscript.exe \manz_shidah.js not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2186b07d-fafc-11dd-a915-00219beb7ebe}\ not found.
File wscript.exe \manz_shidah.js not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2186b07d-fafc-11dd-a915-00219beb7ebe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2186b07d-fafc-11dd-a915-00219beb7ebe}\ not found.
File wscript.exe \manz_shidah.js not found.
C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\ProgramData\Norton\00000082\00000107\000003cc folder moved successfully.
C:\ProgramData\Norton\00000082\00000107 folder moved successfully.
C:\ProgramData\Norton\00000082 folder moved successfully.
C:\ProgramData\Norton folder moved successfully.
C:\Users\Mazlan\AppData\Roaming\uTorrent folder moved successfully.
ADS C:\Users\Mazlan\Documents\212333.avi:TOC.WMV deleted successfully.
ADS C:\Users\Mazlan\Documents\205526.avi:TOC.WMV deleted successfully.
ADS C:\Users\Mazlan\Documents\133439.avi:TOC.WMV deleted successfully.
ADS C:\Users\Mazlan\Documents\123716.avi:TOC.WMV deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"cval"|dword:00000001 /E : value set successfully!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\"AntiVirusOverride"|dword:00000000 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\"AntiSpywareOverride"|dword:00000000 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\"FirewallOverride"|dword:00000000 /E!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\"VistaSp1"|hex(b):18,c8,d1,c6,d8,89,c8,01 /E :invalid edit format. Invalid data type.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\"VistaSp2"|hex(b):5f,28,9f,1f,b5,de,c9,01 /E :invalid edit format. Invalid data type.
Registry key HKEY_USERS\S-1-5-21-2112397957-2103889864-3715030320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mazlan
->Temp folder emptied: 134591091 bytes
->Temporary Internet Files folder emptied: 756670034 bytes
->Java cache emptied: 10337 bytes
->FireFox cache emptied: 35366618 bytes
->Google Chrome cache emptied: 34364751 bytes
->Apple Safari cache emptied: 616443588 bytes
->Flash cache emptied: 454199 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2631386 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,507.00 mb


OTL by OldTimer - Version 3.2.3.0 log created on 04282010_145058

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


3. MBAM log

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4047

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

4/28/2010 3:07:04 PM
mbam-log-2010-04-28 (15-07-04).txt

Scan type: Quick scan
Objects scanned: 109630
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
tripleamp
Active Member
 
Posts: 6
Joined: April 20th, 2010, 9:35 am

Re: My Laptop infected by ohtnoenriga.com

Unread postby Dakeyras » April 28th, 2010, 7:44 pm

Hi. :)

My laptop perform normal. When i search thru google using firefox and i click the result it did not divert to other website.
Good to know!

Next:

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.

Now please go to Start(Vista orb) >> Control Panel >> Programs and Features and remove the following (if present):

Adobe Reader 9.1
Java(TM) 6 Update 17
Java(TM) 6 Update 5
Java(TM) 6 Update 7


To do so click once on each of the above and click on Uninstall/Change and follow the prompts.

New Adobe Reader Installation:

  • Go here and click on AdbeRdr930_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and right-click on AdbeRdr930_en_US.exe and select Run as Administrator to install.

New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to JDK 6 Update 20 (JDK or JRE). Click on Download JRE.
  • Select Windows from the drop-down list for Platform.
  • Check (tick) Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement box and click on Continue.
  • Click on jre-6u20-windows-i586.exe link to download it and save this to a convenient location.
  • Right-click on jre-6u20-windows-i586.exe and select Run as Administrator to install Java. Uncheck Carbonite online backup trial if it's offered there.

Run Kaspersky Online AV Scanner:

You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

This online tutorial will help explain how to use the aforementioned online scan.

When completed the above, please post back the following:

  • Inform myself how your computer is running. Any problems encountered and or further symptoms?
  • Kaspersky results.
  • A new HijackThis Log. <-- Remember to right-click on HijackThis.exe and select Run as Administrator.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: My Laptop infected by ohtnoenriga.com

Unread postby NonSuch » May 2nd, 2010, 3:42 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware